[ This probably belongs on freebsd-security, instead... ]

Wayne M Barnes wrote:
> How can I best recover from, and defend myself from, a hacker
> who breaks into my system and runs a program called psybnc
> without my permission? I think he is using my system as a
> front/slave.

Yes. Unless you installed an IRC bouncer-- or whatever it was being used for--
yourself, it's a safe bet that your machine was hacked. You haven't identified
much about the system-- OS version, what service was compromised (if you know,
and you should investigate that), as well as form an incident timeline.

The best way to recover is to backup the compromised system, for recovery of
your data and later forensics if you (or your ISP) chooses to investigate
further.

Reinstall the latest version of FreeBSD from a known-good image, possibly using
CVSUP to upgrade to -STABLE or the security branch for your version
(RELENG_4_7?).

Then restore your data (after making sure nothing was compromised...that means
do not copy date, especially executables without checking them against prior
backups).

> For now, I have killed psybnc, deleted the directory of stuff
> that he put in, and changed my password. Is that any good?

It's a good starting point, yes, but it certainly isn't sufficient.

> Can there be a real vaccination built in to FreeBSD?

Yes. It's easy to compare your system against the software from the OS install
disk; where many people encounter problems is with the changes they've made
afterwards themselves. How complete are your backups?

-Chuck

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]