Date: Mon, 15 Feb 2010 02:13:45 -0800 (PST) From: "Dr. Jennifer Nussbaum" <bg271828@yahoo.com> To: freebsd-questions@freebsd.org Subject: Cleaning up after attack? Message-ID: <556594.6744.qm@web53507.mail.re2.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi. I have an up-to-date FreeBSD 7.2 box that has been compromised. Someone aparently got in to an account with certain admin priveleges and has been
sending spam.
I disabled the account, shut off my MTA and used pf to block all traffic to port 25 out for good measure.
How do i analyse what might have happened and what has been installed?
Andis there anything to do other than rebuild the entire system to ensure that its clean?
Thanks.
Jen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?556594.6744.qm>