hi all
on my freebsd 5x machines i've been using yafic as an intrusion detection utility. it
doesn't support as many algorithms as
aide or tripwire. the reason i don't use tripwire is because the 2.3x version of the
port is marked as broken on freebsd 5x.
yesterday i tried to install yafic
hello
despite having ipfilter blocking all ports except 80 21 and 22, tripwire, and scoring
99 in nmap, my website got defaced.
the box is currently unplugged. i wanted to know what is the best way to find out who
did it and how they got in, and what to do from here. tripwire shows a lot