Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
guys I decided to port forward on my router to my ubuntu box, so I can access my files when I'm away, 5 min after that, my pc stop responding, it will not render control over the mouse or kayboard, first thing I did was to close the port at the router, now what live cd's you guys recommend I use to clean up my box?
What port(s) did you forward? 135 and 139? Those might have been attacked but it shouldn't hurt your box. If you have lost keyboard and mouse you probably had a driver crash. Try to ssh in from another computer and restart services on the box that is locked up. It probably isn't locked up, by the way, but merely keyboard and mouse are dead.
If you can't ssh in, then reboot it.
In the future, you'll find that using ssh -Y is the best way to go.
What port(s) did you forward? 135 and 139? Those might have been attacked but it shouldn't hurt your box. If you have lost keyboard and mouse you probably had a driver crash. Try to ssh in from another computer and restart services on the box that is locked up. It probably isn't locked up, by the way, but merely keyboard and mouse are dead.
If you can't ssh in, then reboot it.
In the future, you'll find that using ssh -Y is the best way to go.
no, I'm in front of the computer, and yes I forwarded ssh, I opened 2222 on my router and forward it to 22 on my ubuntu machine, I just rebooted with sysrescuecd and ran clamav, chkrootkit, rkhunter, and came back negative...I've also rested the machine numerous time no help there either...running out of options here
Do I understand correctly that you enabled SSH access to your computer from the Internet? If so, did you have strong passwords on all accounts? Did you disable root login via SSH? If not, it is possible that somebody (or something) logged in and did something malicious. (Although 5 minutes seems kind of quick to me for a non-standard port.)
If somebody did login I would think it likely they installed a root kit. You can run chkrootkit from KNOPPIX after mounting the partition:
Code:
chkrootkit -r /mnt/sda1 | less
(change /mnt/sda1 as appropriate)
Beware that chkrootkit can have both false positives and false negatives. Search the Internet for help with it. You can also checkout Rootkit Hunter.
If you decide a rootkit was installed, it is probably best to do a reinstallation since you can never be sure you have removed everything malicious.
first thing I checked was the auth.log, and no one logged in, as far as rootkit, I booted from sysrescd and ran chkrootkit, rkhunter, and for good measure ran also avscan after updating the virus definition, it seems a bit odd but after restarting the machine several times, it started to respond again, I suspect it might have been the kvm switch...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.