From owner-freebsd-questions Fri Jan 19 20:14: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id BF9F437B404 for ; Fri, 19 Jan 2001 20:13:48 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0K4GkZ17733; Fri, 19 Jan 2001 20:16:46 -0800 (PST) (envelope-from kris) Date: Fri, 19 Jan 2001 20:16:46 -0800 From: Kris Kennaway To: Greg Lehey Cc: Lakewebs , FreeBSD Questions Subject: Re: Request For Help Message-ID: <20010119201646.A17686@citusc17.usc.edu> References: <000b01c0820d$7595a120$40c11f0c@lakewebs.net> <20010119195506.I376@sydney.worldwide.lemis.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="azLHFNyN32YCQGCU" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010119195506.I376@sydney.worldwide.lemis.com>; from grog@lemis.com on Fri, Jan 19, 2001 at 07:55:06PM +1100 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 19, 2001 at 07:55:06PM +1100, Greg Lehey wrote: > [Format recovered--see http://www.lemis.com/email/email-format.html] >=20 > On Friday, 19 January 2001 at 5:46:23 -0600, Lakewebs wrote: > > Hello > > My name is Ronald Goad. As of last week I had a person that was > > running or internet services dns and hosting. Both boxes are running > > on FreeBSD. This individual left in the middle of the night after > > changing all access passwords. Is there anyone who can assist me in > > saving these systems. Boot into single-user mode on the system console, and reset the passwords to something known. Then treat the system as having been compromised by a hostile intruder who has left backdoors all over the place: copy off the data onto a clean system (being careful of things like CGI scripts which also might be compromised), and rebuild the system from scratch. Then take legal action against the guy who did it to recover damages, if you wish. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aREuWry0BWjoQKURAo6eAJ490NHG2YcJ6mJcUluVhnVq3GJDHACfaiZ8 Tm7fF3ebCVVBHmm8X2ujApE= =c03u -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message