Date: Sat, 11 Aug 2007 05:10:23 -0700 (PDT) From: Mohd Ghalib Akhtar <md_ghalib@yahoo.com> To: "Heiko Wundram \(Beenic\)" <wundram@beenic.net>, freebsd-questions@freebsd.org Subject: Re: server was hacked Message-ID: <362502.40629.qm@web43134.mail.sp1.yahoo.com>
next in thread | raw e-mail | index | archive | help
hi, how to restore delated file or folder in linux Take care Mohd.Ghalib Akhtar (India.M)9899868681 (Africa.M) +255787896861 ----- Original Message ---- From: Heiko Wundram (Beenic) <wundram@beenic.net> To: freebsd-questions@freebsd.org Sent: Saturday, August 11, 2007 2:54:29 PM Subject: Re: server was hacked Am Samstag 11 August 2007 13:20:31 schrieb Brent: > Im running FBSD 5.4 as a web server the server is behind a cisco firewall > /router and the server has alot of CMS jumila / mambo sites on it. I > noticed that when i ran sockstat i was seeing multiple IPs connected to > high ports on the server with a process id of "psybnc" . Did some looking > around & found that this is a IRC relay program that was installed through > a compromised mambo site. That was a know Mambo vulnerability which also hit a client of ours. It's not a root compromise, though, AFAIR. > On FBSD how do you checksum binaries on the system to ensure someone hasnt > replaced one with there own binary. Install security/tripwire and configure properly. -- Heiko Wundram Product & Application Development _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" ____________________________________________________________________________________ Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?362502.40629.qm>