Date: Fri, 21 Sep 2001 18:35:30 +0200 From: Christoph Sold <so@i-clue.de> To: ybbor@freedom.net Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Freebsd being hacked Message-ID: <3BAB6C52.9010409@i-clue.de> References: <20010921160628.5AD2337B41A@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
ybbor@freedom.net wrote: > Hello, > > > > I have a Breebsd server. It was running freebsd 3.x(not exactly sure) > and last week somone used that telnet exploit. so i ran that patch on > your site. then i downloaded the freebsd 4.4 iso and upgraded my > system. > > > > Today i try to log in to my computer and i can't telnet in to it. So > i went to the box, and i can't log in to it. on the screen it says > there was an 'su pop to toor'. and that the kernel log was full. it > looks like i was hacked, so i unpluged the comptuer from the network > and now i don't know what to do. > > > > how do i log in to a comptuer if someone changed the root password and > disabled every other account? > - Reboot - Boot into single user - change the password If you're back in - backup your data - initalize the disk, install a virgin system. Use all new passwords, of course - restore only validated, good, backdoor-free data HTH -Christoph Sold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BAB6C52.9010409>