From owner-freebsd-questions Sat Sep 22 18:19: 7 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail12.speakeasy.net (mail12.speakeasy.net [216.254.0.212]) by hub.freebsd.org (Postfix) with ESMTP id A1C2037B405 for ; Sat, 22 Sep 2001 18:19:02 -0700 (PDT) Received: (qmail 23651 invoked from network); 23 Sep 2001 01:19:01 -0000 Received: from unknown (HELO mgm) ([216.27.148.137]) (envelope-sender ) by mail12.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 23 Sep 2001 01:19:01 -0000 Message-ID: <01c801c143cd$c9dc4fe0$89941bd8@speakeasy.net> Reply-To: "jason" From: "jason" To: "Rob" , Cc: References: <20010921160628.5AD2337B41A@hub.freebsd.org> <3BAB66EB.2C80217B@home.com> Subject: Re: Freebsd being hacked Date: Sat, 22 Sep 2001 21:19:22 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You should first try to boot in single user mode to recover the root password. Do so by pressing any other key when you see the 10 second count down. At the prompt type: boot -S Then after the system boot up to the command prompt mount your drives with: mount -A At that point you should be able to use the passwd command. Also you should NEVER allow telnet access to the root or toor accounts (at least in my opinion). If you need root access from remote then create a regular account and add it to the wheel group. You can login and us the SU command to deal with root tasks. Also be sure that you either delete toor or set a password for it. I personally do not like the account so I delete it after install. That's the extent of my limited expertise. If you need any more help let me know. ----- Original Message ----- From: "Rob" To: Cc: Sent: Friday, September 21, 2001 12:12 PM Subject: Re: Freebsd being hacked > > ybbor@freedom.net wrote: > > > > Hello, > > > > I have a Breebsd server. It was running freebsd 3.x(not exactly sure) > > and last week somone used that telnet exploit. so i ran that patch on > > your site. then i downloaded the freebsd 4.4 iso and upgraded my > > system. > > > > Today i try to log in to my computer and i can't telnet in to it. So > > i went to the box, and i can't log in to it. on the screen it says > > there was an 'su pop to toor'. and that the kernel log was full. it > > looks like i was hacked, so i unpluged the comptuer from the network > > and now i don't know what to do. > > > > how do i log in to a comptuer if someone changed the root password and > > disabled every other account? > > > > thanks > > -Robby Ticknor > > > > ________________________________________________________________________ > > > > Protect your privacy! - Get Freedom 2.0 at http://www.freedom.net > > I'd reinstall the OS from an ISO disk. Others with more experience in > this might have a better solution. > > Rob. > -- > The Numeric Python EM Project > > www.members.home.net/europax > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message