From owner-freebsd-questions Tue Jun 22 17:44: 9 1999 Delivered-To: freebsd-questions@freebsd.org Received: from student.lssu.edu (student.lssu.edu [198.110.216.219]) by hub.freebsd.org (Postfix) with ESMTP id 1A23F156CC for ; Tue, 22 Jun 1999 17:44:02 -0700 (PDT) (envelope-from pe@student.lssu.edu) Received: from localhost (pe@localhost) by student.lssu.edu (8.9.3/8.9.3) with ESMTP id UAA07859; Tue, 22 Jun 1999 20:44:41 -0400 (EDT) Date: Tue, 22 Jun 1999 20:44:40 -0400 (EDT) From: "System Admin." To: Jerry Raynor Cc: questions@FreeBSD.ORG Subject: Re: HELP HACKER!!! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, you can start at looking all in the log files, the current log files and past (the backups). Search for binary files that has been modified lately. You can check on your software version such as wu-ftpd, sendmail, pop, imap, statd, and etc. Also take a look at www.cert.org. Good Luck. HTH pe' ------------------------------ UNIX System Admin. Distributed Computing Services Lake Superior State University 650 W. Easterday Ave. Sault Ste. Marie. MI 49783 USA. ------------------------------ On Tue, 22 Jun 1999, Jerry Raynor wrote: > I caught someone who had just got in and setup a user account!! hwo di I > find out how they got it???? This is my first encounter with this, what > steps should I take?? Thanks!! I'm useing FreeBSD-2.2.5-R I've changed > my password and root's password already > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message