Need urgent help regarding security
Johan Berg
johan at ircnet.se
Thu Nov 17 08:58:24 PST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Check the system with rkhunter to see if there were any changes to
some files or any known rootkit installed.
You can find rkhunter in /usr/ports/security/rkhunter
Try to the following:
rkhunter --update && rkhunter --checkall
17 nov 2005 kl. 02.25 Mark Jayson Alvarez wrote:
> Good Day!
>
> I think we have a serious problem. One of our old
> server running FreeBSD 4.9 have been compromised and
> is now connected to an ircd server..
> 195.204.1.132.6667 ESTABLISHED
>
> However, we still haven't brought the server down in
> an attempt to track the intruder down. Right now we
> are clueless as to what we need to do..
> Most of our servers are running legacy operating
> systems(old versions mostly freebsd) Also, that
> particular server is running - ProFTPD Version 1.2.4
> which someone have suggested to have a known
> vulnerability..
>
> I really need all the help I can get as the
> administration of those servers where just transferred
> to us by former admins. The server is used for ftp.
>
> Thanks..
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-
> unsubscribe at freebsd.org"
-- Johan Berg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
iD8DBQFDfLapSVaw+q1ufCYRAh7BAJ93lVecTx72JQnY8IiW3L5D8ineMwCfTZbm
dY+/9ukhbXIF9r/5krcxSZ4=
=sjjs
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list