I don't have bsdstats or similar that I'm aware of installed, so this
smells bad:
Firewall is showing repeated attempts from your FreeBSD machine to
connect to port 25 (standard SMTP mail port) on a server in Belgium. This
implies something on your system is trying to send mail out.
[14/Apr/2010
Hi--
On Apr 14, 2010, at 3:56 PM, Steve Franks wrote:
I don't have bsdstats or similar that I'm aware of installed, so this
smells bad:
Firewall is showing repeated attempts from your FreeBSD machine to
connect to port 25 (standard SMTP mail port) on a server in Belgium. This
implies
sniffing around as far as what got put on my box?
Steve
I've seen hacked boxes due to insecure services offered to the
public Internet have scripts or binaries in globally writable
directories, such as /tmp and/or /var/tmp
___
freebsd-questions
On 2010.04.14 18:56, Steve Franks wrote:
I don't have bsdstats or similar that I'm aware of installed, so this
smells bad:
You have an incredibly poor sense of smell.
Firewall is showing repeated attempts from your FreeBSD machine to
connect to port 25 (standard SMTP mail port) on a server
On 15/04/10 00:56, Steve Franks wrote:
I don't have bsdstats or similar that I'm aware of installed, so this
smells bad:
Firewall is showing repeated attempts from your FreeBSD machine to
connect to port 25 (standard SMTP mail port) on a server in Belgium. This
implies something on your system
My server installation of FreeBSD 6.3 is hacked and I am trying to find out how
they managed to get into my Apache 2.0.61.
This is what I see in my http error log:
[Mon Sep 21 02:00:01 2009] [notice] caught SIGTERM, shutting down
[Mon Sep 21 02:00:14 2009] [notice] Apache/2.0.61 (FreeBSD) PHP
Aflatoon Aflatooni escreveu:
My server installation of FreeBSD 6.3 is hacked and I am trying to find out how they managed to get into my Apache 2.0.61.
This is what I see in my http error log:
[Mon Sep 21 02:00:01 2009] [notice] caught SIGTERM, shutting down
[Mon Sep 21 02:00:14 2009] [notice
On Tue, 2009-09-22 at 05:01 -0700, Aflatoon Aflatooni wrote:
My server installation of FreeBSD 6.3 is hacked and I am trying to find out
how they managed to get into my Apache 2.0.61.
This is what I see in my http error log:
[Mon Sep 21 02:00:01 2009] [notice] caught SIGTERM, shutting
aaflato...@yahoo.com
Cc: freebsd-questions@freebsd.org
Sent: Tuesday, September 22, 2009 8:51:05 AM
Subject: Re: FreeBSD 6.3 installation hacked
Aflatoon Aflatooni escreveu:
My server installation of FreeBSD 6.3 is hacked and I am trying to find out
how they managed to get into my Apache 2.0.61
Aflatoon Aflatooni escreveu:
I found a script in /tmp directory which could have been uploaded using php or
Java.
How would they execute the code in /tmp directory?
Thanks
You can execute files from scripts or from apache itself when they are
scripts.
There are several
Im running FBSD 5.4 as a web server the server is behind a cisco firewall
/router and the server has alot of CMS jumila / mambo sites on it. I noticed
that when i ran sockstat i was seeing multiple IPs connected to high ports on
the server with a process id of psybnc . Did some looking around
Am Samstag 11 August 2007 13:20:31 schrieb Brent:
Im running FBSD 5.4 as a web server the server is behind a cisco firewall
/router and the server has alot of CMS jumila / mambo sites on it. I
noticed that when i ran sockstat i was seeing multiple IPs connected to
high ports on the server with
: Re: server was hacked
Am Samstag 11 August 2007 13:20:31 schrieb Brent:
Im running FBSD 5.4 as a web server the server is behind a cisco firewall
/router and the server has alot of CMS jumila / mambo sites on it. I
noticed that when i ran sockstat i was seeing multiple IPs connected to
high
Brent wrote:
, HOw excatly are they getting in ?
what are the things I can do to prevent this. On FBSD how do you checksum
binaries on the system to ensure someone hasnt replaced one with there own
binary.
Do yourself a favor and buy the book
BSD Hacks
by
Dru Lavigne
O'Reilly Media
ISBN
On Sat, 11 Aug 2007 13:54:29 +0200
Heiko Wundram (Beenic) [EMAIL PROTECTED] wrote:
On FBSD how do you checksum binaries on the system to ensure someone hasnt
replaced one with there own binary.
