Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Aug 2001 20:40:56 -0700
From:      "abby" <art@cristhal.com>
To:        <freebsd-questions@FreeBSD.ORG>
Subject:   pid account hacked
Message-ID:  <000e01c12085$191d62e0$6100a8c0@amarildo>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
I have a question regarding system accounts if I seem a bit non oriented its because I am somewhat new to unix security issues well someone hacked into one of the system accounts using a root kit I was lead to believe but they got in as 
pid user 

pid              ttyp0    141.13.3.9       Wed Sep  5 06:09 - 06:11  (00:05)

and I Was able to view them through who or w 
this was totally freaking me out so first thing I Did was delete the user I was wondering
if you could give me more information on how this hapend to prevent system accounts from being hacked again
someone said I should email here and ask thanx in advance

[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I have a question regarding system accounts if I 
seem a bit non oriented its because I am somewhat new to unix security issues 
well someone hacked into one of the system accounts using a root kit I was lead 
to believe but they got in as </FONT></DIV>
<DIV><FONT face=Arial size=2>pid user </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial 
size=2>pid&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
ttyp0&nbsp;&nbsp;&nbsp; 141.13.3.9&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Wed 
Sep&nbsp; 5 06:09 - 06:11&nbsp; (00:05)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>and I Was able to view them through who or w 
</FONT></DIV>
<DIV><FONT face=Arial size=2>this was totally freaking me out so first thing I 
Did was delete the user I was wondering</FONT></DIV>
<DIV><FONT face=Arial size=2>if you could give me more information on how this 
hapend to prevent system accounts from being hacked again<BR>someone said I 
should email here and ask thanx in advance</FONT></DIV></BODY></HTML>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000e01c12085$191d62e0$6100a8c0>