Re: "sh -i" My server was hacked. How can i found hole on my server?

From: Marko Lerota (mlerota_at_iskon.hr)
Date: 06/27/05

  • Next message: Marko Lerota: "Re: "sh -i" My server was hacked. How can i found hole on my server?"
    To: Oleg Rusanov <freebsd-security@molecon.ru>
    Date: Mon, 27 Jun 2005 15:54:31 +0200
    
    

    Oleg Rusanov <freebsd-security@molecon.ru> writes:

    > Hello.
    >
    > My server was hacked. The CPU has been loaded on 99 % by "sh -i" process.
    > I found out that someone has started phpshell through a hole in one of phpbb forums.
    > Also has filled in scripts for flud and spam and "vadim script" in
    > "/tmp". I has made it noexec. Recently has found out the same process.
    > May be i have left again /tmp opened, or other hole may be.
    > What is better to do for clean my system?
    >
    > How can i found hole on my server?

    Before formating try the rkhunter and nessus

    -- 
    One cannot sell the earth upon which the people walk
                                   			Tacunka Witco 
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Marko Lerota: "Re: "sh -i" My server was hacked. How can i found hole on my server?"