Question : Server has been compromized: psyBNC and eggdrop

Hi All,

My freeBSD server has been compromised; I have found a few instances of implanted directories with the standard IRC stuff: psyBNC and eggdrop. I have removed all these files and also disabled IRC ports. What can I do to prevent it in the future?

what I have done:

1) run chkrootkit and rkhunter - nothing has been found
2) checked all the processes ps -efl (nothing bad)
3) removed implanted crontab for psyBNC

what else can I do?

how can I prevent uploading foreign files and creating directories? users on my server do not have ftp access, so it could be done only via web interface.

How can I add .htaccess to prevent creating directories, for example? (the 1st remedy that comes to my mind)

Please, advise

Answer : Server has been compromized: psyBNC and eggdrop

Hi!
There are many things you could do to secure your system.
One idea is to google for "freeBSD security checklist".

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html

Regards

Random Solutions

whats the difference between sharing and security?

Problems with Trust Relations

Server backbone or Teamed Nics?

WiFi will not connect when not logged into the domain

The Network Path Could Not Be Found

Networking a SMALL business (desktop and laptop) efficiently?

Zoom X5 DSL modem as a bridge.

Add an extension to a Vonage line

How do I fix Mismatched Glue error?

Sender ID pra not permitted, only fails from Lotus Domino server