GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Looking for FreeBSD Help (https://gfy.com/showthread.php?t=760461)

Boozer 08-14-2007 07:23 PM
Looking for FreeBSD Help
 
Long story short. It appears someone compromised my server and replaced some vital command files ( ls netstat ps du find killall pstree top vdir whereis) to Linux versions.

Does anyone have FreeBSD copies of these files they could send me?

I am hoping to replace these files and begin some sort of investigation and not have to do a OS reload..

Any other possible suggestions?

Thanks

cashbot 08-14-2007 07:47 PM
If the server is compromised then you don't have any other option except to format the drive and reinstall, hope you have good backups. You can't trust anything your server tells you, there could be backdoors anywhere.

Boozer 08-14-2007 07:49 PM
Quote:
Originally Posted by cashbot (Post 12930139)
If the server is compromised then you don't have any other option except to format the drive and reinstall, hope you have good backups. You can't trust anything your server tells you, there could be backdoors anywhere.
I will take my chances.. Awful hard to start anywhere when I cant even see what proccess are running

Intricate 08-14-2007 07:50 PM
hey i can help you out if you want... contact me on ICQ.

cashbot 08-14-2007 07:51 PM
that's why hackers install their own versions of ps, lsof etc... So they can hide the haxor processes they have running.

split_joel 08-14-2007 08:18 PM
Quote:
Originally Posted by Boozer (Post 12930072)
Long story short. It appears someone compromised my server and replaced some vital command files ( ls netstat ps du find killall pstree top vdir whereis) to Linux versions.

Does anyone have FreeBSD copies of these files they could send me?

I am hoping to replace these files and begin some sort of investigation and not have to do a OS reload..

Any other possible suggestions?

Thanks
You really should do a reinstall.

pornpf69 08-14-2007 08:32 PM
format everything...and re install the OS...

rowan 08-14-2007 08:34 PM
Here's another hand for reinstalling from scratch. Restore data, not executables.

Boozer 08-14-2007 08:56 PM
Thanks for the replies.

I agree with an OS reload.

But I would like to at least try and look into the issue before I go through with a re-install.

Without the proper tools I cant see ANYTHING

rowan 08-14-2007 09:20 PM
You need more than people to send you replacement files, get expert help so you can be sure it's not going to happen again.

mikesouth 08-14-2007 09:33 PM
I was a UNIX admin for NASA Im gonna tell you like it is man.

FORMAT and reinstall PERIOD

you are fucked if you dont

and afterwards make sure your security is audited by a real UNIX admin

rowan 08-14-2007 11:46 PM
Quote:
Originally Posted by mikesouth (Post 12930485)
I was a UNIX admin for NASA Im gonna tell you like it is man.

FORMAT and reinstall PERIOD

you are fucked if you dont

and afterwards make sure your security is audited by a real UNIX admin
Better to do it the other way around so it doesn't happen again. Security guy looks at the server now, figures out what went wrong, reinstalls and applies necessary patches.

tASSy 08-14-2007 11:50 PM
total reinstall. it's the only way to be sure if your entire server is compromised.:2 cents:

darksoul 08-15-2007 12:35 AM
Your server must've been really old because its not such a piece of cake
to get root on a freebsd server.
You probably had some 4.x, I would reinstall with a newer version of the os
and have the server locked down by someone who knows what he's doing.


All times are GMT -7. The time now is 11:44 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123