Hacked - FreeBSD 7.1-Release
Squirrel
squirrel at mail.isot.com
Thu Dec 10 05:11:52 UTC 2009
Taking your advice and checking all ports for problems.
Thanks.
-----Original message-----
From: Xin LI delphij at delphij.net
Date: Wed, 09 Dec 2009 20:18:13 -0600
To: squirrel at isot.com
Subject: Re: Hacked - FreeBSD 7.1-Release
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Squirrel wrote:
> > My server was hacked, and the hacker was nice enough to not cause damage except changing index.php of couple of my websites. The index.php had the following info:
> >
> > "Hacked By Top
> > First Warning That's Bug From Your Servers
> > Next Time You Must Be Careful And Fixed Your Site Before Coming Another Hacker And Hacked You Again
> > Sorry Admin And Don't Worry Just I Change Index
> > ALTBTA
> > For Contact : l_9 at hotmail.com
> > Best Wishes"
> >
> > Of course, I sent him email, just in case it's valid, asking how he did it or how should I patch things up. But haven't got a reply yet. I've looked at all the log files, particularly auth.log, although there were thousands of login attempts to SSH and FTP, but none succeeded. And I don't know where else to look, please help.
> >
> > I'm using FreeBSD 7.1-Release with below daemons
> >
> > Apache 2.2.11
> > ProFTP 1.32
> > OpenSSH 5.1
> > Webmin 1.480
> > MySQL 5.0.67
> > BIND 9.6.0
>
> It could be tricky to figure out how the attacker gets in. I'd be
> curious what PHP application are you using right now? Do you have
> properly set the permissions (i.e. files are either executable, or
> writable, but not both; www user can't write on where code can be
> executed, etc), and there is no vulnerability in your web application?
>
> By the way, if you use ports you can install ports-mgmt/portaudit and
> use 'portaudit -Fda' to check if there is known vulnerability with your
> installed packages, just a hint.
>
> Cheers,
> - --
> Xin LI <delphij at delphij.net> http://www.delphij.net/
> FreeBSD - The Power to Serve! Live free or die
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.13 (FreeBSD)
>
> iEYEARECAAYFAksgTFUACgkQi+vbBBjt66DA5gCeKX9oPnuBJOEznAA6WOxozpTz
> hZMAoI2CRuXM6o/t9JuKffPli6Uk7uQ/
> =rOnr
> -----END PGP SIGNATURE-----
More information about the freebsd-stable
mailing list