Help. My FreeBSD 8.1R machine may be hacked!!?

I reinstalled my machine from sources, after I noticed that sshd binary was modified too. After all SirDice were right about wiping :)
 
If you just rebuild from sources it cannot give you security, cus you using dangerous compilers/linkers/utils for this.. So you should reinstall from CD =)
 
Alt said:
If you just rebuild from sources it cannot give you security, cus you using dangerous compilers/linkers/utils for this.. So you should reinstall from CD =)

This is true. Google these terms to know more:

trusting trust attack and Thompson hack

It's alway best to do a complete wipe and start from a clean install.
 
Oh.. I finally had a quick look at that bsd file edhunter found on his machine. It's an IRC bot that can be used for denial of service attacks. Most likely it's based on kaiten.c as it shares a lot of similar strings and commands.

Portaudit should be able to detect if you have the vulnerable version of proftpd installed.

Edit: found a reference to a source file. It's knight.c.
 
Back
Top