Install security/tripwire and configure properly.
Note that tripwire isn't the only option.
On Sat, Aug 11, 2007 at 07:20:31AM -0400, Brent wrote:
a compromised mambo site. after getting rid of the program I changed
our router to disallow this type of traffic.. started trying to fix
the box. Im pretty sure that root wasnt compromised but im going to
re-install anyway. my question has
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent
Sent: August 11, 2007 7:21 AM
To: [EMAIL PROTECTED]
Subject: server was hacked
Im running FBSD 5.4 as a web server the server is behind a
cisco firewall /router and the server has alot
or
as the hacked user:
- $HOME/ /psybnc/psybnc 'ELF binary type 0 not known.' (note:
this is with 'linux.ko' loaded)
That means that this (linux?) file is not branded.
You may test it with 'brandelf the_file'. The (binary!) file should
be branded as 'Linux' to let the FreeBSD system run
interesting, but the major drop in attempts has
me more worried than the attempts (could this drop off be because they
no longer need to hack me? Could they have hacked me an that be the
reason why?)
How worried should I be, and what's the best recourse for this?
Thanks,
-Jim Stapleton
ssh server. It's interesting, but the major drop in attempts has
me more worried than the attempts (could this drop off be because they
no longer need to hack me? Could they have hacked me an that be the
reason why?)
How worried should I be, and what's the best recourse for this?
On a system I
I have DSA. I will change it to a nonstandard port, but I was
wondering what your oppinion on a good way to check if this is the
result of me being hacked, or just someone loosing interest.
On 4/14/07, Gabor Kovesdan [EMAIL PROTECTED] wrote:
Jim Stapleton schrieb:
Once I opened up SSH
of blatant/brute-force attempt
at my ssh server. It's interesting, but the major drop in attempts has
me more worried than the attempts (could this drop off be because they
no longer need to hack me? Could they have hacked me an that be the
reason why?)
How worried should I be, and what's
Jim Stapleton schrieb:
I have DSA. I will change it to a nonstandard port, but I was
wondering what your oppinion on a good way to check if this is the
result of me being hacked, or just someone loosing interest.
Well, I think the latter. If you have an up-to-date system with
up-to-date
Jim Stapleton wrote:
I have DSA. I will change it to a nonstandard port, but I was
wondering what your oppinion on a good way to check if this is the
result of me being hacked, or just someone loosing interest.
If you are hacked, then something might or might not be going on your
system
server didn't show any compatibility files up. (In particular, no '
linux.ko'; I have loaded that module on the qemu version to see if I could
get further.)
- In my qemu freeBSD, under the jail, neither program runs either as root or
as the hacked user:
- $HOME/ /psybnc/psybnc 'ELF binary
only seen one set of blatant/brute-force attempt
at my ssh server. It's interesting, but the major drop in attempts has
me more worried than the attempts (could this drop off be because they
no longer need to hack me? Could they have hacked me an that be the
reason why?)
How worried should I
. (In particular, no '
linux.ko'; I have loaded that module on the qemu version to see if I could
get further.)
- In my qemu freeBSD, under the jail, neither program runs either as root or
as the hacked user:
- $HOME/ /psybnc/psybnc 'ELF binary type 0 not known.' (note:
this is with 'linux.ko
A customer of mine recently had their web site hacked and the index file
defaced by Milli-Harekat...
http://www.zone-h.org/en/search/what=Milli-Harekat.Org/
Does anyone know the exploit used for this and where to find out about
fixing it? I have a feeling it's a brute force attack of some sort
Don O'Neil wrote:
A customer of mine recently had their web site hacked and the index file
defaced by Milli-Harekat...
http://www.zone-h.org/en/search/what=Milli-Harekat.Org/
Does anyone know the exploit used for this and where to find out about
fixing it? I have a feeling it's a brute force
Don O'Neil wrote:
A customer of mine recently had their web site hacked and the index file
defaced by Milli-Harekat...
http://www.zone-h.org/en/search/what=Milli-Harekat.Org/
Does anyone know the exploit used for this and where to find out about
fixing it? I have a feeling it's a brute force
Frank Steinborn wrote on 30-04-2006 22:58:
boink wrote:
Dear FreeBSD,
I see outbound packets from udp/55613, one every 5 seconds, to a
single non-routable (10) IP, with destination port increasing by 1
with each packet, with expected ICMP Destination net unreachables from
an
Dear FreeBSD,
I see outbound packets from udp/55613, one every 5 seconds, to a
single non-routable (10) IP, with destination port increasing by 1
with each packet, with expected ICMP Destination net unreachables from
an upstream router.
