Date: Mon, 27 Jun 2005 16:58:40 -0400 (EDT) From: "Mike Jakubik" <mikej@rogers.com> To: "Oleg Rusanov" <freebsd-amd64@molecon.ru> Cc: freebsd-amd64@freebsd.org Subject: Re: 'sh -i' My server was hacked. How can i found hole on my server? Message-ID: <1952.172.16.0.199.1119905920.squirrel@172.16.0.1> In-Reply-To: <1525910592.20050627141014@molecon.ru> References: <1525910592.20050627141014@molecon.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, June 27, 2005 6:10 am, Oleg Rusanov said: > Hello. > > > My server was hacked. The CPU has been loaded on 99 % by "sh -i" process. > I found out that someone has started phpshell through a hole in one of > phpbb forums. Also has filled in scripts for flud and spam and "vadim > script" in "/tmp". I has made it noexec. Recently has found out the same > process. May be i have left again /tmp opened, or other hole may be. > What is better to do for clean my system? And what does this have to do with the amd64 mailing list? Try questions instead.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1952.172.16.0.199.1119905920.squirrel>