Date: Sat, 9 Sep 2000 13:24:43 +0200 From: Mark Rowlands <mark.rowlands@minmail.net> To: Scott <digitalox@earthlink.net>, freebsd-questions@FreeBSD.ORG Subject: Re: Has my box been compromised? Message-ID: <00090913273200.42178@marbsd.tninet.se> In-Reply-To: <39BA0BE6.C49E2FE3@earthlink.net> References: <39BA0BE6.C49E2FE3@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 09 Sep 2000, Scott wrote: > Hello, > > I was surfing on my dsl line (dynamic ip) a few minutes ago and noticed > my hard drive > was churning even though I wasn't doing much. I ran top and saw several > processes being run by user 'nobody' such as find, locate.proxxx (?can't > remember), and several 'sh'. I immediately killed ppp, and then the > 'nobody' > processes but many of the processes had already died after I killed the > ppp > connection. Did someone break in or is freebsd doing something behind > the > scenes as 'nobody'? > > -- > Scott Dubose > Houston, TX I think you may find you have been have compromised by the evil BSD Daemon running locate.updatedb, df-ing your file systems, checking for suid binaries and other jolly activities and mailing you well root at any rate, the results of his industry Mark Rowlands +4686224510 GMT + 1 _______________________________________________ These opinions are mine, they are just opinions you are free to disagree, please do so quietly _______________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00090913273200.42178>