Date: Wed, 01 May 2002 09:22:45 -0400 From: Moti <moti@flncs.com> To: pmcgarvey@vianetworks.co.uk Cc: freebsd-security@freebsd.org Subject: Re: newbie. possibly got hacked. need help. Message-ID: <5.1.0.14.2.20020501092030.00a983e8@imap.flncs.com> In-Reply-To: <E172oa7-000AaY-00@pooh.noc.u-net.net> References: <20020501044517.GF688@elvis.mu.org> <F26PHDXE2sCRBHZXFZ00000c2f7@hotmail.com> <20020430232953.A72277@mail.texas-shooters.com> <20020501044517.GF688@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:31 AM 5/1/2002 +0100, Peter McGarvey wrote: >On Wednesday 01 May 2002 05:45 am, Bill Fumerola wrote: >> On Tue, Apr 30, 2002 at 11:29:53PM -0500, pr0ject wrote: >> > hate to say it, but if you've removed something huge or you have a >> > runaway process holding the memory space, you might try rebooting. >> >> rebooting? stay away from my systems. try just installing 'lsof' (in a >> ports collection near your) and see whats holding open the file. > >Hmm, installing a port whem /var is full does not strike me as a good idea. > >I've seen a similar thing twice, turns out qmail goes haywire if you've >got softupdates turned on. The only way to fix it is to reboot into >single-user mode and fsck the disk. Remembering to turn softupdates off >when it's finished. > >Another fun way to fill a volume is to delete a log file. Syslog will >happily backfill your volume without complaint until you HUP or restart it. > >-- >TTFN, FNORD > >Peter McGarvey >System Administrator >Network Operations, VIA Networks UK > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message looks like you've been pub scanned and someone uploaded warez to your ftp directory .... are you sure anonymous access is disabled ? i would check anyone delete the files under /var/ftp and run fsck if df still reports file systems full ! if you dont have to , dont use ftp , use ssh and scp for file copy and http to share them . ( in my opinion of course ) Moti To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20020501092030.00a983e8>