Date: Thu, 5 Jul 2001 12:47:45 +0100 From: "Rob" <rob@robhulme.com> To: "Freebsd-Questions@Freebsd. Org" <freebsd-questions@FreeBSD.ORG> Subject: RE: Is my FTP hacked? Message-ID: <LPBBLIHFHEKDFLJEBFJGAEODDKAA.rob@robhulme.com> In-Reply-To: <LPBBLIHFHEKDFLJEBFJGIEOCDKAA.rob@robhulme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I think someone may have hacked into my ftp... I've got this line in my > /var/log/messages > > "Jul 5 10:03:50 www ftpd[8728]: /etc/pwd.db: No such file or > directory"... > > is there any way I can see what account they logged in as and so > on? or has > something else happened? > > I've disabled FTP for the moment.... OK - false alarm it seems... I used 'last' to track down who the user was at 10:03... I've talked to him and he said he was just uploading some files (for one of our websites)... I trust him, so I guess we weren't trying to be hacked - but what happened to cause this error? If I look at passwd.db with pico /etc/pwd.db it has what looks like a load of garbage on the first line... then: # # List of acceptable shells for chpass(1). # Ftpd will not allow users to connect who are not using # one of these shells. /bin/sh /bin/csh /nonexistent then the last line looks like a load of the usernames on the system followed by a *lot* of ÿÿÿÿÿÿÿÿÿÿÿ symbols... What is going on ? :) -Rob -------------------------------- http://www.robhulme.com http://www.christianunion.org.uk "May the forks be with us." - Blue Raja (Mystery Men) Everything you've learned in school as "obvious" becomes less and less obvious as you begin to study the universe. For example, there are no solids in the universe. There's not even a suggestion of a solid. There are no absolute continuums. There are no surfaces. There are no straight lines. ---- R. Buckminster Fuller To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LPBBLIHFHEKDFLJEBFJGAEODDKAA.rob>