From owner-freebsd-questions@FreeBSD.ORG Tue Aug 25 10:47:09 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 945FC106568D for ; Tue, 25 Aug 2009 10:47:09 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 6B8168FC21 for ; Tue, 25 Aug 2009 10:47:09 +0000 (UTC) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1MftYD-0000Dg-RB for freebsd-questions@freebsd.org; Tue, 25 Aug 2009 03:46:53 -0700 Message-ID: <25132123.post@talk.nabble.com> Date: Tue, 25 Aug 2009 03:46:43 -0700 (PDT) From: Colin Brace To: freebsd-questions@freebsd.org In-Reply-To: <200908251027.n7PARZBt009994@banyan.cs.ait.ac.th> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: cb@lim.nl References: <4A924601.3000507@lim.nl> <200908240807.n7O87o3U092052@banyan.cs.ait.ac.th> <200908241026.55693.j.mckeown@ru.ac.za> <25130058.post@talk.nabble.com> <20090825091937.GA53416@cheddar.urgle.com> <25131646.post@talk.nabble.com> <200908251027.n7PARZBt009994@banyan.cs.ait.ac.th> Subject: Re: what www perl script is running? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2009 10:47:09 -0000 Olivier Nicole wrote: > >> Am I correct in assuming that my system has been hacked and I am running >> an >> IRC server or something? > > IRC client at least. And yes, I would think that your system has been > compromised. > Thanks Olivier. I am currently killing the process with the following bash command while I decide what to do next: $ while x=1 ; do sudo killall -9 perl5.8.9 && echo "killed..." ; sleep 15; done I suppose this calls for a "bare-metal" reinstall. Is it worth first trying to determine how my system was broken into? ----- Colin Brace Amsterdam http://lim.nl -- View this message in context: http://www.nabble.com/what-www-perl-script-is-running--tp25112050p25132123.html Sent from the freebsd-questions mailing list archive at Nabble.com.