Cleaning up after attack?

Dr. Jennifer Nussbaum bg271828 at
Mon Feb 15 10:40:26 UTC 2010

Hi. I have an up-to-date FreeBSD 7.2 box that has been compromised. Someone aparently got in to an account with certain admin priveleges and has been 
sending spam.

I disabled the account, shut off my MTA and used pf to block all traffic to port 25 out for good measure.

How do i analyse what might have happened and what has been installed?

Andis there anything to do other than rebuild the entire system to ensure that its clean?




More information about the freebsd-questions mailing list