AFAIK, there's no reason for this and I don't like it
boink wrote:
Dear FreeBSD,
I see outbound packets from udp/55613, one every 5 seconds, to a
single non-routable (10) IP, with destination port increasing by 1
with each packet, with expected ICMP Destination net unreachables from
an upstream router.
AFAIK, there's no reason for this
At 01:52 PM 4/30/2006, boink wrote:
Dear FreeBSD,
I see outbound packets from udp/55613, one every 5 seconds, to a
single non-routable (10) IP, with destination port increasing by 1
with each packet, with expected ICMP Destination net unreachables from
an upstream router.
AFAIK, there's no
)
When I used my FreeBSD gateway as an smtp server to convince myself I had
been hacked, the smtp connection was somehow redirected to one of my
institution's mail servers (or at least that's what gmail's mail headers are
saying). Funny enough the same trick no longer works today, but then they're
server to convince myself I had
been hacked, the smtp connection was somehow redirected to one of my
institution's mail servers (or at least that's what gmail's mail headers are
saying). Funny enough the same trick no longer works today, but then they're
currently upgrading lots of stuff around here
On Tuesday 17 January 2006 19:27, Micheal Patterson pondered:
The 1663 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
80/tcp open http
554/tcp open rtsp
1755/tcp open wms
5190/tcp open aol
Kilian, what does a sockstat show you on those systems
On Wed, Jan 18, 2006 at 11:29:38AM +0200, Kilian Hagemann wrote:
On Tuesday 17 January 2006 19:27, Micheal Patterson pondered:
The 1663 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
80/tcp open http
554/tcp open rtsp
1755/tcp open wms
On Wednesday 18 January 2006 14:34, Ken Stevenson pondered:
Is there any chance you have a router that's forwarding the ports
in question to another computer?
Not that I know of. The setup is quite simple:
wireless ethernet(PPPoE) ethernet
On Wed, Jan 18, 2006 at 03:56:32PM +0200, Kilian Hagemann wrote:
I have never even heard of frox before, but after some googling
it turns out that it's a GPL'ed transparent ftp proxy...
Where's it pointing?
Also, I said smtp ports were open on the machines in question, I
just verified that I
Also, I said smtp ports were open on the machines in question, I just verified
that I can send emails via BOTH these systems even though no
sendmail/exim/whatever was ever installed by me and sendmail_enable=None on
both.
For what it's worth, to disable senmail on 5.0 and later, you need:
sendmail_enable=NONE would do the same as all that other crap mentioned
i find it a waste of time trying to figure out how a hacker got in just
format the machine reinstall freebsd and secure the box up a bit and try
updating it when vulnerabilitie are out. And this shouldnt happen again
Also, I
On Wednesday 18 January 2006 16:25, Will Maier pondered:
On Wed, Jan 18, 2006 at 03:56:32PM +0200, Kilian Hagemann wrote:
I have never even heard of frox before, but after some googling
it turns out that it's a GPL'ed transparent ftp proxy...
Where's it pointing?
No idea, I only went as
On Wednesday 18 January 2006 17:13, [EMAIL PROTECTED] pondered:
sendmail_enable=NONE would do the same as all that other crap mentioned
i find it a waste of time trying to figure out how a hacker got in just
format the machine reinstall freebsd and secure the box up a bit and try
updating it
On Wed, Jan 18, 2006 at 05:38:50PM +0200, Kilian Hagemann wrote:
On Wednesday 18 January 2006 16:25, Will Maier pondered:
On Wed, Jan 18, 2006 at 03:56:32PM +0200, Kilian Hagemann wrote:
I have never even heard of frox before, but after some
googling it turns out that it's a GPL'ed
them.
So, have I been hacked and rootkitted? Or is nmap simply lying to me?
I've been subscribed to freebsd-announce and thus seen all SA's to date, but
none of them are relevant to any of my setups.
--
Kilian Hagemann
Climate Systems Analysis Group
University of Cape Town
Republic of South
:1-65535 or
netstat). I also haven't noticed any abnormal traffic volumes originating
from them.
So, have I been hacked and rootkitted? Or is nmap simply lying to me?
I've been subscribed to freebsd-announce and thus seen all SA's to date, but
none of them are relevant to any of my setups
- Original Message -
From: Kilian Hagemann [EMAIL PROTECTED]
To: freebsd-questions@freebsd.org
Sent: Tuesday, January 17, 2006 11:07 AM
Subject: Have I been hacked or is nmap wrong?
