I have been hacked (WAS: Have I been hacked or is nmap wrong?)
Kilian Hagemann
hagemann1 at egs.uct.ac.za
Wed Jan 18 07:46:45 PST 2006
On Wednesday 18 January 2006 17:13, chris at i13i.com pondered:
> sendmail_enable="NONE" would do the same as all that other crap mentioned
> i find it a waste of time trying to figure out how a hacker got in just
> format the machine reinstall freebsd and secure the box up a bit and try
> updating it when vulnerabilitie are out. And this shouldnt happen again
Yeah, I'll have to look into that NONE vs all NO individually because it gave
me hassles from the beginning (STILL sendmail stuff in /var/log/messages
after disabling with NONE), but the important thing here is outside sendmail
access was firewalled (see my other post and its attachment for ipfw rules).
Anyway, I guess you're right, reinstalling and beefing up security will be
easier. I just thought that if they didn't get in through brute-forcing my
sshd (the only vulnerability I can think of so far), and the attack came from
the internet (not some worm/virus on one of the Windows machines), it's some
unpublished vulnerability in some part of FreeBSD that I'm sure others would
like to know about. But hey, from what you guys are telling me that seems
unlikely...
--
Kilian Hagemann
More information about the freebsd-questions
mailing list