Re: Need urgent help regarding security

• Previous message: Cy Schubert: "krb5-1.4.3 is released (fwd)"
• In reply to: Mark Jayson Alvarez: "Need urgent help regarding security"
• Next in thread: Timothy Smith: "Re: Need urgent help regarding security"
• Reply: Timothy Smith: "Re: Need urgent help regarding security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 17 Nov 2005 17:58:04 +0100
To: Mark Jayson Alvarez <jay2xra@yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Check the system with rkhunter to see if there were any changes to
some files or any known rootkit installed.
You can find rkhunter in /usr/ports/security/rkhunter

Try to the following:

rkhunter --update && rkhunter --checkall

17 nov 2005 kl. 02.25 Mark Jayson Alvarez wrote:

> Good Day!
>
> I think we have a serious problem. One of our old
> server running FreeBSD 4.9 have been compromised and
> is now connected to an ircd server..
> 195.204.1.132.6667 ESTABLISHED
>
> However, we still haven't brought the server down in
> an attempt to track the intruder down. Right now we
> are clueless as to what we need to do..
> Most of our servers are running legacy operating
> systems(old versions mostly freebsd) Also, that
> particular server is running - ProFTPD Version 1.2.4
> which someone have suggested to have a known
> vulnerability..
>
> I really need all the help I can get as the
> administration of those servers where just transferred
> to us by former admins. The server is used for ftp.
>
> Thanks..
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-
> unsubscribe@freebsd.org"

     -- Johan Berg

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iD8DBQFDfLapSVaw+q1ufCYRAh7BAJ93lVecTx72JQnY8IiW3L5D8ineMwCfTZbm
dY+/9ukhbXIF9r/5krcxSZ4=
=sjjs
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Cy Schubert: "krb5-1.4.3 is released (fwd)"
• In reply to: Mark Jayson Alvarez: "Need urgent help regarding security"
• Next in thread: Timothy Smith: "Re: Need urgent help regarding security"
• Reply: Timothy Smith: "Re: Need urgent help regarding security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: help ive been hacked. :( ... The first thing to do is download and run the chkrootkit and rkhunter ... And, of course, cgi scripts are frequently a way for attackers to gain ... with known security holes, and you can use the logs, especially the web ... server logs, to see if there were any strange web requests around the time ... (RedHat) Advice on IDS & co. ... I would like to know what you guys think about chkrootkit, rkhunter and tripwire. ... Also, if you have other neat tricks to add some security to a Server, do tell. ... (freebsd-questions) Re: routed vpn between two freebsd machines ... > server and client start, i can only ping the client's ip address 10.8.0.6, ... > bit message hash 'SHA1' for HMAC authentication ... (freebsd-questions) Re: routed vpn between two freebsd machines ... > server and client start, i can only ping the client's ip address 10.8.0.6, ... > bit message hash 'SHA1' for HMAC authentication ... (freebsd-questions) Re: routed vpn between two freebsd machines ... > server and client start, i can only ping the client's ip address 10.8.0.6, ... > bit message hash 'SHA1' for HMAC authentication ... (freebsd-questions)