From owner-freebsd-questions  Fri Mar 15 10:03:23 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id KAA15974
          for questions-outgoing; Fri, 15 Mar 1996 10:03:23 -0800 (PST)
Received: from riley-net170-164.uoregon.edu (riley-net170-164.uoregon.edu [128.223.170.164])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id KAA15969
          for <questions@freebsd.org>; Fri, 15 Mar 1996 10:03:21 -0800 (PST)
Received: (from dwhite@localhost) by riley-net170-164.uoregon.edu (8.6.12/8.6.12) id JAA04512; Fri, 15 Mar 1996 09:57:58 -0800
Date: Fri, 15 Mar 1996 09:57:58 -0800 (PST)
From: Doug White <dwhite@riley-net170-164.uoregon.edu>
Reply-To: dwhite@resnet.uoregon.edu
To: Dale Benzer <dale@fifth-avenue.com>
cc: questions@freebsd.org
Subject: Re: Attack! Need Help!
In-Reply-To: <Pine.BSF.3.91.950410053546.15432A-100000@fifth-avenue.com>
Message-ID: <Pine.BSF.3.91.960315095442.4386A-100000@riley-net170-164.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 10 Apr 1995, Dale Benzer wrote:

> I think I've just been attacked...My second server (the www server) won't 
> answer to any logins including root. I habe a BSD boot floppy (I'm 
> running 2,1) but am afraid to use without help.

What do you mean by "answering to logins"?  

You're probably going to have to control-alt-del it, boot to single user 
mode, mount /usr and /, and edit the password file with vipw to remove 
root's passwd, reboot, and change root's password.

I also suggest looking into comp.security.unix and getting some tips from 
their FAQ.  O'Reilly has a new edition of one of their security books 
coming out that may be of use.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major