Date: Sun, 23 Sep 2001 15:08:06 -0400 From: "Andrew C. Hornback" <achornback@worldnet.att.net> To: <ybbor@freedom.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: Freebsd being hacked Message-ID: <009b01c14463$13e96b00$0e00000a@tomcat> In-Reply-To: <3BAB66EB.2C80217B@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Rob > Sent: Friday, September 21, 2001 12:12 PM > To: ybbor@freedom.net > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: Freebsd being hacked > > > ybbor@freedom.net wrote: > > > > Hello, > > > > I have a Breebsd server. It was running freebsd 3.x(not exactly sure) > > and last week somone used that telnet exploit. so i ran that patch on > > your site. then i downloaded the freebsd 4.4 iso and upgraded my > > system. > > > > Today i try to log in to my computer and i can't telnet in to it. So > > i went to the box, and i can't log in to it. on the screen it says > > there was an 'su pop to toor'. and that the kernel log was full. it > > looks like i was hacked, so i unpluged the comptuer from the network > > and now i don't know what to do. > > > > how do i log in to a comptuer if someone changed the root password and > > disabled every other account? > > I'd reinstall the OS from an ISO disk. Others with more experience in > this might have a better solution. You're going to have to do a little more than that, I imagine. Format the drive and reinstall, not just re-install. Going to have to back up everything off of the drive that you want to keep, put it in a "quarantine" area, as any executables on the system may have been compromised, reinstall and step your way through reinstalling your data. I believe this is the same general advice you get any time you've been hacked. --- Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009b01c14463$13e96b00$0e00000a>