From: "Vladimir I. Kulakov" <kulakov@kudesniki.ru> To: "CrazZzy Slash" <slash@krsu.edu.kg> Cc: <freebsd-security@freebsd.org> Subject: Re: "snmp.sample" in /usr/local/etc/rc.d/ Message-ID: <20000821081020Z277228-23170%2B34169@ajax2.sovam.com>
next in thread | raw e-mail | index | archive | help
> Hi! > > Can you send me your /tmp/install.log? There is no such file !!! :--( Do you think it was deleted by a hacker? > > Hi, all ! > > > > I've just moved my server from FreeBSD 2.2.5 to 4.0 due > > to total hardware upgrade and many security holes. > > > > After upgrade I've mounted the hard disk from the previous > > mashine and moved all user's data from /usr/home/ from it > > to the new hard disk. The new mashine had new root > > password, of course. > > > > But at the next day after upgrade I've suddenly noticed > > two new scripts in /usr/local/etc/rc.d/ which intended to > > start at every bootup process and which I've never installed. > > > > Moreover, at the /usr/local/sbin/ there two more > > files appeared (snmpd and the second something like this). > > I've never installed snmp on that mashine and mtree > > tells me such files never existed there. > > > > In the log files there are nothing special. > > > > The new system was installed from a "clear" > > distribution. > > > > Was this a troyan programs? How can I check > > my server for such security holes? And how > > such programs could be installed? > > > > May be my mistake was mounting my old disk with > > securigy holes then working connected to the Internet ? > > But how the hacker could execute programs even > > from insecure disk on a secure mashine? > > > > Help me, please !!! > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000821081020Z277228-23170%2B34169>