LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Closed Thread
 
Search this Thread
Old 12-19-2007, 06:49 PM   #46
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 115Reputation: 115

I think it is pretty clear that OP has a serious problem, but it is not a technical problem.

With all due respect and sympathy for what must be a hellish situation, OP should be talking to mental health professionals, and not to computer geeks.
 
Old 12-20-2007, 08:47 AM   #47
techwatcher
Member
 
Registered: Aug 2006
Distribution: MEPIS
Posts: 73

Original Poster
Rep: Reputation: 15
Quote:
Files on a read-only CDROMs cannot be changed.
Duh! Yeah, I knew that -- that's why I'm only using a CD-ROM drive, and only using a CD-ROM disk. *sigh*

Look, I know this situation is hard to believe. I do know that, really: I know that even hackers seem to be completely unaware of this capability, because I've searched. That's why, despite all this abuse, I'm still communicating here: some of you may need to know about this. Freedom (i.e., learning enough to withstand this new abuse of civil rights by FBI or other agencies) is more important even than catching terrorists, imo.

Here's a technical, indisputable fact: The rsyncd.conf file has never been found on my system again, except it or similarly spelled files (rsyncdconf) appear somewhere under /usr, when I've been able to run the "find" routine. (As I previously mentioned, sometimes I can't click anything effectively.)

Previously, I had been watching shut-down messages (when I shut down the PC instead of pulling the plug), and I used to see that rsync had been shut down. So one day I read the man pages on rsync. The next session, I rm'ed that rsyncd.conf file. After that day, no more rsyncd.conf has ever been accessible to me (for deletion) on my system. Can someone explain that? Because CD-ROM disks can't be altered, you know, so the files installed should be the same, day to day.

Someone here said something useful about Getty, too. I had been doing other things that somewhat disabled the TTYs -- showing up in the who -aH listing (although not visible in who listing alone). I was trying to do this because I could not force the boot-up routine to accept the single-user option, and I thought perhaps the hacker(s) used one or more of those TTYs.

Today I managed to open the Process Table of KDE System Guard again (I'm not always able to open applications; sometimes they die, without a message or warning, while the hourglass is spinning). I killed a couple of the Getty processes. (These processes don't show up on the netstat, at least not in options I've tried, so I don't know how else to get the PIDs so I can kill them.) As I was killing the first of them (by typing
Code:
kill [pid]
in a root shell within konsole), ALL of them (other Getty's) disappeared, all at once, from that Process Table. Hmmmm. (Now the ID's are trying to "spawn too fast" all the time, and I've been online without any slowdowns for about 5 hours. )

I'm fairly new to Linux, but not at all ignorant about computers in general. I have been a professional programmer from time to time, as well as a documenter (languages included APL, FORTRAN, BASIC, BBL, even one horrid C+ program I wrote for an academic friend). I even taught programming or "computer" classes in two institutions.

No, I am not mad or paranoid. Yes, I have contacted ACLU (aclu for NC), and other lawyers I've been able to find online who might be able/willing to help.

I came here for two reasons:
To try to get a better understanding of HOW my system is being accessed (I know little of ports, sockets, etc.), and
To warn the community of an UNKNOWN (and surely illegal) spying capability.

I do very much appreciate the little technical information I have been given here. If anyone can suggest how someone physically nearby could have been using rsync without my having a known wireless capability (on a 2001 PC) or being connected (via an Ethernet cable) to the Internet, that would be useful. If anyone can suggest how I should check my... ports? sockets?... and DISconnect them unless they are running through my browser, that would be very useful, too.
 
Old 12-20-2007, 09:43 AM   #48
techwatcher
Member
 
Registered: Aug 2006
Distribution: MEPIS
Posts: 73

Original Poster
Rep: Reputation: 15
While I was typing text within a message field in an art-related forum board (looks a lot like this forum board, actually ), I got a message that the system log app had just crashed. How can my typing online (in a field like the one I'm typing in right now) have caused that? The CD-ROM had started spinning while I was typing; I'm used to that by now.

I'm no longer randomly removing directories and files from the system, btw. When I first started this hacking of my own system, having no information, I had to explore to see what worked, so I did a lot of deleting of files or directories just to see what the effect might be. But that was 6-7 weeks ago, and I no longer delete randomly.

Now I have a routine set of files or folders to delete. This includes cups-related files (cups or cupsd, networks properly used for printing), samba's .conf file in /etc/samba, a bunch of files in /dev, and so on. I no longer delete anything randomly. The only apps I run myself are Firefox and (just today) Kate, aside from utilities like konsole, Ksyslog, and (today) Process Table.
 
Old 12-20-2007, 01:45 PM   #49
dbogdan
Member
 
Registered: Feb 2005
Location: Metro Detroit, US
Distribution: Suse/Slackware/Mepis
Posts: 174

Rep: Reputation: 30
Dear "upstairs" FBI agents.... ( I KNOW you are reading all of this thru the floor cause of your uber leet haxorz skilz)

I beg you to allow techwatcher (your 'subject') to remain online for longer periods of time....

This thread is far too entertaining to limit.....

Feel free to hack my pc as well, my IP address is also 127.0.0.1 localhost so you should not have to modify any of your nuclear powered infrared laser scripts.

