Re: Hacked or not ?
From: RazorOnFreeBSD (yann.luppo_at_attglobal.net)
To: <freebsd-security@FreeBSD.org> Date: Fri, 21 May 2004 16:33:01 +0200
yes.... if you have any recommandation on something else?
I'm currently moving from chkrootkit 0.41 ot 0.43 maybe it will help!
I'll send the response for next people with this problem.... 'cause I don't
want to be anoying but after simple searches I didn't find accurate solution
or right information for 4.x boxes!
For sure I didn't type in the right words if this post pop up every week,
but I'm a newbie and futur newbies will have the same problem and probably
type the same key words.... and probably add another post on the same
Here I and they need a response to stop polluting the mailing list! Don't
PS: This was just sort of a notice, nothing aggressive or whatever else you
would'nt like! I love everybody and everything on this planet even cows....
(can I except terrorist people? Those are shit!)
Sorry for polluting.
razor's trying chkrootkit 0.43.
----- Original Message -----
From: "Tom Rhodes" <trhodes@FreeBSD.org>
To: "Matthew Seaman" <email@example.com>
Cc: "RazorOnFreeBSD" <firstname.lastname@example.org>;
Sent: Friday, May 21, 2004 10:11 PM
Subject: Re: Hacked or not ?
> On Fri, 21 May 2004 21:02:54 +0100
> Matthew Seaman <email@example.com> wrote:
> > On Fri, May 21, 2004 at 03:52:45PM +0200, RazorOnFreeBSD wrote:
> > > I have a 4.9-STABLE FreeBSD box apparently hacked!
> > > Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.
> > > Those are:
> > > chfn ... INFECTED
> > > chsh ... INFECTED
> > > date ... INFECTED
> > > ls ... INFECTED
> > > ps ... INFECTED
> > Sheesh. Not this *again*. This is a false alarm: chkrootkit is
> > exceedingly sensitive to something about the way such programs work
> > under FreeBSD and has to be continually futzed so that it knows not to
> > complain on each successive version of FreeBSD. Comes up in this or
> > other FreeBSD lists just about every week.
> > Relax. You're not compromised. You just need better tools.
> I love the "just need better tools." without any recommendation
> for him.
> Tom Rhodes
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"