Date: Mon, 04 Jan 1999 20:59:12 -0500 From: Malartre <malartre@aei.ca> To: Mike Alich <hostmaster@cctinc.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: HACKED & SECURITY Message-ID: <369171F0.262944AF@aei.ca> References: <36916425.10286B80@cctinc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Alich wrote: > > I am hoping you can help me... > > My server got hacked and there was no evidence in the root .history file > of there actions. I believe they have a backdoor program on the server > they run. > > I have disabled all shell login except myself. > The only inetd running is FTP and qpopper mail server. > > I only use ssh for server access > > And I have done binary file restores from the live file system cd to the > following: > /bin > /sbin > /usr/bin > /usr/sbin > /usr/libexec > > Is there any other file areas (binaries) I need to restore? > > I have run diff's on all of the above files and they are good. > > Also do you have any ideas of how they got in. I believe they have been > in for a while now. > > I really cant do a full re-install because there is too much custom work > on the server. > > Any suggestions would be appreciated. > > Thanks in advanced! > -- > Mike Alich > mike@cctinc.net > Cyber Communication Technologies, Inc. > Web Hosting and Internet Solutions. > http://www.cctinc.net > Virtual Web Hosting $14.95 per month Please send a: $ uname -a You didn't mention what version of FreeBSD. I'm not an expert, but I think Qpopper has a major security problem some week/month ago. You should upgrade to the latest version. -- [Malartre][malartre@aei.ca][http://www.aei.ca/~malartre/] [LowRent.Org is down...] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?369171F0.262944AF>