From owner-freebsd-questions Sat Sep 9 15:58: 6 2000 Delivered-To: freebsd-questions@freebsd.org Received: from inconnu.isu.edu (inconnu.isu.edu [134.50.8.55]) by hub.freebsd.org (Postfix) with ESMTP id 5AE3A37B423 for ; Sat, 9 Sep 2000 15:58:03 -0700 (PDT) Received: from localhost (galt@localhost) by inconnu.isu.edu (8.9.3/8.9.3) with ESMTP id QAA25353; Sat, 9 Sep 2000 16:57:56 -0600 Date: Sat, 9 Sep 2000 16:57:56 -0600 (MDT) From: John Galt To: Scott Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Has my box been compromised? In-Reply-To: <39BA0BE6.C49E2FE3@earthlink.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Cron job--updating the locate database. On Sat, 9 Sep 2000, Scott wrote: > Hello, > > I was surfing on my dsl line (dynamic ip) a few minutes ago and noticed > my hard drive > was churning even though I wasn't doing much. I ran top and saw several > processes being run by user 'nobody' such as find, locate.proxxx (?can't > remember), and several 'sh'. I immediately killed ppp, and then the > 'nobody' > processes but many of the processes had already died after I killed the > ppp > connection. Did someone break in or is freebsd doing something behind > the > scenes as 'nobody'? > > -- > Scott Dubose > Houston, TX > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Who is John Galt? Failure is not an option. It comes bundled with your Microsoft product. -- Ferenc Mantfeld To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message