Re: Hacked or not ?

From: RazorOnFreeBSD (
Date: 05/21/04

  • Next message: Nigel Houghton: "Re: Hacked or not ?"
    To: <>
    Date: Fri, 21 May 2004 16:33:01 +0200

    yes.... if you have any recommandation on something else?
    I'm currently moving from chkrootkit 0.41 ot 0.43 maybe it will help!
    I'll send the response for next people with this problem.... 'cause I don't
    want to be anoying but after simple searches I didn't find accurate solution
    or right information for 4.x boxes!
    For sure I didn't type in the right words if this post pop up every week,
    but I'm a newbie and futur newbies will have the same problem and probably
    type the same key words.... and probably add another post on the same
    Here I and they need a response to stop polluting the mailing list! Don't
    you think?

    PS: This was just sort of a notice, nothing aggressive or whatever else you
    would'nt like! I love everybody and everything on this planet even cows....
    (can I except terrorist people? Those are shit!)

    Sorry for polluting.
    razor's trying chkrootkit 0.43.

    ----- Original Message -----
    From: "Tom Rhodes" <>
    To: "Matthew Seaman" <>
    Cc: "RazorOnFreeBSD" <>;
    Sent: Friday, May 21, 2004 10:11 PM
    Subject: Re: Hacked or not ?

    > On Fri, 21 May 2004 21:02:54 +0100
    > Matthew Seaman <> wrote:
    > > On Fri, May 21, 2004 at 03:52:45PM +0200, RazorOnFreeBSD wrote:
    > >
    > > > I have a 4.9-STABLE FreeBSD box apparently hacked!
    > > > Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.
    > > > Those are:
    > > > chfn ... INFECTED
    > > > chsh ... INFECTED
    > > > date ... INFECTED
    > > > ls ... INFECTED
    > > > ps ... INFECTED
    > >
    > > Sheesh. Not this *again*. This is a false alarm: chkrootkit is
    > > exceedingly sensitive to something about the way such programs work
    > > under FreeBSD and has to be continually futzed so that it knows not to
    > > complain on each successive version of FreeBSD. Comes up in this or
    > > other FreeBSD lists just about every week.
    > >
    > > Relax. You're not compromised. You just need better tools.
    > >
    > I love the "just need better tools." without any recommendation
    > for him.
    > --
    > Tom Rhodes

    _______________________________________________ mailing list
    To unsubscribe, send any mail to ""

  • Next message: Nigel Houghton: "Re: Hacked or not ?"

    Relevant Pages

    • RE: Hogwash
      ... but I've come to expect more from the FreeBSD project. ... I don't know what the official response will be, ... restrict ssh access to a limited number of hosts. ...
    • Great Tip Regarding Asking Questions at FreeBSD
      ... I am really enjoying learning the FreeBSD op system and I try to figure ... Please see my response to Dave's message. ... I have a network ...
    • False positives from chkrootkit? or hacked test server?
      ... I'm still learning about FreeBSD so I thought I would run ... I installed and ran chkrootkit. ... NO PORTS are forwarded to this FreeBSD system. ... My Redhat-9 server that runs Apache, Mysql, php4, and postfix. ...
    • RE: TIME_WAIT Assassination in FreeBSD???
      ... not state any impact to FreeBSD and so I am unlikely to get a response on ... So you're much more likely to get help on an AIX list. ... question also exists on FreeBSD. ... Nothin' ever doesn't change, but nothin' changes much. ...
    • Re: chkrootkit/freebsd
      ... > After running a slackware server for a few years, ... everyone - the chkrootkit version in my ports tree was ... and 0.44 fixes false positives in freebsd. ... Time to update my ports tree I guess. ...