Re[2]: "sh -i" My server was hacked. How can i found hole on my

看板FB_security作者時間20年前 (2005/06/27 19:35), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
> Also check that your kernel wasn't recompiled and that there aren't any > (known at least) rootkits (chkrootkit). > Anyway, IMHO, there are more ways to hide something in your system.. > If I were you, I'd do all this to try to know the real reason and to > keep that in mind for the future. Finally, I'd follow Jan Muenther's > advice to be sure that you're absolutely clean. amd64# uname -mirs FreeBSD 5.4-STABLE amd64 L71 amd64# amd64# kldstat Id Refs Address Size Name 1 2 0xffffffff80100000 470930 kernel 2 1 0xffffffffb45b0000 2213 nullfs.ko amd64# sysctl kern.securelevel kern.securelevel: -1 Shell account only for me. And "Php open_basedir" was disabled only for one account. So phpshell may go only from this account, but there are no phpbb hole on this account. hm. chrootkit not working, also after reinstall. Checking `bindshell'... INFECTED (PORTS: 465 4000) Checking `lkm'... here is he checking for a log time, i think its not normal. I continue to search. -- Regards, Oleg mailto:freebsd-security@molecon.ru _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 freebsd-secu. 的文章
文章代碼(AID): #12l-I000 (FB_security)