anchor (sent by Nabble.com) wrote:
My machine been hacked. The message file was modified. Old dated backup files
are deleted. The last log was truncated. You are gurus. Would you please tell
me where I can find out other trace file or logfiles to figure out where the
hacker come from?
Thanks a lot.
--
View this message in context:
http://www.nabble.com/My-machine-been-hacked%2C-I-need-help-t915435.html#a2374502
Sent from the freebsd-hackers forum at Nabble.com.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
If you can get into the kernel debugger you may try to do a ps from
there and see if there are any strange processes running.
of course the first thing to do is physically unplug the machine.
then make a backup for forensic purposes if you can.
you don't say what version of the system it is and what it runs as services.
there are rootkit finders in the ports under 'security'
if you installed from CD see if you can get it from there..
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
