My machine been hacked, I need help
Julian Elischer
julian at elischer.org
Fri Jan 13 20:17:16 PST 2006
anchor (sent by Nabble.com) wrote:
>My machine been hacked. The message file was modified. Old dated backup files are deleted. The last log was truncated. You are gurus. Would you please tell me where I can find out other trace file or logfiles to figure out where the hacker come from?
>
>Thanks a lot.
>--
>View this message in context: http://www.nabble.com/My-machine-been-hacked%2C-I-need-help-t915435.html#a2374502
>Sent from the freebsd-hackers forum at Nabble.com.
>_______________________________________________
>freebsd-hackers at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
>
If you can get into the kernel debugger you may try to do a ps from
there and see if there are any strange processes running.
of course the first thing to do is physically unplug the machine.
then make a backup for forensic purposes if you can.
you don't say what version of the system it is and what it runs as services.
there are rootkit finders in the ports under 'security'
if you installed from CD see if you can get it from there..
More information about the freebsd-hackers
mailing list