From owner-freebsd-questions  Thu Aug  9  3:55:19 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-82.dsl.lsan03.pacbell.net [63.207.60.82])
	by hub.freebsd.org (Postfix) with ESMTP id C0C7637B406
	for <freebsd-questions@FreeBSD.ORG>; Thu,  9 Aug 2001 03:55:15 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id A793D66CB5; Thu,  9 Aug 2001 02:51:09 -0700 (PDT)
Date: Thu, 9 Aug 2001 02:51:09 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Keith Spencer <bsd2000au@yahoo.com.au>
Cc: fbsd <freebsd-questions@FreeBSD.ORG>
Subject: Re: Ive been hacked-is sshd enabled by default in 4.3-release?
Message-ID: <20010809025108.A98995@xor.obsecurity.org>
References: <20010809013610.35352.qmail@web12007.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010809013610.35352.qmail@web12007.mail.yahoo.com>; from bsd2000au@yahoo.com.au on Thu, Aug 09, 2001 at 11:36:10AM +1000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--fUYQa+Pmc3FrFX/N
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Aug 09, 2001 at 11:36:10AM +1000, Keith Spencer wrote:
> Hi all,
> trying to seal up cracks in my system (got web site
> hacked)
> I notice ps-ax shows sshd enabled.
> Is it default or has someone done it?
> How do I check if SSH has been inserted into a user?
> Any other tips?

sshd has been installed by default since 4.1.1-RELEASE, but that's not
the point here.  If you've been hacked, your system can no longer be
trusted and you need to reinstall it from scratch, or they'll keep
coming back through backdoors.

Kris

--fUYQa+Pmc3FrFX/N
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7cl0MWry0BWjoQKURAn7mAKD4qHxWkcaHGQcHZGbYSTRpGuHHDACg1/K8
qJGjqFhfhBr78kUden5gHeg=
=RQe5
-----END PGP SIGNATURE-----

--fUYQa+Pmc3FrFX/N--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message