compromised server

From: jahmon (jahmon_at_jahmon.com)
Date: 08/28/03

  • Next message: Guy P.: "Re: compromised server" 
    Date: Thu, 28 Aug 2003 10:41:59 -0400
To: freeBSD-security@freebsd.org

    I have a server that has been compromised.
    I'm running version 4.6.2
    when I do

    >last

    this line comes up in the list.
    shutdown ~ Thu Aug 28 05:22
    That was the time the server went down.
    There seemed to be some configuration changes.
    Some of the files seemed to revert back to default versions
    (httpd.conf, resolv.conf)

    Does anyone have a clue what type of exploit they may have used?
    Is there anyway I can find out if there are any trojans installed?

    Thanks

    jahmon

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Guy P.: "Re: compromised server"

    Relevant Pages

    • Re: 2.6.10-rc3-mm1-V0.33-04 (private thread?)
      ... On Sunday 19 December 2004 08:56, Gene Heskett wrote: ... >from the server, but I am also getting delayed by a day, bounce ... > middle of an amanda run yesterday moring after an uptime of about ... So I have no clue. ...
      (Linux-Kernel)
    • Re: mysql-server 4.0 not working?
      ... > need help getting it running on 5.2.1 after installing I can't get it to connect to server don't have a clue why either?? ... To unsubscribe, ...
      (freebsd-current)
    • Re: DNS problem, clients cant connect
      ... Its not that I don't have a clue, its that my knowledge has gaps. ... And my client is fine with this. ... >>this server up and running. ... Do you think correcting the ...
      (microsoft.public.windows.server.sbs)
    • Re: What are you people using to download multipart binaries?
      ... >administer the servers you see as a free means to get your daily fix of ... Has any clue as to the history of the forum. ... admining YOUR server. ... You're a Usenet dope. ...
      (alt.os.linux.suse)
    • Re: Reading binary files to ascii - BOUNDARY.mcr (0/1)
      ... > I know this is not a new subject, but the past threads I found were ... deleted from the server! ... You need to give us more of a clue. ...
      (microsoft.public.vb.general.discussion)