From owner-freebsd-questions Thu Jul 5 4:45:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from fisher.vip.uk.com (fisher.vip.uk.com [194.176.218.14]) by hub.freebsd.org (Postfix) with ESMTP id 8AC1D37B403 for ; Thu, 5 Jul 2001 04:45:55 -0700 (PDT) (envelope-from rob@robhulme.com) Received: from modem-123-52-60-62.vip.uk.com ([62.60.52.123] helo=hal9001) by fisher.vip.uk.com with smtp (Exim 3.22 #1) id 15I7Zx-00077y-00 for freebsd-questions@FreeBSD.ORG; Thu, 05 Jul 2001 12:45:53 +0100 From: "Rob" To: "Freebsd-Questions@Freebsd. Org" Subject: RE: Is my FTP hacked? Date: Thu, 5 Jul 2001 12:47:45 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 In-reply-to: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I think someone may have hacked into my ftp... I've got this line in my > /var/log/messages > > "Jul 5 10:03:50 www ftpd[8728]: /etc/pwd.db: No such file or > directory"... > > is there any way I can see what account they logged in as and so > on? or has > something else happened? > > I've disabled FTP for the moment.... OK - false alarm it seems... I used 'last' to track down who the user was at 10:03... I've talked to him and he said he was just uploading some files (for one of our websites)... I trust him, so I guess we weren't trying to be hacked - but what happened to cause this error? If I look at passwd.db with pico /etc/pwd.db it has what looks like a load of garbage on the first line... then: # # List of acceptable shells for chpass(1). # Ftpd will not allow users to connect who are not using # one of these shells. /bin/sh /bin/csh /nonexistent then the last line looks like a load of the usernames on the system followed by a *lot* of ÿÿÿÿÿÿÿÿÿÿÿ symbols... What is going on ? :) -Rob -------------------------------- http://www.robhulme.com http://www.christianunion.org.uk "May the forks be with us." - Blue Raja (Mystery Men) Everything you've learned in school as "obvious" becomes less and less obvious as you begin to study the universe. For example, there are no solids in the universe. There's not even a suggestion of a solid. There are no absolute continuums. There are no surfaces. There are no straight lines. ---- R. Buckminster Fuller To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message