Date: Wed, 1 May 2002 07:33:59 -0700 (PDT) From: SolarfluX <solarflux@ziplip.com> To: security@freebsd.org Subject: Re: newbie. possibly got hacked. need help. Message-ID: <4RNNROPZ2AD5GUD011DZYAWWVNPY0XVLBID3MB2E@ziplip.com>
next in thread | raw e-mail | index | archive | help
To see what's eating up space in your /var, try this as root (in /var, of course): du -Ha or du -Hah Run it several times to see if any numbers are increasing (maybe output the results to different files and then 'diff' them). Then use 'lsof' to see what's writing to the suspect location(s). You'll have to 'man lsof' to figure out the best output for your needs. This may not be an optimal method, but should get you headed in the right direction. BTW, phantasia is usually installed by default (depending on what type of nstallation you did), look in /usr/games for the rest. There is no 'pretty much turned off'... Either it's on or off. Don't run FTP, use SCP or SFTP. Use a portscanner to see what ports your system is advertising. > -----Original Message----- > From: Chest Rockwell [mailto:cdgaming@msn.com] > Sent: Tuesday, April 30, 2002, 9:18 PM > To: security@freebsd.org > Subject: newbie. possibly got hacked. need help. >> > i have everything pretty much turned off except for ftp. anon ftp is off > tho. i tried to add a user and it said that the partition was full. i do > have a cron job stats program running. > > /dev/ad0s1e 257998 257822 -20462 109% /var > > i found a /var/games/phantasia and a couple other dirs in there. i can't > seem to locate the files that are filling that partition. as i try to > locate anything to tell me if i was really hacked or not, i do 'df' again > and my var dir is down to 10%. > > any idea why? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4RNNROPZ2AD5GUD011DZYAWWVNPY0XVLBID3MB2E>