Date: 22 Sep 1998 10:19:39 -0700 From: Faried Nawaz <self@partners-in-light.chai.org> To: freebsd-isp@FreeBSD.ORG Subject: Re: HELP: hacked by John the Ripper Message-ID: <lw67eggj4k.fsf@terror.hungry.com> In-Reply-To: ping@stepnet.com's message of 22 Sep 1998 09:43:52 -0700 References: <199809221554.IAA02712@pushkar.stepnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ping@stepnet.com (Ping Mai) writes: It seems my system has been hacked. The hacker altered the DNS tables and left a passwd cracker in /bin. There were DNS db files that were invisible to "/bin/ls", but they show up from "od" dump of the directory. Can someone help me to find out how he got in initially? Can you display the files by going into the name directory and typing "echo *"? Can you read them via an editor? What should I do at this point? Should I wipe the disk on this system? If you're certain that you've been hacked, yes. How do you think they got in? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lw67eggj4k.fsf>