Date: Fri, 13 Jan 2006 20:17:15 -0800 From: Julian Elischer <julian@elischer.org> To: anchor <jacquejiang@hotmail.com>, hackers@freebsd.org Subject: Re: My machine been hacked, I need help Message-ID: <43C87B4B.1080606@elischer.org> In-Reply-To: <2374502.post@talk.nabble.com> References: <2374502.post@talk.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
anchor (sent by Nabble.com) wrote: >My machine been hacked. The message file was modified. Old dated backup files are deleted. The last log was truncated. You are gurus. Would you please tell me where I can find out other trace file or logfiles to figure out where the hacker come from? > >Thanks a lot. >-- >View this message in context: http://www.nabble.com/My-machine-been-hacked%2C-I-need-help-t915435.html#a2374502 >Sent from the freebsd-hackers forum at Nabble.com. >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > If you can get into the kernel debugger you may try to do a ps from there and see if there are any strange processes running. of course the first thing to do is physically unplug the machine. then make a backup for forensic purposes if you can. you don't say what version of the system it is and what it runs as services. there are rootkit finders in the ports under 'security' if you installed from CD see if you can get it from there..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43C87B4B.1080606>