From owner-freebsd-questions@FreeBSD.ORG Tue Jun 15 09:15:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41ABD16A4CF for ; Tue, 15 Jun 2004 09:15:12 +0000 (GMT) Received: from mail1.hrz.uni-bielefeld.de (mail1.hrz.uni-bielefeld.de [129.70.4.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0962D43D4C for ; Tue, 15 Jun 2004 09:15:12 +0000 (GMT) (envelope-from hhasenbe@techfak.uni-bielefeld.de) Received: from conversion-daemon.mail1.hrz.uni-bielefeld.de by mail1.hrz.uni-bielefeld.de (iPlanet Messaging Server 5.2 HotFix 1.15 (built Apr 28 2003)) id <0HZC00I01EW5GV@mail1.hrz.uni-bielefeld.de> for freebsd-questions@freebsd.org; Tue, 15 Jun 2004 11:15:02 +0200 (MEST) Received: from [129.70.78.49] ([129.70.78.49]) by mail1.hrz.uni-bielefeld.de (iPlanet Messaging Server 5.2 HotFix 1.15 (built Apr 28 2003)) with ESMTPPS id <0HZC00GVDF110G@mail1.hrz.uni-bielefeld.de>; Tue, 15 Jun 2004 11:15:02 +0200 (MEST) Date: Tue, 15 Jun 2004 11:23:26 +0200 From: Hendrik Hasenbein In-reply-to: <20040615085655.37520.qmail@web51608.mail.yahoo.com> To: Mark Jayson Alvarez Message-id: <40CEC00E.5080801@techfak.uni-bielefeld.de> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 0.6 (X11/20040527) References: <20040615085655.37520.qmail@web51608.mail.yahoo.com> cc: freebsd-questions@freebsd.org Subject: Re: Help: I think I've been hacked! what can I do?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 09:15:12 -0000 Mark Jayson Alvarez wrote: > Hi, > Last night before this morning, I was browsing fine > with kde's konqueror. I don't remember doing anything > about my system rather than dialing through ppp. This > morning, when I ppp to dial into internet... my > external modem established a successful > connection(because I can see the LED's are lightened > up the way I usually see it). > > But when I launch the konqueror and typed something > in the address bar and hit enter, it says Host> > > Next, I tried browsing through Links in my shell > but it still says Unknown Host. I even rebooted my > machine and tried dialing again.. but still says > whichever browser I use. > > I've tried to ping 127.0.0.1 and it replied. I've > tried to ping http://www.google.com but it says there > was an error. Does the error looks like that: ping: cannot resolve www.google.de: Unknown host > I've type ifconfig in the shell and it returned > something like 198.0.2...---->198.3.4...(just an > example) at the bottom which indicates that I have a > successful connection with my isp and they have > provided me with a public ip address. > > > I'm sending this email to you from Windows and I'm > pretty sure that my external modem is working fine. > > > Question: > Do you have any idea what could have happened with my > pc? I honestly think that I've been hacked and I am > being denied of service. Now, I only have one thing in > my mind... to back up my files and reformat my freebsd > partition. It could be a DNS issue. Can you try to ping 69.57.142.26, 66.35.250.150, 216.239.37.99, 216.239.57.99 or 216.239.39.99? If you get a reply, try to enter them into your browser. If that works, try to get the DNS server address under windows and enter it in /etc/resolv.conf > If you know something better than formatting my pc, > please tell me where should I begin... > > One last thing... > Other than those of recovered vi sessions, I can > read some unusual mails about system occurances etc.. > when I logged in as a root(but I dont know what they > really mean) > Looking forward to your kindness, > -jay :=( Hendrik