Date: Fri, 19 Jan 2001 20:16:46 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Greg Lehey <grog@lemis.com> Cc: Lakewebs <goad@lakewebs.net>, FreeBSD Questions <questions@FreeBSD.ORG> Subject: Re: Request For Help Message-ID: <20010119201646.A17686@citusc17.usc.edu> In-Reply-To: <20010119195506.I376@sydney.worldwide.lemis.com>; from grog@lemis.com on Fri, Jan 19, 2001 at 07:55:06PM %2B1100 References: <000b01c0820d$7595a120$40c11f0c@lakewebs.net> <20010119195506.I376@sydney.worldwide.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 19, 2001 at 07:55:06PM +1100, Greg Lehey wrote: > [Format recovered--see http://www.lemis.com/email/email-format.html] >=20 > On Friday, 19 January 2001 at 5:46:23 -0600, Lakewebs wrote: > > Hello > > My name is Ronald Goad. As of last week I had a person that was > > running or internet services dns and hosting. Both boxes are running > > on FreeBSD. This individual left in the middle of the night after > > changing all access passwords. Is there anyone who can assist me in > > saving these systems. Boot into single-user mode on the system console, and reset the passwords to something known. Then treat the system as having been compromised by a hostile intruder who has left backdoors all over the place: copy off the data onto a clean system (being careful of things like CGI scripts which also might be compromised), and rebuild the system from scratch. Then take legal action against the guy who did it to recover damages, if you wish. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aREuWry0BWjoQKURAo6eAJ490NHG2YcJ6mJcUluVhnVq3GJDHACfaiZ8 Tm7fF3ebCVVBHmm8X2ujApE= =c03u -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010119201646.A17686>