Kevin D. Kinsey, DaleCo, S.P. kdk at
Mon Apr 19 06:16:50 PDT 2004

James T. Harrison wrote:

>My server had some apps running that should not have been there.  
That is probably true.  It's possible that Microsoft Windows(R)
is one of them, in this case.

>You have a hacker using your site to gather info on servers.  

That doesn't ring true.  Your machine is the one infected ....

The material you posted is not evidence of this.  The FreeBSD ftp
sites are public sites, and the alleged "hacker" <did you possibly
mean "cracker" or "script kiddie" or "bad guy"?> appears to simply
be, in your example, connecting to a number of known high speed
ftp servers to mine data about your internet connectivity.

>What are your plans to stop?  What is your phone number and contact name?

The information for is, well, kind of where you'd expect
it to be --- at the Project's web site.

>Here is part of the script.  

I note that it's a Windows script, so it is, I suppose, rather OT
for this list....

>Notice USA as the country.  

I notice a number of countries mentioned.  Considering
the Internet is world wide, that's not surprising to me.

>This is one of many batch files that were found on my server.

If it is your server, you should probably be asking yourself,
"what about my server and configuration allowed these files
to be placed there, and what can I do to both fix the situation
now and see that it doesn't happen again?"

Perhaps you should look into running a more secure operating
system on a server that is connected to a hostile Internet.  Could
we recommend a *BSD ?

Kevin Kinsey

More information about the freebsd-questions mailing list