From owner-freebsd-security Thu Oct 18 16:43:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from shemp.palomine.net (shemp.palomine.net [216.135.64.135]) by hub.freebsd.org (Postfix) with SMTP id 2A80137B401 for ; Thu, 18 Oct 2001 16:43:50 -0700 (PDT) Received: (qmail 10626 invoked by uid 1000); 18 Oct 2001 23:43:38 -0000 Date: Thu, 18 Oct 2001 19:43:38 -0400 From: Chris Johnson To: Tomek Cc: freebsd-security@FreeBSD.ORG Subject: Re: I got hacked, not login wise, software wise Message-ID: <20011018194338.A10558@palomine.net> References: <20011018131823.Y621-100000@jodie.ncptiddische.net> <011e01c157cf$9b401700$f6f073d1@mpionline.com> <20011018165057.V3734@ns2.wananchi.com> <01e701c157e4$f012abc0$f6f073d1@mpionline.com> <20011018180513.C3734@ns2.wananchi.com> <20011018114805.E70327@acadia.ne.mediaone.net> <018801c157ef$37ec0720$f6f073d1@mpionline.com> <03db01c15812$c4575d40$f6f073d1@mpionline.com> <06cf01c1582d$ff363600$f6f073d1@mpionline.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ibTvN161/egqYuK8" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <06cf01c1582d$ff363600$f6f073d1@mpionline.com>; from tomek@mpionline.com on Thu, Oct 18, 2001 at 05:38:31PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Oct 18, 2001 at 05:38:31PM -0600, Tomek wrote: > ==QUICK SUMMARY TO NOT WASTE YOUR TIME=== > =Without a doubt I have been hacked [snip] > =1= I have a user "Broot", I noticed it only a few days after installing > FreeBSD 4.3-RELEASE (GENERIC) #0. Did you have telnetd enabled in inetd.conf? If so, that'd be my bet as to how they got in. Go to http://www.freebsd.org, and look for the big red box that says "IMPORTANT" in it. Chris Johnson --ibTvN161/egqYuK8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7z2kpyeUEMvtGLWERAoaPAKDnHsKLJhkNyerxdCxXpQWz9NKXDACfbeox qyYY32T4l6AyzDVDve3A/N8= =EAVc -----END PGP SIGNATURE----- --ibTvN161/egqYuK8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message