From owner-freebsd-newbies Thu Jun 1 12:56:35 2000 Delivered-To: freebsd-newbies@freebsd.org Received: from beachpdc1.beachassociates.com (beachpdc1.beachassociates.com [208.246.80.6]) by hub.freebsd.org (Postfix) with ESMTP id 26B2837BEA3 for ; Thu, 1 Jun 2000 12:56:33 -0700 (PDT) (envelope-from cday@beachassociates.com) Received: by beachpdc1.beachassociates.com with Internet Mail Service (5.5.2448.0) id ; Thu, 1 Jun 2000 15:56:32 -0400 Message-ID: From: Chad Day To: 'David Johnson' Cc: "'freebsd-newbies@freebsd.org'" Subject: RE: System intrusion Date: Thu, 1 Jun 2000 15:56:31 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="windows-1252" Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ok, well, either way, I want to get more detailed log info on this guy.. I need to get detailed ftp logging. He keeps accessing the system on a daily basis, so it will be easy for me to mount up evidence. I installed wu-ftpd, backed up what has already been modified and moved it elsewhere, I'm having problems turning logging on though. In my inetd.conf: ftp stream tcp nowait root /usr/local/libexec/ftpd ftpd -l -l In my syslog.conf: !ftpd *.* /var/log/ftplog ftp.info /var/log/ftplog not logging though, even though I've kill -1'ed syslog and the inetd processes. Am I missing something? Thanks, Chad -----Original Message----- From: David Johnson [mailto:djohnson@acuson.com] Sent: Thursday, June 01, 2000 3:45 PM To: Chad Day Cc: 'freebsd-newbies@freebsd.org' Subject: Re: System intrusion Chad Day wrote: > My question is: what can I do? Should I contact the FBI? (if so, if > anyone knows how to go about this best who has had prior experience, I would > appreciate information) Contact AOL (which seems to be a waste of time)? From what I understand, the FBI will confiscate the host machine as evidence. Very stupid, sort of like evicting you from your home after a break in. You next best bet is to contact AOL and present them with evidence that their user committed malfeasance. If that doesn't work, then you have two options in my radical and rebellious opinion. If AOL does nothing, then block all AOL from your site, redirecting any requests to a page explaining why they're blocked and who the SOB responsible is. The second option, considering that when law enforcement breaks down, the law-abiding go vigilante, is to send a better hacker after this guy. Or mail bomb him. Be creative. All sorts of really sweet vengeance comes to mind that I dare not post in a public forum... David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message