From owner-freebsd-questions@FreeBSD.ORG Thu Nov 17 01:16:42 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1706816A41F for ; Thu, 17 Nov 2005 01:16:42 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: from web51612.mail.yahoo.com (web51612.mail.yahoo.com [68.142.224.85]) by mx1.FreeBSD.org (Postfix) with SMTP id 6854943D46 for ; Thu, 17 Nov 2005 01:16:41 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: (qmail 27965 invoked by uid 60001); 17 Nov 2005 01:16:40 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=PdBgRjJaQXCawzw8Dp+WmCl6D5bYE/RFzCU3rBDdfQYqBJHYVDyzU8O6k3XM415VmGe0xjhWk2jW2tt2x2KSanAtsGwO8ECy+9FY7I8oWivBDOApVhMXBGCt3un/8hO26h1mwMZIfmyuWBPNKAnVlVT9QAxhlMEQE9I2jjNWTKs= ; Message-ID: <20051117011640.27963.qmail@web51612.mail.yahoo.com> Received: from [202.90.128.21] by web51612.mail.yahoo.com via HTTP; Wed, 16 Nov 2005 17:16:40 PST Date: Wed, 16 Nov 2005 17:16:40 -0800 (PST) From: Mark Jayson Alvarez To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Need urgent help regarding security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 01:16:42 -0000 Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old versions mostly freebsd) Also, that particular server is running - ProFTPD Version 1.2.4 which someone have suggested to have a known vulnerability.. I really need all the help I can get as the administration of those servers where just transferred to us by former admins. The server is used for ftp. Thanks.. __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com