Hi there,
I'm managing two FreeBSD based gateways, one running 5.2.1-RELEASE and the
other 5.3
When I am in that same position as a rule I tell the customer
that I would assume the system was rooted.
The reason is that all of the times I've been called in on
this type of job it has been because the previous admin was
fired and they wanted to make sure he wasn't getting back
in remotely
The person who set the system up did not leave on bad terms.
However, before taking the system down and setting it up
from scratch (and charging them to do so) I'd like to know
if anyone is aware of whether what I saw is common on boxes
that have been rooted. Is that shutdown entry cause for
deliberately or inadvertently leave a back
door,
that is their decision to make.
Ted
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Brett Glass
Sent: Sunday, July 10, 2005 11:26 AM
To: Ted Mittelstaedt; [EMAIL PROTECTED]
Subject: RE: Has this box been hacked
]
[mailto:[EMAIL PROTECTED] Behalf Of Brett Glass
Sent: Wednesday, July 06, 2005 9:42 AM
To: [EMAIL PROTECTED]
Subject: Has this box been hacked?
A client had a network problem, and I wanted to make sure that
his FreeBSD 4.11
router wasn't the cause of it, so I rebooted it. I then did a
last
At 05:32 PM 7/7/2005, J65nko BSD wrote:
If you would have installed something like tripwire or aide, you would have
been in a better position to find out whether the box has been owned.
I didn't build the machine.
--Brett Glass
___
, 2005 9:42 AM
To: [EMAIL PROTECTED]
Subject: Has this box been hacked?
A client had a network problem, and I wanted to make sure that
his FreeBSD 4.11
router wasn't the cause of it, so I rebooted it. I then did a
last command
and saw the following:
root ttyv0
On 7/6/05, Brett Glass [EMAIL PROTECTED] wrote:
A client had a network problem, and I wanted to make sure that his FreeBSD
4.11
router wasn't the cause of it, so I rebooted it. I then did a last
command
and saw the following:
root ttyv0 Tue Jul 5 12:01 - 12:05 (00:04)
admin ttyp0
A client had a network problem, and I wanted to make sure that his FreeBSD 4.11
router wasn't the cause of it, so I rebooted it. I then did a last command
and saw the following:
root ttyv0 Tue Jul 5 12:01 - 12:05 (00:04)
adminttyp0localhost
: Has this box been hacked?
A client had a network problem, and I wanted to make sure that
his FreeBSD 4.11
router wasn't the cause of it, so I rebooted it. I then did a
last command
and saw the following:
root ttyv0 Tue Jul 5 12:01 -
12:05 (00:04)
admin
Hi all,
I'm using freebsd 4.10 on my laptop and I was browsing
my filesystem and looking at some log files, when I
stumbled into the file dmesg.yesterday in /var/log/
The contents of this file worried me. Take a look at
the last lines of it:
Connection attempt to TCP 192.168.1.101:5554 from
:1026 from
222.88.173.5:31889
Connection attempt to TCP 192.168.1.101:9898 from
67.1.4.194:3161 flags:0x02
These merely indicate connection *attempts*, not actual successful
connections to your machine. They don't mean you've been hacked.
But my IP on this machine starts with 130.
But I
that I've been hacked and I am
being denied of service. Now, I only have one thing in
my mind... to back up my files and reformat my freebsd
partition.
If you know something better than formatting my pc,
please tell me where should I begin...
One last thing...
Other than those of recovered vi sessions
is working fine.
Question:
Do you have any idea what could have happened with my
pc? I honestly think that I've been hacked and I am
being denied of service. Now, I only have one thing in
my mind... to back up my files and reformat my freebsd
partition.
It could be a DNS issue. Can you try to ping
Out of the ether, Mark Jayson Alvarez spewed forth the following bitstream:
But when I launch the konqueror and typed something
in the address bar and hit enter, it says Unknown
Host
Google, CNN, and a bunch of Akamized services were (are?) having problems
this morning.
Please try your
On Wed, Apr 14, 2004 at 12:29:19PM -0700, Mike wrote:
Well... I installed and ran chkrootkit. And the output shows that:
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `date'... INFECTED
Checking `ls'... INFECTED
Checking `ps'... INFECTED
No rootkits were found.
Hello,
thanks for the info :), that explains why my 4.9-STABLE was not infected
and 4.10-BETA shows false positives..
