The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Previous Message  |  Next Message 
 Re: sshd hacked?
Author: olyander 
Date:   22-09-08 20:39

I would have loved to see what was in sshd0, among other files on your system. did you "rm" that directory completely? if your running inetd, shut that off and if you do need it, comment out # all the 9000 plus lines that are open on there.

research various ssh attacks on various hack sites, and see what you can find regarding dan's comment, what ports are installed, and to really get things done, work with nessus to see what exploits are known on your server from here on out, otherwise, you just might "owned" again.

There are lots of monitor progs out there; monit, fam, so forth in /usr/ports that will email you quickly when something is touched, chown'd, etc... on critical files and entire directories.

Unfortunately, there are ways to stop email from "getting out" to you, as these types of services are halted before the crack gets to work.

Let us know what you find out?

Sorry to hear bout that...

... And Dan, how about a Security Forum? :) Justa thought...


Oly Ander



 Reply To This Message  |  Forum List  |  Flat View   Newer Topic  |  Older Topic 

 Topics Author  Date
 sshd hacked?   new
fischb22 21-09-08 05:08 
 Re: sshd hacked?   new
Dan 22-09-08 04:15 
 Re: sshd hacked?   new
fischb22 22-09-08 15:48 
 Re: sshd hacked?   new
Dan 22-09-08 15:50 
 Re: sshd hacked?   new
olyander 22-09-08 20:39 
 Re: sshd hacked?   new
Dan 22-09-08 20:53 
 Re: sshd hacked?   new
fischb22 23-09-08 02:37 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org