Date: Thu, 03 Dec 1998 10:53:49 -0500 From: Mike Alich <mike@cctinc.net> To: freebsd-questions@FreeBSD.ORG Subject: Important Message-ID: <3666B40D.18E11DEC@cctinc.net>
next in thread | raw e-mail | index | archive | help
I need some help. My server got hacked into last week and I found out that they moved in a new version of login and a few other remote access type of programs. I also noticed they had a file called login.cgi in a particular web directory. Could they have modified login.c and placed it for apache to execute and change my root password or login as root from a web browser? Or better yet cp the login.c modify it and execute it in a standard users directory under that user name and log in as root without the root password? I know one of the people that hacked the system. This user had ftp but not telnet acces into the server. But he may have had someone else password for telnet. This is an ex sysadm. But he never had the root password or my own personal password. And I know this for a fact. Also can you tell me which login program is execute when you goto login into the system. I mean which directory is this program located in? Any help is appreciated. -- Mike Alich mike@cctinc.net Cyber Communication Technologies, Inc. Web Hosting and Internet Solutions. http://www.cctinc.net Virtual Web Hosting $14.95 per month To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3666B40D.18E11DEC>