Date: Sun, 23 Sep 2001 08:13:43 -0600 (MDT) From: FreeBSD <freebsd@XtremeDev.com> To: Doug Reynolds <mav@wastegate.net> Cc: Rob <europax@home.com>, "ybbor@freedom.net" <ybbor@freedom.net>, "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: Freebsd being hacked Message-ID: <20010923081001.F29470-100000@Amber.XtremeDev.com> In-Reply-To: <20010923140721.5EEC737B426@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
1. Plan and understand what you need to do after format. Otherwise you'll just get rehacked. 2. Format and reinstall. 3. Install 4.4-release. If you can't, or won't, go to single user modem right after initial install process and disable everything (ESPECIALLY telnetd) in single user mode before even going to multiuser. Or just have it unplugged from the network during install until you've disabled everything. On Sun, 23 Sep 2001, Doug Reynolds wrote: > On Fri, 21 Sep 2001 09:12:28 -0700, Rob wrote: > > >> Today i try to log in to my computer and i can't telnet in to it. So > >> i went to the box, and i can't log in to it. on the screen it says > >> there was an 'su pop to toor'. and that the kernel log was full. it > >> looks like i was hacked, so i unpluged the comptuer from the network > >> and now i don't know what to do. > >> > >> how do i log in to a comptuer if someone changed the root password and > >> disabled every other account? > > >I'd reinstall the OS from an ISO disk. Others with more experience in > >this might have a better solution. > > you could drop into single user mode and just use passwd (i believe) if > you want to get some working logs. but I would definatly > fdisk/format/reinstall the whole OS. sounds like you got hit by the > telnet hack. > > --- > doug reynolds | the maverick | mav@wastegate.net > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010923081001.F29470-100000>