Cleaning up after attack?
Dr. Jennifer Nussbaum
bg271828 at yahoo.com
Mon Feb 15 10:40:26 UTC 2010
Hi. I have an up-to-date FreeBSD 7.2 box that has been compromised. Someone aparently got in to an account with certain admin priveleges and has been
sending spam.
I disabled the account, shut off my MTA and used pf to block all traffic to port 25 out for good measure.
How do i analyse what might have happened and what has been installed?
Andis there anything to do other than rebuild the entire system to ensure that its clean?
Thanks.
Jen
More information about the freebsd-questions
mailing list