I would do a find / -name g
g is a well known rootkit, im not sure if it works with freebsd but I am sure it can be modified, that is what most of the script kiddies are using these days, it changes a bunch of things like ps, and last and who... If you find a directory called 'g' unless its terminfo/g you may want to search on google or somewhere and see if you can locate a list of the files that are modified by this rootkit.
Most of the time hax0r-kiddies login through services that are left open, I.E. PostGres has a default account that they can get in through.. Take a look.
Thanks,
-Drew
-----Original Message-----
From: Zaitsau, Andrei [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 18, 2000 1:47 PM
To: [EMAIL PROTECTED]
Subject: Hacked computer
Hello everyone,
I have a problem, in the morning someone hacked into my computer at home. It
is ADSL Gateway running FreeBSD 3.4 , root password is changed by hacker.
Can anyone tell where on the system I can find some tracks of a hacker?
What should I check first?
Which log files?
Anyone? Please?
Thanks.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
