From owner-freebsd-questions Thu Aug 9 1:42:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web13306.mail.yahoo.com (web13306.mail.yahoo.com [216.136.175.42]) by hub.freebsd.org (Postfix) with SMTP id 94B0D37B406 for ; Thu, 9 Aug 2001 01:42:46 -0700 (PDT) (envelope-from sumirati@yahoo.de) Message-ID: <20010809084245.72214.qmail@web13306.mail.yahoo.com> Received: from [193.174.9.99] by web13306.mail.yahoo.com; Thu, 09 Aug 2001 10:42:45 CEST Date: Thu, 9 Aug 2001 10:42:45 +0200 (CEST) From: =?iso-8859-1?q?m=20p?= Subject: Re: Yep-I been hacked! Whats psyBNC? Someone installed it To: bsd2000au@yahoo.com.au, crimsun@email.unc.edu Cc: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Dan > --- "Daniel T. Chen" wrote: > > Sounds like a bnc used for irc, meaning that someone > > connects to your > > computer via the bnc app and uses your hostmask to > > connect to an irc > > server. > Yep that's it...but I don't have an IRC server > installed ? How are they compromising me by doing > this? > Whats a BNC app? > Thanks for your help > Keith Hi Keith, what a BNC app is? A bouncer. What is done by the bouncer: User connect to the "BNC" app at your computer at whatever port above 1024 he/she choose. The program makes a connection to different IRC servers (or is connected all the time). The bouncer is sending all what it gets from IRC back to the user connected from an external host. To the log: someone (your user?) tried to download the bouncer from an page which have it. Then tried to make (or: BUILD/compile) the application. Then moved the application to a directory called log, renamed the application from psyBNC to log and the config file also. Then he/she started the bouncer looked, it was running and logged of. Possibly you don't want your users anymore to: - use a c compiler on your machine - letting them connect to whatever they want Try: - Change rights on the c compiler - Install at least some packet filters Hope that helps Marc __________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message