Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Nov 2005 17:58:04 +0100
From:      Johan Berg <johan@ircnet.se>
To:        Mark Jayson Alvarez <jay2xra@yahoo.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Need urgent help regarding security
Message-ID:  <FE4A7F05-6522-4C47-9044-4A4B11E47A95@ircnet.se>
In-Reply-To: <20051117012552.46503.qmail@web51607.mail.yahoo.com>
References:  <20051117012552.46503.qmail@web51607.mail.yahoo.com>
index | next in thread | previous in thread | raw e-mail 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Check the system with rkhunter to see if there were any changes to  
some files or any known rootkit installed.
You can find rkhunter in /usr/ports/security/rkhunter

Try to the following:

rkhunter --update && rkhunter --checkall


17 nov 2005 kl. 02.25 Mark Jayson Alvarez wrote:

> Good Day!
>
> I think we have a serious problem. One of our old
> server running FreeBSD 4.9 have been compromised and
> is now connected to an ircd server..
> 195.204.1.132.6667     ESTABLISHED
>
> However, we still haven't brought the server down in
> an attempt to track the intruder down. Right now we
> are clueless as to what we need to do..
> Most of our servers are running legacy operating
> systems(old versions mostly freebsd) Also, that
> particular server is running - ProFTPD Version 1.2.4
> which someone have suggested to have a known
> vulnerability..
>
> I really need all the help I can get as the
> administration of those servers where just transferred
> to us by former admins. The server is used for ftp.
>
> Thanks..
>
>
> 	
> 		
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security- 
> unsubscribe@freebsd.org"

     -- Johan Berg



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iD8DBQFDfLapSVaw+q1ufCYRAh7BAJ93lVecTx72JQnY8IiW3L5D8ineMwCfTZbm
dY+/9ukhbXIF9r/5krcxSZ4=
=sjjs
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FE4A7F05-6522-4C47-9044-4A4B11E47A95>