From owner-freebsd-questions  Wed Jun 23  4:20: 2 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13])
	by hub.freebsd.org (Postfix) with ESMTP id 088DA1503E
	for <questions@FreeBSD.ORG>; Wed, 23 Jun 1999 04:20:00 -0700 (PDT)
	(envelope-from shovey@buffnet.net)
Received: from buffnet11.buffnet.net (buffnet11.buffnet.net [205.246.19.55])
	by buffnet4.buffnet.net (8.8.7/8.8.7) with ESMTP id HAA14349;
	Wed, 23 Jun 1999 07:19:57 -0400 (EDT)
	(envelope-from shovey@buffnet.net)
Date: Wed, 23 Jun 1999 07:19:57 -0400 (EDT)
From: Steve Hovey <shovey@buffnet.net>
To: Jerry Raynor <jerryr@ComCAT.COM>
Cc: questions@FreeBSD.ORG
Subject: Re: HELP HACKER!!!
In-Reply-To: <Pine.GSO.4.02A.9906222003440.7244-100000@uw>
Message-ID: <Pine.BSF.4.05.9906230718570.13422-100000@buffnet11.buffnet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


They likely put in some suid program changes to get root again, using a
regular account or other means, without  having to know root password.

You are best off reinstalling freebsd, and then reinstalling your
applications (and/or doing a tape restore - being sure NOT to restore any
system or suid root programs)

On Tue, 22 Jun 1999, Jerry Raynor wrote:

> I caught someone who had just got in and setup a user account!!  hwo di I
> find out how they got it????  This is my first encounter with this, what
> steps should I take??  Thanks!!  I'm useing FreeBSD-2.2.5-R  I've changed
> my password and root's password already
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message