Re: newbie with www user security problem

From: Yann Golanski (yann_at_kierun.org)
Date: 08/11/05

Next message: Arne : "Re: newbie with www user security problem"

Previous message: Ken Hawkins: "Re: newbie with www user security problem"
In reply to: Ken Hawkins: "Re: newbie with www user security problem"
Next in thread: Arne : "Re: newbie with www user security problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 11 Aug 2005 16:50:23 +0100
To: Ken Hawkins <ken@rosewoodblues.com>

Quoth Ken Hawkins on Thu, Aug 11, 2005 at 11:32:44 -0400
> The box is secure that much i have found out. the only problems have
> been with this email spamming. nothing in the tmp dirs out of the
> ordinary and no missing files running scripts etc. I have changed
> everyone passwords on the box. *'d the www password, ensured there is
> no shell with the www user, etc.

Have you run chkrootkit on it?

> i am in the process of upgrading the ports now and there are problems
> (of course). the ports seem to have been mangled as the listing in /
> var/db/ports does not match what i KNOW is running on the box. The
> person i have inherited this from manually deleted from the /var/db/
> ports to get some of the applications to re-install! gotta love that!

ICK! Make sure you database is fine otherwise, you'll get into no end
of trouble.

> well here i come port fix hell! This is a production box and can't be
> taken off line as of this moment so i am going to have to attempt on
> the fly fixing / upgrading of the ports. i would love to wipe it but
> it is just not a possibility right now.

Oh dear. How about living it as is -- minus the spam emailer -- and
rebuilding another one to replace it?

-- 
yann@kierun.org                  -=*=-                      www.kierun.org
    PGP:   009D 7287 C4A7 FD4F 1680  06E4 F751 7006 9DE2 6318

application/pgp-signature attachment: stored

Next message: Arne : "Re: newbie with www user security problem"

Previous message: Ken Hawkins: "Re: newbie with www user security problem"
In reply to: Ken Hawkins: "Re: newbie with www user security problem"
Next in thread: Arne : "Re: newbie with www user security problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: portupgrade O(n^m)?
... the whole set of ports in a couple of seconds. ... Portmaster in no way solves this problem, ... I'm not sure what you mean by "nor helps upgrading in a reasonable ... of dependency graphing the entire ports tree. ...
(freebsd-hackers)
Re: Why does portsdb -Uu run so long?
... and the other one for ports. ... portsnap, regardless of how fast it is. ... There's no reason to do a buildworld sequence everytime you upgrade the ports ... upgrading with portugrade -arR, I'll be done and using the system. ...
(freebsd-questions)
Re: Downgrade a port
... On Sunday 11 December 2005 11:55, Robert Fitzpatrick wrote: ... > since upgrading several packages. ... Of all the packages that were upgraded ... All ports were upgraded via portupgrade, ...
(freebsd-questions)
Re: 7.2-STABLE to 8-R
... Just the regular upgrade procedure as documented in /usr/src/UPDATING. ... I found that usually it is fastest to just take note of which ports you need, delete all existing ports, then after the upgrade reinstall the required ports. ... If you decide to recompile the ports using portupgrade, portmaster or a similar tool, rather than, as Pieter suggested, deleting them and re-installing, make sure your ports are up to date before upgrading the system. ... If you upgrade them using portupgrade, portmaster or a similar tool, do the delete-old-libs AFTER all ports are successfully upgraded. ...
(freebsd-questions)
Re: Updating ports
... The main difference that is relevant to me personally is that portmanager ... It rebuilds ports in such a way that the result is, in theory, supposed to be ... I find this is the most useful upgrading method. ... dependency information, etc). ...
(freebsd-questions)