ssh binary modified
Jan Muenther
jan.muenther at nruns.com
Sat Nov 27 13:29:55 UTC 2010
Hello,
yeah, that box has been taken over. Now, before you nuke it and
reinstall from some trusted media, I'd try and give finding out what
exactly happened a shot. My point is that if they got in through e.g. a
flaw in a custom web app, just newly setting up the machine and
resetting the passwords is not going to make it all go away.
You don't have to be a forensics expert to at least have a long good
look at the log files.
Cheers,
Jan
More information about the freebsd-security
mailing list