But I am still bit unsure why my 5.2.1-RELEASE-p4 (not mentioning one false
positive) stops while checking lkm..
Cheers,
Martin
On Thu, Apr 15,
Hi,
I`m running FreeBSD 5.2.1-p4, I`ve just installed new version of
chkrootkit 0.43 from freshports, and report follows:
Checking `date'... INFECTED
Checking `lkm'... You have 115 process hidden for readdir command
You have23 process hidden for ps command
Warning: Possible LKM Trojan
On Wed, Apr 14, 2004 at 12:51:06AM -0400, dave wrote:
Hello,
Wondering if a system on my network has been hacked? At approx 12:30
this evening the hard disk went crazy, i have been out of town lately and
have not checked any of the machines, when i did the CPU usage was at 15%
which
Hi,
Sorry i should have specified, that's a 4.9 box, with the latest patches
and ports.
Thanks.
Dave.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
...
When i got the daily run
output i noticed the setuid files have changed. Wondering if this box got
hacked and if so where to look to confirm this?
...
Checking setuid files and devices:
ls: Terminated
: No such file or directory
guardian.davemehler.net setuid diffs
Dan Strick wrote:
...
When i got the daily run
output i noticed the setuid files have changed. Wondering if this box got
hacked and if so where to look to confirm this?
...
Checking setuid files and devices:
ls: Terminated
: No such file or directory
guardian.davemehler.net setuid diffs
On Apr 14, 2004, at 1:47 AM, Luke Kearney wrote:
On Wed, 14 Apr 2004 00:51:06 -0400
dave [EMAIL PROTECTED] granted us these pearls of wisdom:
Hello,
Wondering if a system on my network has been hacked? At approx
12:30
this evening the hard disk went crazy, i have been out of town lately
dave wrote:
Hello,
Wondering if a system on my network has been hacked? At approx 12:30
this evening the hard disk went crazy, i have been out of town lately and
have not checked any of the machines, when i did the CPU usage was at 15%
which on this machine it never gets above 1 maybe 1.5. So
Clint Gilders wrote:
dave wrote:
Hello,
Wondering if a system on my network has been hacked? At approx 12:30
this evening the hard disk went crazy, i have been out of town lately and
have not checked any of the machines, when i did the CPU usage was at 15%
which on this machine it never gets
I had someone get into one of my machines when I stupidly left telnet
running and an email from the system much like yours was what first
alerted me to it. The kiddie had installed a new ls which didn't
allow any switches. I imagine '-l' is needed for the suid check, so
it fails and
Clint,
I think you misread my message. Did moving all the accounts and
reinstalling imply that I didn't do a reinstall? I simply copied over
known original programs so I could make my backup and do some postmortem
before reinstalling the system. As you say, who knows what other
program
On Wednesday 14 April 2004 09:48, Remko Lodder wrote:
Dan Strick wrote:
...
When i got the daily run
output i noticed the setuid files have changed. Wondering if this box got
hacked and if so where to look to confirm this?
...
Checking setuid files and devices:
ls: Terminated
* Luke Kearney [EMAIL PROTECTED] [0459 06:59]:
On Wed, 14 Apr 2004 00:51:06 -0400
dave [EMAIL PROTECTED] granted us these pearls of wisdom:
Hello,
Wondering if a system on my network has been hacked?
ls: Terminated
: No such file or directory
guardian.davemehler.net setuid
Hello everyone,
Ok, i am almost certain i've been hacked now. I just checked the system
for some strange accounts or things i didn't recognize. I didn't see
anything in /etc/passwd, /etc/group, /etc/master.passwd, and so forth. I
however ran chkrootkit and got two very disturbing errors
On Wed, Apr 14, 2004 at 04:08:08PM +, Daniela wrote:
[ size of the /bin/rcp executable ]
That needn't be the case. Mine is 932532 bytes long (and it was already that
size after a fresh reinstall).
And why? Debug symbols. I love to have them everywhere.
Try to strip the file, and it will
Greetings:
My test system:
FreeBSD 4.9-stable
Pentium III 800
I read an earlier post about using chkrootkit to check for root kits
(intrusions). I'm still learning about FreeBSD so I thought I would run
this too.
Well... I installed and ran chkrootkit. And the output shows that:
Checking
On Wed, Apr 14, 2004, Mike clacked the keyboard to produce:
Greetings:
My test system:
FreeBSD 4.9-stable
Pentium III 800
I read an earlier post about using chkrootkit to check for root kits
(intrusions). I'm still learning about FreeBSD so I thought I would run
this too.
