Date: Wed, 1 Aug 2001 13:19:30 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "Maximum" <m-a-x-i-m-u-m@mail.ru>, <freebsd-security@FreeBSD.ORG>, "Brett Glass" <brett@lariat.org> Subject: Re: Trojan injected in my Freebsd 4.1-RELEASE Message-ID: <00fb01c11ab6$829c83b0$3028680a@tgt.com> References: <4.3.2.7.2.20010801115333.0476d100@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Somebody keeps trying to install something through my FTPd when it is setup to allow anonymous users (no directories available for upload either). I opened up the FTP ports on Sunday night and I had somebody hack into my system before Monday morning. Lucky for me, they ran out of space on /var before they were able to do any damage. Seems there is a security hole with the installed ftpd. I usually use proftpd, which was always been secure for me. The only reason I switched back was that I needed a quick way to increase the timeout for ftp to my server (Dreamweaver likes a long timeout). Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Brett Glass" <brett@lariat.org> To: "Maximum" <m-a-x-i-m-u-m@mail.ru>; <freebsd-security@FreeBSD.ORG> Sent: Wednesday, August 01, 2001 12:55 PM Subject: Re: Trojan injected in my Freebsd 4.1-RELEASE > At 08:24 AM 8/1/2001, Maximum wrote: > > >In one of shell script I'm talking about i found copyright mark "nrfbsdrk v0.1 by gREMLiNs". > > The final letters of "nrfbsdrk" almost certainly stand for "FreeBSD rootkit." > I'd be interested in knowing what was exploited to install it. Could be BIND > or telnetd. > > --Brett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00fb01c11ab6$829c83b0$3028680a>