Date: Wed, 25 Jul 2001 04:50:40 -0700 From: Dima Dorfman <dima@unixfreak.org> To: Peter Pentchev <roam@orbitel.bg> Cc: jett <tayerv@team.ph.inter.net>, freebsd-bugs <freebsd-bugs@freebsd.org> Subject: Re: broken into via ssh? Message-ID: <20010725115040.B1F073E28@bazooka.unixfreak.org> In-Reply-To: <20010725144452.A84551@ringworld.oblivion.bg>; from roam@orbitel.bg on "Wed, 25 Jul 2001 14:44:52 %2B0300"
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Pentchev <roam@orbitel.bg> writes: > On Wed, Jul 25, 2001 at 10:33:01AM +0800, jett wrote: > > bash-2.04$ netstat -an | grep LISTEN > > tcp 0 0 *.80 *.* LISTEN > > tcp 0 0 *.443 *.* LISTEN > > tcp 0 0 *.31341 *.* LISTEN > > tcp 0 0 *.22 *.* LISTEN > > ... > From looking at your services list it would seem that either httpd by itself, > or some script you have on your website was used to break in. More specifically, it would seem that somebody used httpd or a CGI script to break in and get unprivileged user access, then one of the umpteen local holes in 3-stable to get root. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010725115040.B1F073E28>