From owner-freebsd-isp  Mon Oct 28 08:01:33 1996
Return-Path: owner-isp
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA03571
          for isp-outgoing; Mon, 28 Oct 1996 08:01:33 -0800 (PST)
Received: from radio.nwpros.com (nwpros.com [205.229.128.214])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA03564
          for <freebsd-isp@freebsd.org>; Mon, 28 Oct 1996 08:01:29 -0800 (PST)
Received: from rickbox.nwpros.com (rickbox.nwpros.com [205.229.128.217]) by radio.nwpros.com (8.6.12/8.6.12) with SMTP id KAA20336 for <freebsd-isp@freebsd.org>; Mon, 28 Oct 1996 10:02:53 -0600
Message-Id: <1.5.4.32.19961028161211.00687244@nwpros.com>
X-Sender: rickg@nwpros.com
X-Mailer: Windows Eudora Light Version 1.5.4 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 28 Oct 1996 10:12:11 -0600
To: freebsd-isp@freebsd.org
From: Rick Gray <rickg@nwpros.com>
Subject: Hacker solution
Sender: owner-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I wish to thank everyone for such a quick response for my problem. As I have
stated before, the FreeBSD community is one of the best to keep each other
informed and offer help to others.

I finally deleted the hidden file by using the "" marks. I then changed
permissions on the pub directory to read only. I checked my logins and had
at one time over 12 people trying to download the pirated proogram....it was
nothing more than a game by the way. I guess the pirateer realized that I
had caught them and informed their buddies, probably on IRC since there was
a suddden rash of trying to downlaod the program.

Now I know its sounded strange but somehow while the hackers were logged
into FTP, no one else could use FTP. Everyone was getting permission denied
messages. After I deleted the file, FTP started working just fine. 

Thanks for letting me know about mozilla being used by Netscape. I was so
diswrought over this incident that I guess I wasn't thinking straight. It is
a scare that someone can go into your systme and hide a file from you. I
knew it wasn't FreeBSD itself that was hacked into because it is a very
secured program. So now I will scour my users' files and see if there is a
reference to that file on any of their pages. I somehow suspect it is one of
my customers being the culprit.

Again thanks all for the quick answers. FBSD is still the best around.

Kudos!
>
>
>
>
>