From owner-freebsd-questions@FreeBSD.ORG Thu Nov 17 02:51:13 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D857216A420 for ; Thu, 17 Nov 2005 02:51:13 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: from pearl.ibctech.ca (pearl.ibctech.ca [209.167.58.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3707143D45 for ; Thu, 17 Nov 2005 02:51:12 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: (qmail 10143 invoked by uid 1002); 17 Nov 2005 02:51:50 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(209.167.16.15):. Processed in 2.896156 secs); 17 Nov 2005 02:51:50 -0000 Received: from unknown (HELO fuze) (209.167.16.15) by pearl.ibctech.ca with SMTP; 17 Nov 2005 02:51:47 -0000 From: "Steve Bertrand" To: "'kalin mintchev'" , "'Steve Bertrand'" Date: Wed, 16 Nov 2005 21:51:08 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Thread-Index: AcXrH2iFKQk/W6P0T6SJFfw+E9vLNQAAMAqg In-Reply-To: <51190.68.165.89.71.1132194943.squirrel@mail.el.net> X-Qmail-Scanner-Message-ID: <113219590767510114@pearl.ibctech.ca> Message-Id: <20051117025112.3707143D45@mx1.FreeBSD.org> Cc: 'FreeBSD Questions' , 'Mark Jayson Alvarez' Subject: RE: Need urgent help regarding security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 02:51:14 -0000 > > # ls -la /tmp > > also /var/tmp Indeed, many people would install with a /var partition, which would put /tmp under /var via symlink, but a good point. > if you run awstats or phpBB - upgrade... Agreed, but even phpBB may not be the fault. Many problems with PHP come with the binary, not necissarily the app that uses it. However...like I said before...it's best not to panic, and what you DON'T want, is for the invader to know you are looking. It's best (IMHO), to walk around him/her, until you find their access point and intention, then go from there. Most *((cr/h)ackers* (and I use that term VERY loosely (aka: script kiddies)) are interested in rooting a box, and setting up a storage/sharing area that is free to them. This may not be the case, but it's better to 'observe' your foreign presence first. If it is a real blackhat, you don't want to go pissing all over his work before you have evidence, lest he pisses back on you...as he will. Otherwise, if it's a kiddie, there are simple ways to deal with that, and learn from your vulnerabilities...always with the expectation that the next hack will be from someone who didn't just download a vulnerability from the 'net, and come across you with a point-and-click-type scanner in a GUI interface. Only my .02 Steve > > >