LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Gentoo
User Name
Password
Gentoo This forum is for the discussion of Gentoo Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 07-11-2012, 08:03 PM   #1
dwmolyneux
Member
 
Registered: Feb 2012
Location: United States of America
Distribution: "First Time Gentoo user",Debian, Fedora, LinuxMint
Posts: 113

Rep: Reputation: Disabled
Angry New System taken over by unknown remote....


Hi. I had done a fresh install of Gentoo. Installed a few drivers needed. Installed x11.org . installed Gnome.

My computer was then left without any connection to the internet and was shutdown & unplugged for alittle over a month.

I reconnected and powered it up for the first time since. Not even 5 minutes after booting up to run updates and installs, I watched as someone had taken remote control of my system and running commands to force download files from some ftp server.

How do I regain control of the system and secure it or am I SOL and having to reinstall from scatch again?

I know the information is located some where in the handbook but I was not locating it.

How do I protect a new install from future events of things repeating?
 
Old 07-11-2012, 08:18 PM   #2
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, Slackware-14.1, PCBSD-10.0
Posts: 2,427
Blog Entries: 14

Rep: Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590
Unplug the system from your network and then go through your accounts and eliminate any remote access accounts, user accounts, reset passwords, and possibly implement a firewall through IPTables as well as look into the Hardening Linux handbooks around the internet on how to prevent a hacker from accessing and controlling your system.
 
Old 07-14-2012, 01:00 PM   #3
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,029

Rep: Reputation: 368Reputation: 368Reputation: 368Reputation: 368
Quote:
Originally Posted by dwmolyneux View Post
Hi. I had done a fresh install of Gentoo. Installed a few drivers needed. Installed x11.org . installed Gnome.

My computer was then left without any connection to the internet and was shutdown & unplugged for alittle over a month.

I reconnected and powered it up for the first time since. Not even 5 minutes after booting up to run updates and installs, I watched as someone had taken remote control of my system and running commands to force download files from some ftp server.
How? Where? Describe what you saw. From what you are telling us, what you are seeing could just be the regular output from emerge on a terminal. Details, please.


Quote:
How do I protect a new install from future events of things repeating?
Any casual attacker can't just break into your system using hocus pocus spells. They must reach a server that's running in your machine (apache, lighttpd, amule, mldonkey, mysql, etc.). At most they could break into your user account using specially crafter sites if you are running a vulnerable browser.

So, please, describe the real symptoms instead of telling us what your impressions are.
 
1 members found this post helpful.
Old 07-14-2012, 01:15 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by i92guboj View Post
How? Where? Describe what you saw. (..) Any casual attacker can't just break into your system using hocus pocus spells. They must reach a server that's running in your machine (apache, lighttpd, amule, mldonkey, mysql, etc.).
I agree: proper analysis and mitigation should be done first.

@OP: while no longer maintained the CERT Intruder Detection Checklist might help you focus your efforts if you don't know where to look.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MYSQL Unknown system variable Stephan_Craft Linux - Server 3 11-25-2009 04:13 AM
Unknown Error - System shuts down piva.francesco Ubuntu 1 06-09-2008 05:41 PM
Unknown ports open on my system Raveolution Linux - Security 4 01-12-2007 04:40 PM
Unknown System Crashes Darkhack Linux - General 9 07-07-2006 07:16 PM
Remote connection UNKNOWN host scoban Linux - Networking 2 07-14-2005 10:09 AM


All times are GMT -5. The time now is 07:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration