From: Anastasios Tsiolakidis <none@sokratis.dk--gmail.com.lh.bsd-dk.dk> Date: Sun, 12 Dec 2010 14:51:32 +0100 Subject: Re: Er min server blevet hacket? To: bsd-dk@bsd-dk.dk
On Sun, Dec 12, 2010 at 2:29 PM, Jette Derriche <none@bsd-dk--nerdgirl.dk.lh.bsd-dk.dk> wrote:
> On Sun, 2010-12-12 at 14:05 +0100, Anastasios Tsiolakidis wrote:
>> 2010/12/12 Sven Esbjerg <none@list0--xbsd.net.lh.bsd-dk.dk>:
>> > On Sun, Dec 12, 2010 at 01:17:18PM +0100, Sven Esbjerg wrote:
>> >> On Sun, Dec 12, 2010 at 12:25:43PM +0100, Jette Derriche wrote:
>> >> > fstat afslørede synderne:
>> >> >
>> >> > ---------------------------------------
>> >> > 1 USER CMD PID FD MOUNT INUM MODE SZ|DV R/W
>> >> > 987 root zgcqesjovzlqfeo 2710 320* internet stream tcp c31f4278-
>> >> > [...]
>> >> > 61 root jdauyqkcwxsowzx 2731 5* internet stream tcp c2fb84f0
>> >> > [...]
>> >> > 1280 root vopnnrxxixfneke 2709 18* internet stream tcp c3026000
>> >> > ---------------------------------------
> I have uploaded one of the binaries, if you want to have a look:
> http://old.nerdgirl.dk/fil.zip
"Obviously" you were not attacked by "ProFTPD IAC Remote Root
Exploit", were you? I don't know the current state of affairs for BSD,
but I do not think there is a reasonable way to update out of root
canal, reinstall!
This archive was generated by hypermail 2b30 : Fri 31 Dec 2010 - 23:00:01 CET