Date: Sat, 09 Sep 2000 14:49:03 -0500 From: Scott <digitalox@earthlink.net> To: freebsd-questions@freebsd.org Subject: Re: Has my box been compromised? Message-ID: <39BA942F.CF81683D@earthlink.net> References: <39BA0BE6.C49E2FE3@earthlink.net> <00090913273200.42178@marbsd.tninet.se>
next in thread | previous in thread | raw e-mail | index | archive | help
THanks, that's a relief to know. Scott Mark Rowlands wrote: > > On Sat, 09 Sep 2000, Scott wrote: > > Hello, > > > > I was surfing on my dsl line (dynamic ip) a few minutes ago and noticed > > my hard drive > > was churning even though I wasn't doing much. I ran top and saw several > > processes being run by user 'nobody' such as find, locate.proxxx (?can't > > remember), and several 'sh'. I immediately killed ppp, and then the > > 'nobody' > > processes but many of the processes had already died after I killed the > > ppp > > connection. Did someone break in or is freebsd doing something behind > > the > > scenes as 'nobody'? > > > > -- > > Scott Dubose > > Houston, TX > > I think you may find you have been have compromised by the evil > BSD Daemon running locate.updatedb, df-ing your file systems, > checking for suid binaries and other jolly activities and mailing you > well root at any rate, the results of his industry > > Mark Rowlands +4686224510 GMT + 1 > _______________________________________________ > > These opinions are mine, they are just opinions > you are free to disagree, please do so quietly > > _______________________________________________ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Scott Dubose Houston, TX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39BA942F.CF81683D>