Date: Fri, 25 Oct 1996 15:55:46 -0700 From: David Greenman <dg@root.com> To: Rick Gray <rickg@nwpros.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Hackers Message-ID: <199610252255.PAA09148@root.com> In-Reply-To: Your message of "Fri, 25 Oct 1996 17:43:30 CDT." <1.5.4.32.19961025224330.00688860@nwpros.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>I believe I know what my FTP problem is. After I rebooted I noticed several >people FTPing into the system, none who are customers. Looking at the >home/FTP/pub files shows nothing but when I did a ls -a it showed a hidden >file: ../ ../stevan. This is the file the hackers are retrieving. I can't >even delete the file or change the access. I must warn everyone of this. The >users use the email name of mozilla@ for the majority. You should be able to do a: rm -rf ".*stevan*" ...but you may wish to cd to it first to see what's in it. cd ".*stevan*" should similarly work. >So somehow when these guys come into my system, it screws up FTP. I disabled >FTP in inetd until I find a solution to this problem. I was told that >FreeBSD was very secure but now someone has found a loophole somewhere, I guess. You probably need to better control the upload permissions. >So everyone do a ps ax and check to see if anyone is FTPed into your system >as mozilla. Those are the majority of hackers I saw...I guess they all use >the same name. One last thing..they were not FTPing directly to me. They "mozilla" is the standard anonymous password that Netscape uses. It's not at all unusual. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610252255.PAA09148>