newbie with www user security problem
Yann Golanski
yann at kierun.org
Thu Aug 11 15:50:26 GMT 2005
Quoth Ken Hawkins on Thu, Aug 11, 2005 at 11:32:44 -0400
> The box is secure that much i have found out. the only problems have
> been with this email spamming. nothing in the tmp dirs out of the
> ordinary and no missing files running scripts etc. I have changed
> everyone passwords on the box. *'d the www password, ensured there is
> no shell with the www user, etc.
Have you run chkrootkit on it?
> i am in the process of upgrading the ports now and there are problems
> (of course). the ports seem to have been mangled as the listing in /
> var/db/ports does not match what i KNOW is running on the box. The
> person i have inherited this from manually deleted from the /var/db/
> ports to get some of the applications to re-install! gotta love that!
ICK! Make sure you database is fine otherwise, you'll get into no end
of trouble.
> well here i come port fix hell! This is a production box and can't be
> taken off line as of this moment so i am going to have to attempt on
> the fly fixing / upgrading of the ports. i would love to wipe it but
> it is just not a possibility right now.
Oh dear. How about living it as is -- minus the spam emailer -- and
rebuilding another one to replace it?
--
yann at kierun.org -=*=- www.kierun.org
PGP: 009D 7287 C4A7 FD4F 1680 06E4 F751 7006 9DE2 6318
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050811/0f42c6bc/attachment.bin
More information about the freebsd-security
mailing list