From owner-freebsd-doc@FreeBSD.ORG Fri Jun 22 16:00:23 2012 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 841C61065696 for ; Fri, 22 Jun 2012 16:00:23 +0000 (UTC) (envelope-from erich@alogreentechnologies.com) Received: from alogreentechnologies.com (alogreentechnologies.com [67.212.224.110]) by mx1.freebsd.org (Postfix) with ESMTP id 740218FC0A for ; Fri, 22 Jun 2012 16:00:18 +0000 (UTC) Received: from x220.ovitrap.com ([122.129.201.75]) (authenticated bits=0) by alogreentechnologies.com (8.13.1/8.13.1) with ESMTP id q5MFxZeO000633; Fri, 22 Jun 2012 09:59:47 -0600 From: Erich Dollansky Organization: ALO Green Technologies To: freebsd-doc@freebsd.org, RetspaN Code Date: Fri, 22 Jun 2012 22:59:33 +0700 User-Agent: KMail/1.13.7 (FreeBSD/10.0-CURRENT; KDE/4.8.3; amd64; ; ) References: <1340379530.49640.YahooMailNeo@web190402.mail.sg3.yahoo.com> In-Reply-To: <1340379530.49640.YahooMailNeo@web190402.mail.sg3.yahoo.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <201206222259.34058.erich@alogreentechnologies.com> Cc: Subject: Re: I have a problem to my server running under FreeBSD 8.1 p-1 release X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 16:00:23 -0000 Hi, I think that the best advice is that you take a fresh install media and mak= e a=20 fresh install as you are not in control of the machine anymore. Erich On Friday 22 June 2012 22:38:50 RetspaN Code wrote: > Hello FreeBSD, >=20 > I have a problem to my server. >=20 > I'm running FreeBSD 8.1 p-1 release >=20 > When freebsd got a vulnerable called OpenSSL multiple vulnerabilities i g= et > my server reboot and shutdown many times. when i check the log on wtmp i > found user and use root login thru terminal, it looks like this: >=20 ~^@^@^@^@^@^@^@reboot^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@=D0 >=20 =ED=C9Lttyv0^@^@^@root^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^= @^@ >=20 > and intruder load their exploit due to my server vulnerable of openssl but > i did patch it but already late coz the intruder already load their > exploit. and users start to reboot and shutdown my server everytime i up. > then user also delete my /home/files. and now i get this last problem. > specially when running application psybnc it auto crash and auto kill the > process. >=20 > [root@CyberTech /usr/src]# fetch > http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch fetch: > http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch: Permission > denied [root@CyberTech /usr/src]# >=20 > I got this error. >=20 > Heres my current process: >=20 > [root@CyberTech /usr/src]# ps x > PID TT STAT TIME COMMAND > 0 ?? DLs 143:51.96 [kernel] > 1 ?? SLs 0:28.75 /sbin/init -- > 2 ?? DL 2:49.23 [g_event] > 3 ?? DL 32:31.52 [g_up] > 4 ?? DL 27:26.45 [g_down] > 5 ?? DL 0:00.01 [sctp_iterator] > 6 ?? DL 0:00.00 [xpt_thrd] > 7 ?? DL 16:27.57 [pagedaemon] > 8 ?? DL 0:00.00 [vmdaemon] > 9 ?? DL 0:00.04 [pagezero] > 10 ?? DL 0:00.00 [audit] > 11 ?? RL 91515:47.03 [idle] > 12 ?? WL 918:54.59 [intr] > 13 ?? DL 11:18.45 [yarrow] > 14 ?? DL 0:49.58 [usb] > 15 ?? DL 0:45.70 [acpi_thermal] > 16 ?? DL 0:13.93 [bufdaemon] > 17 ?? DL 41:59.16 [syncer] > 18 ?? DL 0:25.69 [vnlru] > 19 ?? DL 0:15.91 [softdepflush] > 20 ?? DL 1:50.31 [flowcleaner] > 112 ?? Is 0:00.00 adjkerntz -i > 2046 ?? Is 0:00.04 /sbin/devd > 2233 ?? DL 0:01.48 [accounting] > 2256 ?? Ss 13:51.56 /usr/local/sbin/syslog-ng -p /var/run/syslog.pid > 2608 ?? Ss 2:54.56 /usr/bin/perl > /usr/local/lib/webmin-1.580/miniserv.pl > /usr/local/etc/webmin/miniserv.conf (perl5.10.1) 2707 ?? Ss 0:08.02 > /usr/sbin/cron -s > 2718 ?? Is 0:00.27 /usr/local/bin/portsentry -tcp > 2720 ?? Is 0:00.00 /usr/local/bin/portsentry -udp > 44606 ?? Is 0:04.40 /usr/local/sbin/oidentd -C > /usr/local/etc/oidentd.conf 79728 ?? Is 0:00.01 /usr/sbin/sshd -u0 > 85824 ?? Ss 0:00.70 sshd: root@pts/13 (sshd) > 4756 v0 Is+ 0:00.01 /usr/libexec/getty Pc ttyv0 > 4757 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1 > 4758 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2 > 4759 v3 Is+ 0:00.01 /usr/libexec/getty Pc ttyv3 > 4760 v4 Is+ 0:00.01 /usr/libexec/getty Pc ttyv4 > 4761 v5 Is+ 0:00.01 /usr/libexec/getty Pc ttyv5 > 4762 v6 Is+ 0:00.01 /usr/libexec/getty Pc ttyv6 > 4763 v7 Is+ 0:00.01 /usr/libexec/getty Pc ttyv7 > 85841 13 Is 0:00.05 -csh (csh) > 87998 13 S 0:00.04 bash > 88267 13 R+ 0:00.00 ps x > [root@CyberTech /usr/src]# >=20 > Can you help me to fix and how to repair my server to avoid crash and > getting an error "Error Creating Socket" >=20 > Please help me Sir, Thanks! >=20 >=20 > Regards, >=20 > FredFoxs > _______________________________________________ > freebsd-doc@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-doc > To unsubscribe, send any mail to "freebsd-doc-unsubscribe@freebsd.org"