Quoth Mark Felder <f...@feld.me>: > On Thu, 17 Jan 2013 07:22:26 -0600, Alex Povolotsky > <tark...@webmail.sub.ru> wrote: > > > It was a break-in. Some dumb php script running with user privileges > > managed FreeBSD to hang on disk io up to stopping responding to anything > > besides reset. > > Yikes! Make sure to run freebsd-update IDS to check the base OS's > checksums and if you're using pkgng you can use "pkg check-s" to look for > any tampered with files owned by packages.
Make sure you read the caveats in the freebsd-update manpage before trusting the IDS result. At the very least you need to delete /var/db/freebsd-update, /etc/freebsd-update.conf and /usr/sbin/freebsd-update itself and replace them with known-good copies. Ideally you should run the tests from an entirely separate known-good instance of the OS, though in practice it's probably easier to just replace the OS and packages from known-good sources and then set about recovering and verifying the data. cf. the story about patching cc to patch cc to patch login... Ben _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"