Re: psybnc and IRC hack
From: neal r (neallist@wispair.net)
Date: 12/03/02
- Next message: Patrick Fish: "Re: psybnc and IRC hack"
- Previous message: Charles Swiger: "Re: psybnc and IRC hack"
- In reply to: Charles Swiger: "Re: psybnc and IRC hack"
- Next in thread: Patrick Fish: "Re: psybnc and IRC hack"
- Reply: Patrick Fish: "Re: psybnc and IRC hack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 02 Dec 2002 23:49:33 -0600 From: neal r <neallist@wispair.net> To: stabilizer@klentaq.com
This doesn't belong on freebsd-security.
Read this first:
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/security.html
If you're still confused get on an Undernet IRC server, go to #freebsdhelp, and
ask for assistance. Its best to show between 18:00 and 24:00 EST from my
experience. There are probably other places you could check, this one I frequent
and I know they'll help new people.
Charles Swiger wrote:
> [ This probably belongs on freebsd-security, instead... ]
>
> Wayne M Barnes wrote:
> > How can I best recover from, and defend myself from, a hacker
> > who breaks into my system and runs a program called psybnc
> > without my permission? I think he is using my system as a
> > front/slave.
>
> Yes. Unless you installed an IRC bouncer-- or whatever it was being used for--
> yourself, it's a safe bet that your machine was hacked. You haven't identified
> much about the system-- OS version, what service was compromised (if you know,
> and you should investigate that), as well as form an incident timeline.
>
> The best way to recover is to backup the compromised system, for recovery of
> your data and later forensics if you (or your ISP) chooses to investigate
> further.
>
> Reinstall the latest version of FreeBSD from a known-good image, possibly using
> CVSUP to upgrade to -STABLE or the security branch for your version
> (RELENG_4_7?).
>
> Then restore your data (after making sure nothing was compromised...that means
> do not copy date, especially executables without checking them against prior
> backups).
>
> > For now, I have killed psybnc, deleted the directory of stuff
> > that he put in, and changed my password. Is that any good?
>
> It's a good starting point, yes, but it certainly isn't sufficient.
>
> > Can there be a real vaccination built in to FreeBSD?
>
> Yes. It's easy to compare your system against the software from the OS install
> disk; where many people encounter problems is with the changes they've made
> afterwards themselves. How complete are your backups?
>
> -Chuck
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Patrick Fish: "Re: psybnc and IRC hack"
- Previous message: Charles Swiger: "Re: psybnc and IRC hack"
- In reply to: Charles Swiger: "Re: psybnc and IRC hack"
- Next in thread: Patrick Fish: "Re: psybnc and IRC hack"
- Reply: Patrick Fish: "Re: psybnc and IRC hack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
