Date: Wed, 8 Aug 2001 20:40:56 -0700 From: "abby" <art@cristhal.com> To: <freebsd-questions@FreeBSD.ORG> Subject: pid account hacked Message-ID: <000e01c12085$191d62e0$6100a8c0@amarildo>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_000B_01C1204A.6C68C9C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a question regarding system accounts if I seem a bit non oriented = its because I am somewhat new to unix security issues well someone = hacked into one of the system accounts using a root kit I was lead to = believe but they got in as=20 pid user=20 pid ttyp0 141.13.3.9 Wed Sep 5 06:09 - 06:11 = (00:05) and I Was able to view them through who or w=20 this was totally freaking me out so first thing I Did was delete the = user I was wondering if you could give me more information on how this hapend to prevent = system accounts from being hacked again someone said I should email here and ask thanx in advance ------=_NextPart_000_000B_01C1204A.6C68C9C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>I have a question regarding system = accounts if I=20 seem a bit non oriented its because I am somewhat new to unix security = issues=20 well someone hacked into one of the system accounts using a root kit I = was lead=20 to believe but they got in as </FONT></DIV> <DIV><FONT face=3DArial size=3D2>pid user </FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial=20 size=3D2>pid &= nbsp; =20 ttyp0 141.13.3.9 = Wed=20 Sep 5 06:09 - 06:11 (00:05)</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>and I Was able to view them through who = or w=20 </FONT></DIV> <DIV><FONT face=3DArial size=3D2>this was totally freaking me out so = first thing I=20 Did was delete the user I was wondering</FONT></DIV> <DIV><FONT face=3DArial size=3D2>if you could give me more information = on how this=20 hapend to prevent system accounts from being hacked again<BR>someone = said I=20 should email here and ask thanx in advance</FONT></DIV></BODY></HTML> ------=_NextPart_000_000B_01C1204A.6C68C9C0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000e01c12085$191d62e0$6100a8c0>