From owner-freebsd-questions Wed Sep 5 17:40:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail40.sdc1.sfba.home.com (femail40.sdc1.sfba.home.com [24.254.60.34]) by hub.freebsd.org (Postfix) with ESMTP id 0337037B406 for ; Wed, 5 Sep 2001 17:40:47 -0700 (PDT) Received: from amarildo ([24.42.114.66]) by femail40.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP id <20010906004046.XSKJ4874.femail40.sdc1.sfba.home.com@amarildo> for ; Wed, 5 Sep 2001 17:40:46 -0700 Message-ID: <000e01c12085$191d62e0$6100a8c0@amarildo> From: "abby" To: Subject: pid account hacked Date: Wed, 8 Aug 2001 20:40:56 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000B_01C1204A.6C68C9C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_000B_01C1204A.6C68C9C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a question regarding system accounts if I seem a bit non oriented = its because I am somewhat new to unix security issues well someone = hacked into one of the system accounts using a root kit I was lead to = believe but they got in as=20 pid user=20 pid ttyp0 141.13.3.9 Wed Sep 5 06:09 - 06:11 = (00:05) and I Was able to view them through who or w=20 this was totally freaking me out so first thing I Did was delete the = user I was wondering if you could give me more information on how this hapend to prevent = system accounts from being hacked again someone said I should email here and ask thanx in advance ------=_NextPart_000_000B_01C1204A.6C68C9C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I have a question regarding system = accounts if I=20 seem a bit non oriented its because I am somewhat new to unix security = issues=20 well someone hacked into one of the system accounts using a root kit I = was lead=20 to believe but they got in as
pid user
 
pid          &= nbsp;  =20 ttyp0    141.13.3.9       = Wed=20 Sep  5 06:09 - 06:11  (00:05)
 
and I Was able to view them through who = or w=20
this was totally freaking me out so = first thing I=20 Did was delete the user I was wondering
if you could give me more information = on how this=20 hapend to prevent system accounts from being hacked again
someone = said I=20 should email here and ask thanx in advance
------=_NextPart_000_000B_01C1204A.6C68C9C0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message