Taking your advice and checking all ports for problems. Thanks.
-----Original message----- From: Xin LI delp...@delphij.net Date: Wed, 09 Dec 2009 20:18:13 -0600 To: squir...@isot.com Subject: Re: Hacked - FreeBSD 7.1-Release > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Squirrel wrote: > > My server was hacked, and the hacker was nice enough to not cause damage > > except changing index.php of couple of my websites. The index.php had the > > following info: > > > > "Hacked By Top > > First Warning That's Bug From Your Servers > > Next Time You Must Be Careful And Fixed Your Site Before Coming Another > > Hacker And Hacked You Again > > Sorry Admin And Don't Worry Just I Change Index > > ALTBTA > > For Contact : l...@hotmail.com > > Best Wishes" > > > > Of course, I sent him email, just in case it's valid, asking how he did it > > or how should I patch things up. But haven't got a reply yet. I've looked > > at all the log files, particularly auth.log, although there were thousands > > of login attempts to SSH and FTP, but none succeeded. And I don't know > > where else to look, please help. > > > > I'm using FreeBSD 7.1-Release with below daemons > > > > Apache 2.2.11 > > ProFTP 1.32 > > OpenSSH 5.1 > > Webmin 1.480 > > MySQL 5.0.67 > > BIND 9.6.0 > > It could be tricky to figure out how the attacker gets in. I'd be > curious what PHP application are you using right now? Do you have > properly set the permissions (i.e. files are either executable, or > writable, but not both; www user can't write on where code can be > executed, etc), and there is no vulnerability in your web application? > > By the way, if you use ports you can install ports-mgmt/portaudit and > use 'portaudit -Fda' to check if there is known vulnerability with your > installed packages, just a hint. > > Cheers, > - -- > Xin LI <delp...@delphij.net> http://www.delphij.net/ > FreeBSD - The Power to Serve! Live free or die > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.13 (FreeBSD) > > iEYEARECAAYFAksgTFUACgkQi+vbBBjt66DA5gCeKX9oPnuBJOEznAA6WOxozpTz > hZMAoI2CRuXM6o/t9JuKffPli6Uk7uQ/ > =rOnr > -----END PGP SIGNATURE----- _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"