From owner-freebsd-questions Wed Jul 24 20:32:13 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D80537B400 for ; Wed, 24 Jul 2002 20:32:10 -0700 (PDT) Received: from mail.nucleus.com (mail.nucleus.com [207.34.93.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCDB943E6E for ; Wed, 24 Jul 2002 20:32:09 -0700 (PDT) (envelope-from grant.cooper@nucleus.com) Received: from TCOOPER (unverified [205.206.254.42]) by mail.nucleus.com (Vircom SMTPRS 1.4.232) with SMTP id for ; Wed, 24 Jul 2002 21:32:09 -0600 Message-ID: <002901c2338c$3709eab0$2afececd@TCOOPER> From: "Grant Cooper" To: References: <000001c23388$a1c00500$0a01a8c0@MIKESBOX> Subject: Re: Watching users Date: Wed, 24 Jul 2002 21:34:42 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You know what, as soon as you say your a newbie on this list your bound to be attacked. After advertising my domain I was flooded with anonymous ftp, telnet. This is a perfect place for BHH (Black Hat Hackers) to find newbies to compromise and teach a lesson about security. How fun. :) P.S. hehe, I was under the impression that SSH was suppose to be a secure shell. I will stick with the old FTP. paranoia continues..... ----- Original Message ----- From: "sagacious" To: Sent: Wednesday, July 24, 2002 9:09 PM Subject: RE: Watching users > >Hmm... So you want something that will simply just flip a switch and > let >you know if/when someone logs in or out. I won't ask why. :-) > > > My box got rooted the other day via that sshd exploit. He was defacing > my webpage and causing trouble. I didn't even know it. He started hiding > what he was doing so he could keep root. The funny thing is the only > reason I still have a box is because I was going on vacation so for the > hell of it I closed port 22 in my router. I locked him out without even > knowing it. I have people that need to login now that I'm back but I > need to see who and what from ips.. For all I know this tool downloaded > my master.passwd. > Thanks for your help. > > sagacious (Mike) > Network administrator > The unixhideout network > http://www.unixhideout.com > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message