compromised server
Joe Warner
rootman22 at comcast.net
Fri Aug 29 05:37:34 PDT 2003
Hi Jahmon,
I'd highly recommend you try The Coroners Toolkit (TCT):
http://www.porcupine.org/forensics/tct.html
Take a look at "Help! Someone has broken into my system!'
http://www.fish.com/tct/help-when-broken-into
..at the bottom of the page.
Good luck,
Joe
On Thursday 28 August 2003 08:41 am, jahmon wrote:
> I have a server that has been compromised.
> I'm running version 4.6.2
> when I do
>
> >last
>
> this line comes up in the list.
> shutdown ~ Thu Aug 28 05:22
> That was the time the server went down.
> There seemed to be some configuration changes.
> Some of the files seemed to revert back to default versions
> (httpd.conf, resolv.conf)
>
> Does anyone have a clue what type of exploit they may have used?
> Is there anyway I can find out if there are any trojans installed?
>
> Thanks
>
> jahmon
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list