Well...
Jeff Maxwell wrote:
upgrade your ports. The chkrootkit that ships with 4.9 gives false
positives
Jeff:
Thanks for the tip.
I deinstalled the chkrootkit (v-4.1) that came with 4.9. I then
downloaded and installed the most recent version (v-4.3) from the
chkrootkit.org site.
I re-ran
On Wed, 14 Apr 2004 16:08:08 +
Daniela [EMAIL PROTECTED] wrote:
aragorn# ls -l /bin/rcp
-r-sr-xr-x 1 root wheel 18392 Feb 23 20:41 /bin/rcp
(notice the size!, someone mentioned that already on the list..)
So obviously something weird happened.
That needn't be the case. Mine
Hello all,
On Wed, Apr 14, 2004 at 02:11:34PM -0700 or thereabouts, Mike wrote:
Jeff Maxwell wrote:
upgrade your ports. The chkrootkit that ships with 4.9 gives false
positives
I'm using chrootkit from fresh ports update (v4.3). Results are as:
System 1 on 4.9-STABLE:
nothing
Hello,
Wondering if a system on my network has been hacked? At approx 12:30
this evening the hard disk went crazy, i have been out of town lately and
have not checked any of the machines, when i did the CPU usage was at 15%
which on this machine it never gets above 1 maybe 1.5. So i looked
- Original Message -
From: dave [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 13, 2004 11:51 PM
Subject: have i been hacked?
Hello,
Wondering if a system on my network has been hacked? At approx 12:30
this evening the hard disk went crazy, i have been out of town
On Wed, 14 Apr 2004 00:51:06 -0400
dave [EMAIL PROTECTED] granted us these pearls of wisdom:
Hello,
Wondering if a system on my network has been hacked? At approx 12:30
this evening the hard disk went crazy, i have been out of town lately and
have not checked any of the machines, when i
On Tue, Mar 09, 2004 at 02:56:15AM +0800, re re wrote:
hello
despite having ipfilter blocking all ports except 80 21 and 22, tripwire, and
scoring 99 in nmap, my website got defaced.
the box is currently unplugged. i wanted to know what is the best way to find out
who did it and how
hello
despite having ipfilter blocking all ports except 80 21 and 22, tripwire, and scoring
99 in nmap, my website got defaced.
the box is currently unplugged. i wanted to know what is the best way to find out who
did it and how they got in, and what to do from here. tripwire shows a lot
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] re re
Verzonden: maandag 8 maart 2004 19:56
Aan: [EMAIL PROTECTED]
Onderwerp: hacked
hello
despite having ipfilter blocking all ports except 80 21 and 22, tripwire,
and scoring 99 in nmap, my website got defaced.
the box is currently unplugged. i
On Sat, 8 Mar 2003 20:02:02 +0100
Remko Lodder [EMAIL PROTECTED] wrote:
Please set your date right.
tnx
--
IOnut
Unregistered ;) FreeBSD user
___
[EMAIL PROTECTED] mailing list
On Mon, 8 Mar 2004 21:22:24 +0200
Ion-Mihai Tetcu [EMAIL PROTECTED] wrote:
On Sat, 8 Mar 2003 20:02:02 +0100
Remko Lodder [EMAIL PROTECTED] wrote:
Please set your date right.
tnx
And of course that should have been sent on private. Sorry.
--
IOnut
At 2004-03-08T18:56:15Z, re re [EMAIL PROTECTED] writes:
hello despite having ipfilter blocking all ports except 80 21 and 22,
tripwire, and scoring 99 in nmap, my website got defaced.
Despite locking my door to my house, pulling the curtains, and sitting in a
dark living room with a
(sendmail)
After reboot, I got the above sendmail processes. Was my system hacked by
someone?
---
Lou
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
version.
Are they hacked or something??
- Mark
System Administrator Asarian-host.org
---
If you were supposed to understand it,
we wouldn't call it code. - FedEx
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
v1)
onto my system. :( So much for getting the latest version.
Are they hacked or something??
Why are you asking us?
Anyway, it's just as likely this was a false alarm by your virus scanner.
Kris
msg16205/pgp0.pgp
Description: PGP signature
- Original Message -
From: Kris Kennaway [EMAIL PROTECTED]
To: Mark [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, January 21, 2003 6:32 PM
Subject: Re: ftp.apcupsd.com hacked?
On Tue, Jan 21, 2003 at 02:38:43PM +0100, Mark wrote:
The oddest thing.
I just went
96 matches
Mail list logo