Date: Fri, 25 Oct 1996 17:43:30 -0500 From: Rick Gray <rickg@nwpros.com> To: freebsd-isp@freebsd.org Subject: Hackers Message-ID: <1.5.4.32.19961025224330.00688860@nwpros.com>
next in thread | raw e-mail | index | archive | help
I believe I know what my FTP problem is. After I rebooted I noticed several people FTPing into the system, none who are customers. Looking at the home/FTP/pub files shows nothing but when I did a ls -a it showed a hidden file: ../ ../stevan. This is the file the hackers are retrieving. I can't even delete the file or change the access. I must warn everyone of this. The users use the email name of mozilla@ for the majority. So somehow when these guys come into my system, it screws up FTP. I disabled FTP in inetd until I find a solution to this problem. I was told that FreeBSD was very secure but now someone has found a loophole somewhere, I guess. Is there a way to deny these hackers access but allow my customers access? Again, I am using wu_ftp and tcp_wrappers on my 2.0 system. I don't know how to stop them other than not run FTP which of course is not acceptable. So everyone do a ps ax and check to see if anyone is FTPed into your system as mozilla. Those are the majority of hackers I saw...I guess they all use the same name. One last thing..they were not FTPing directly to me. They were going through other machines to cover their tracks. I informed one company of the problem but said they can't help since this person was not a customer. I found that strange. They whould be able to see someoneusing their system too. I hope I have warned enough of you. If you have a solution to my/our problem, PLEASE let me know. I use FTP quite a bit along with seeveral of my customers. Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1.5.4.32.19961025224330.00688860>