Im running FBSD 5.4 as a web server the server is behind a cisco firewall
/router and the server has alot of CMS jumila / mambo sites on it. I noticed
that when i ran sockstat i was seeing multiple IPs connected to high ports on
the server with a process id of psybnc . Did some looking around
Am Samstag 11 August 2007 13:20:31 schrieb Brent:
Im running FBSD 5.4 as a web server the server is behind a cisco firewall
/router and the server has alot of CMS jumila / mambo sites on it. I
noticed that when i ran sockstat i was seeing multiple IPs connected to
high ports on the server with
: Re: server was hacked
Am Samstag 11 August 2007 13:20:31 schrieb Brent:
Im running FBSD 5.4 as a web server the server is behind a cisco firewall
/router and the server has alot of CMS jumila / mambo sites on it. I
noticed that when i ran sockstat i was seeing multiple IPs connected to
high
Brent wrote:
, HOw excatly are they getting in ?
what are the things I can do to prevent this. On FBSD how do you checksum
binaries on the system to ensure someone hasnt replaced one with there own
binary.
Do yourself a favor and buy the book
BSD Hacks
by
Dru Lavigne
O'Reilly Media
ISBN
On Sat, 11 Aug 2007 13:54:29 +0200
Heiko Wundram (Beenic) [EMAIL PROTECTED] wrote:
On FBSD how do you checksum binaries on the system to ensure someone hasnt
replaced one with there own binary.
Install security/tripwire and configure properly.
Note that tripwire isn't the only option.
On Sat, Aug 11, 2007 at 07:20:31AM -0400, Brent wrote:
a compromised mambo site. after getting rid of the program I changed
our router to disallow this type of traffic.. started trying to fix
the box. Im pretty sure that root wasnt compromised but im going to
re-install anyway. my question has
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent
Sent: August 11, 2007 7:21 AM
To: [EMAIL PROTECTED]
Subject: server was hacked
Im running FBSD 5.4 as a web server the server is behind a
cisco firewall /router and the server has alot
