From owner-freebsd-isp Fri Oct 25 18:34:25 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id SAA13674 for isp-outgoing; Fri, 25 Oct 1996 18:34:25 -0700 (PDT) Received: from mail.webspan.net (mail.webspan.net [206.154.70.7]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA13526 for ; Fri, 25 Oct 1996 18:34:16 -0700 (PDT) Received: from orion.webspan.net (orion.webspan.net [206.154.70.5]) by mail.webspan.net (8.7.5/8.7.3) with ESMTP id VAA00995; Fri, 25 Oct 1996 21:33:30 -0400 (EDT) Received: from orion.webspan.net (localhost [127.0.0.1]) by orion.webspan.net (8.7.5/8.7.3) with ESMTP id VAA18340; Fri, 25 Oct 1996 21:31:50 -0400 (EDT) To: Rick Gray cc: freebsd-isp@FreeBSD.ORG From: "Gary Palmer" Subject: Re: Hackers In-reply-to: Your message of "Fri, 25 Oct 1996 17:43:30 CDT." <1.5.4.32.19961025224330.00688860@nwpros.com> Date: Fri, 25 Oct 1996 21:31:50 -0400 Message-ID: <18338.846293510@orion.webspan.net> Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Rick Gray wrote in message ID <1.5.4.32.19961025224330.00688860@nwpros.com>: > I believe I know what my FTP problem is. After I rebooted I noticed several > people FTPing into the system, none who are customers. Looking at the > home/FTP/pub files shows nothing but when I did a ls -a it showed a hidden > file: ../ ../stevan. This is the file the hackers are retrieving. I can't > even delete the file or change the access. I must warn everyone of this. The > users use the email name of mozilla@ for the majority. `mozilla' is the ID used by the netscape browser (read the README in the Netscape tar.gz if you don't believe me) Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info