Re: Apache Software Foundation Server compromised, resecured. (fwd)

From: Brian Behlendorf (brian@collab.net)
Date: 06/01/01


Date: Thu, 31 May 2001 18:39:51 -0700 (PDT)
From: Brian Behlendorf <brian@collab.net>
To: "Karsten W. Rohrbach" <karsten@rohrbach.de>

On Fri, 1 Jun 2001, Karsten W. Rohrbach wrote:
> this was one "result" of the comromised ssh binary at sourceforge.
> i don't want to think about it aloud in public what's next :-(
>
> last | grep sourceforge
> for (every account affected)
> pw usermod "account" -h -

The shell machine at SF didn't have reverse DNS (or at least it wasn't
recorded in the wtmp), so you might want to look for 216.136.171.252 (the
machine our friend came in from) or maybe even 216.136/24.

        Brian

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message