On Tue, Dec 19, 2000 at 10:07:45AM -0500, Bill Vermillion thus spoke:
> On Tue, Dec 19, 2000 at 03:24:15AM -0500, Mike Nowlin thus spoke:
Damn - been one of those days. I looked at the sources to get
Wietse's name spelled right, and copied out the source address but
negelected to include that.
On Tue, Dec 19, 2000 at 03:24:15AM -0500, Mike Nowlin thus spoke:
> > If you've been rooted, then the logs are probably no good. But
> > check you wtmp for logons, and messages, and well if you don't
> > see anything unusual there then the've prabaly been wiped. Have
> > regained root yet? ...
> If you've been rooted, then the logs are probably no good. But check you wtmp
> for logons, and messages, and well if you don't see anything unusual there then
> the've prabaly been wiped. Have regained root yet? personally I would pull the
> box off net and backup theimportant config stuff, th
At Mon, 18 Dec 2000, [EMAIL PROTECTED] wrote:
>Hello everyone,
>I have a problem, in the morning someone hacked into my computer at home. It
>is ADSL Gateway running FreeBSD 3.4 , root password is changed by hacker.
>Can anyone tell where on the system I can find some tracks of a hacker?
>What sh
If you've been rooted, then the logs are probably no good. But check you wtmp
for logons, and messages, and well if you don't see anything unusual there then
the've prabaly been wiped. Have regained root yet? personally I would pull the
box off net and backup theimportant config stuff, then blast
Title: RE: Hacked computer
I would do a find / -name g
g is a well known rootkit, im not sure if it works with freebsd but I am sure it can be modified, that is what most of the script kiddies are using these days, it changes a bunch of things like ps, and last and who... If you find a
