Date: Sat, 11 Aug 2007 05:10:23 -0700 (PDT) From: Mohd Ghalib Akhtar <md_ghalib@yahoo.com> To: "Heiko Wundram \(Beenic\)" <wundram@beenic.net>, freebsd-questions@freebsd.org Subject: Re: server was hacked Message-ID: <362502.40629.qm@web43134.mail.sp1.yahoo.com>
next in thread | raw e-mail | index | archive | help
hi,=0Ahow to restore delated file or folder in linux=0A =0ATake care=0AMohd= .Ghalib Akhtar=0A(India.M)9899868681=0A(Africa.M) +255787896861 =0A=0A=0A= =0A=0A=0A=0A=0A=0A=0A=0A----- Original Message ----=0AFrom: Heiko Wundram (= Beenic) <wundram@beenic.net>=0ATo: freebsd-questions@freebsd.org=0ASent: Sa= turday, August 11, 2007 2:54:29 PM=0ASubject: Re: server was hacked=0A=0A= =0AAm Samstag 11 August 2007 13:20:31 schrieb Brent:=0A> Im running FBSD 5.= 4 as a web server the server is behind a cisco firewall=0A> /router and the= server has alot of CMS jumila / mambo sites on it. I=0A> noticed that when= i ran sockstat i was seeing multiple IPs connected to=0A> high ports on th= e server with a process id of "psybnc" . Did some looking=0A> around & foun= d that this is a IRC relay program that was installed through=0A> a comprom= ised mambo site.=0A=0AThat was a know Mambo vulnerability which also hit a = client of ours. It's not =0Aa root compromise, though, AFAIR.=0A=0A> On FBS= D how do you checksum binaries on the system to ensure someone hasnt=0A> re= placed one with there own binary.=0A=0AInstall security/tripwire and config= ure properly.=0A=0A-- =0AHeiko Wundram=0AProduct & Application Development= =0A_______________________________________________=0Afreebsd-questions@free= bsd.org mailing list=0Ahttp://lists.freebsd.org/mailman/listinfo/freebsd-qu= estions=0ATo unsubscribe, send any mail to "freebsd-questions-unsubscribe@f= reebsd.org"=0A=0A=0A _________________________________________________= ___________________________________=0ALuggage? GPS? Comic books? =0ACheck o= ut fitting gifts for grads at Yahoo! Search=0Ahttp://search.yahoo.com/searc= h?fr=3Doni_on_mail&p=3Dgraduation+gifts&cs=3Dbz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?362502.40629.qm>