Date: Thu, 6 Feb 1997 16:43:25 -0500 (EST) From: Dev Chanchani <dev@trifecta.com> To: Ricardo Kleemann <ricardo@americasnet.com> Cc: FreeBSD ISP list <freebsd-isp@FreeBSD.ORG> Subject: Re: hacking - help Message-ID: <Pine.BSF.3.91.970206164208.18062B@www.trifecta.com> In-Reply-To: <Pine.LNX.3.95.970205072232.1101A-100000@irvine.americasnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ricardo, Make sure your shell for the ftp users is set to something like /bin/date, etc so they cannot login to the account. Also, make sure the ftp home directory is not writtable. Other than that, look for ftpd.core files (perhaps a buffer overflow in ftp allowing a user to get a shell through ftp)? Did you notice any other details? Regards, Dev Chanchani Trifecta Interactive On Wed, 5 Feb 1997, Ricardo Kleemann wrote: > Hi, > > Today I noticed someone was logged into my freebsd machine, as user ftp. > I immediately killed the shell and saw that soon he was back in. > > I then just made sure ftp had no shell, in hopes he wont be able to get > in. > > But, the real question is, what hole must I plug to prevent this? Is there > a known hole where someone can log in as ftp and gain root access? > > Thank God, it seems no damage was done (I hope! I haven't noticed anything > other than wtmp was erased). > > Also, does freebsd support host.allow and host.deny? I didn't see those > files in /etc and there was no man page > > Thanks for any help! > Ricardo >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970206164208.18062B>