server was hacked
Mohd Ghalib Akhtar
md_ghalib at yahoo.com
Sat Aug 11 05:10:24 PDT 2007
hi,
how to restore delated file or folder in linux
Take care
Mohd.Ghalib Akhtar
(India.M)9899868681
(Africa.M) +255787896861
----- Original Message ----
From: Heiko Wundram (Beenic) <wundram at beenic.net>
To: freebsd-questions at freebsd.org
Sent: Saturday, August 11, 2007 2:54:29 PM
Subject: Re: server was hacked
Am Samstag 11 August 2007 13:20:31 schrieb Brent:
> Im running FBSD 5.4 as a web server the server is behind a cisco firewall
> /router and the server has alot of CMS jumila / mambo sites on it. I
> noticed that when i ran sockstat i was seeing multiple IPs connected to
> high ports on the server with a process id of "psybnc" . Did some looking
> around & found that this is a IRC relay program that was installed through
> a compromised mambo site.
That was a know Mambo vulnerability which also hit a client of ours. It's not
a root compromise, though, AFAIR.
> On FBSD how do you checksum binaries on the system to ensure someone hasnt
> replaced one with there own binary.
Install security/tripwire and configure properly.
--
Heiko Wundram
Product & Application Development
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
____________________________________________________________________________________
Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
More information about the freebsd-questions
mailing list