From owner-freebsd-amd64@FreeBSD.ORG  Mon Jun 27 14:37:10 2005
Return-Path: <owner-freebsd-amd64@FreeBSD.ORG>
X-Original-To: freebsd-amd64@freebsd.org
Delivered-To: freebsd-amd64@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BC94016A41C
	for <freebsd-amd64@freebsd.org>; Mon, 27 Jun 2005 14:37:10 +0000 (GMT)
	(envelope-from dystopianrebel@yahoo.com)
Received: from web52306.mail.yahoo.com (web52306.mail.yahoo.com
	[206.190.39.101])
	by mx1.FreeBSD.org (Postfix) with SMTP id 5C99143D1D
	for <freebsd-amd64@freebsd.org>; Mon, 27 Jun 2005 14:37:10 +0000 (GMT)
	(envelope-from dystopianrebel@yahoo.com)
Received: (qmail 49021 invoked by uid 60001); 27 Jun 2005 14:37:09 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=C+idEu3BmHTK3K8W4DxgfsfZab6JmhX7qtSACnoUGpY3MlYS+1UNqJ6FiT0K4IFPLTk9YxwtdwBR1pcegXTo33ssHE3jI7YC1LwU2IL0U/8H9tTOIiUWsCsgovct7xJif2YewetPNVSbW021+XGUPYMa9mx+ONyYY31QU+lvyzs=
	; 
Message-ID: <20050627143709.49019.qmail@web52306.mail.yahoo.com>
Received: from [205.210.232.62] by web52306.mail.yahoo.com via HTTP;
	Mon, 27 Jun 2005 07:37:09 PDT
Date: Mon, 27 Jun 2005 07:37:09 -0700 (PDT)
From: dR <dystopianrebel@yahoo.com>
To: freebsd-amd64@freebsd.org, freebsd-amd64@molecon.ru
In-Reply-To: <20050627120006.5A15116A429@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Cc: 
Subject: Re: freebsd-amd64 Digest, Vol 108, Issue 1
X-BeenThere: freebsd-amd64@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting FreeBSD to the AMD64 platform <freebsd-amd64.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-amd64>,
	<mailto:freebsd-amd64-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-amd64>
List-Post: <mailto:freebsd-amd64@freebsd.org>
List-Help: <mailto:freebsd-amd64-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-amd64>,
	<mailto:freebsd-amd64-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2005 14:37:10 -0000

Oleg, stop your Web server, check with the owner of
your PHP bulletin-board source for a security update,
and apply the patches immediately. 

Make sure that you use a robots.txt file to protect
your site from Google and Yahoo indexing. The script
kiddies are using search engines to find vulnerable
PHP bulletin-board installations.

As for identifying the culprit, I wish you success but
I don't know if you will have any. 

Marko

- - -

Date: Mon, 27 Jun 2005 14:10:14 +0400
From: Oleg Rusanov <freebsd-amd64@molecon.ru>
Subject: "sh -i" My server was hacked. How can i found
hole 
on my
	server?
To: freebsd-amd64 <freebsd-amd64@freebsd.org>
Message-ID: <1525910592.20050627141014@molecon.ru>
Content-Type: text/plain; charset=us-ascii

Hello.

My server was hacked. The CPU has been loaded on 99 %
by 
"sh -i" process.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com