Date: Fri, 03 Aug 2001 09:42:21 +0200 From: Christoph Sold <so@server.i-clue.de> To: Keith Spencer <bsd2000au@yahoo.com.au> Cc: fbsd <freebsd-questions@FreeBSD.ORG> Subject: Re: How can I tell I have been hacked? Message-ID: <3B6A55DD.32979F9F@i-clue.de> References: <20010803045134.9495.qmail@web12006.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Keith Spencer wrote: > > Hi all, > Some mob contacted me and said I had been hacked by a > group called Pakistan Cyber Warriors. > Heard of them? No. > They say my site had a page place on it yesterday > short term! > How can I tell? > Any ideas? > What should I do? Close telnet ftp etc etc.? > What is port 587 Submission? > How can I trace a backdoor on my machine? > So many questions. Run portscans on the machine. Check against safe tripwire databases (i.e. stored on read-only media, such as CD-Rs). Beware: you cannot trust this machine to run portscans against itself. Use a known secure box to do that. If you have no record of the known safe state of your box, rebuild the system from scratch, secure it, and put it not on the 'net until it is secure. If you cannot afford the downtime, grab yourself another box, make it secure, then install _data_only_ from the hacked box. To learn more about how to secure your boxes, http://ezine.daemonnews.org/200108/ has two recent articles about security. http://freebsddiary.org/topics.php#firewalls , http://freebsddiary.org/topics.php#security , http://www.onlamp.com/bsd/ are other starting points about securing your box. HTH -Christoph Sold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B6A55DD.32979F9F>