I'll also be more than happy to boot off of a read only CD so you can modify/overwrite the important files as well.

So, pleas>>>>>>>>>>>>>>>>>>> Carrier disconnected...

ssh root@localhost
********

Welcome to the matrix

mcp#
 
Old 12-20-2007, 08:04 PM   #50
gd2shoe
Member
 
Registered: Jun 2004
Location: Northern CA
Distribution: Debian
Posts: 835

Rep: Reputation: 49
Let me rephrase part of the problem here. If someone is clever enough to hack into a fairly well secured linux box (read running a live CD), then they are bright enough to avoid causing these massive anomalies that you are describing. They would have to go out of their way to intentionally cause your programs to crash, or change the tint of you monitor. There are only three choices:

These problems are being caused by a physical hardware problem.
These problems are being caused by by your manipulation.
These problems are being caused by pranksters.

I repeat, if the FBI were hacking into your system, they would do so capably and practically invisibly.
 
Old 12-20-2007, 09:14 PM   #51
dasy2k1
Member
 
Registered: Oct 2005
Location: 127.0.0.1
Distribution: Ubuntu 12.04 X86_64
Posts: 958

Rep: Reputation: 35
you say one of the problems is that the cd drive is spinning up and wont stop...

and you are using a live CD?....

thats totally normal for a live CD!
 
Old 12-21-2007, 06:32 AM   #52
techwatcher
Member
 
Registered: Aug 2006
Distribution: MEPIS
Posts: 73

Original Poster
Rep: Reputation: 15
Of course it is normal for a live CD to spin up, such as when we ask the system to do something new. But this CD drive sometimes spins up and will not stop, not at all, even if I try to eject the drive. (It's been a few weeks since the last occurrence of that, though.) Other times it spins up when I have not asked it to do anything new, and no new process seems to result.

This morning I am seeing occasional bursts of "getty's" in the ProcessTable, and I'm killing them (not as fast as they're reported). I'm not initiating those processes, certainly not knowingly, anyway. There'll be a long string of them, with PIDs that are sequential for a short while, then skip, like this (this is my killing them while my path is /dev):
Code:
root@1[dev]# kill 8534
root@1[dev]# kill 8545
root@1[dev]# kill 8552
root@1[dev]# kill 8562
root@1[dev]# kill 8563
root@1[dev]# kill 8564
root@1[dev]# kill 8572
root@1[dev]# kill 8573
root@1[dev]# kill 8582
root@1[dev]# kill 8583
root@1[dev]# kill 8588
There are only 5 tty terminals in runlevel 5 anyway, right? So why or how is the system, itself, producing these requests? (I blocked this process anyway, so even a running getty doesn't get one. I don't want to say online how I'm doing that.)

I searched today (find file:/ include subfolders checked) for rsyncd.conf, because last night when I shut down (normally, instead of pulling the plug), I noticed rsync did shut down again. The only copy on my own system is in /linux/usr/share/doc/rsync/examples/. When I shut down (if I can do it normally) after this session, I'll note whether rsync is running during this session and try to report back.
 
Old 12-21-2007, 07:35 AM   #53
terrio
LQ Newbie
 
Registered: Jan 2007
Location: Halifax, NS
Distribution: Linux Mint 11
Posts: 29

Rep: Reputation: 15
This is the best thread. If their were a LQ Members Choice category for best thread of the year, this wins hands down.
 
Old 12-21-2007, 10:29 AM   #54
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
It's quite normal for getty processes to be there, and when you kill them, for them to re-spawn. On many distros this is controlled by the inittab file. I just tried to find it on my Ubuntu Gutsy system and there is not one, so I assume a new mechanism was introduced when they chanced the init system a release or two ago. Does anyone know what is used now?

As the for CD... You can't eject a LiveCD when it is in use because it cannot be un-mounted. You cannot un-mount a filesystem for which there are open files, and there are always open files on the LiveCD.

As for the spinning up... many program (especially GUI programs) have timers in them which trigger events on basis regular basis. If these events run code which is mapped to a part of a binary file or library which is not in memory, the CD will spin up. Exactly how often this happens is very difficult to predict and it can happen at unexpected times. This is completely normal for using a LiveCD.

As for your secret "method" of stopping the getty processes I dread to think... You mentioned earlier that you have been randomly deleting files and directories, without apparently having any idea what you are doing. It's little wonder that your computer is behaving erratically.

Without even knowing what your method is, I can tell you now - don't do it. You simply don't understand your system enough to be messing about in the way you are and expect anything other than terrible results. Moreover, it's extremely irritating to me that you mess with it like this and then come here and expect people to be able to help you because your system is behaving strangely. I am inclined to believe that this thread is either a joke, or a case of PEBKAC.
 
Old 12-25-2007, 04:03 PM   #55
techwatcher
Member
 
Registered: Aug 2006
Distribution: MEPIS
Posts: 73

Original Poster
Rep: Reputation: 15
As I said, I'm no longer randomly killing files or directories; I did that many weeks ago because I had no access then to documentation that would help me learn about the system.

Okay, well, I've decided to post the real reason I know my system is being hacked just about from the moment I first turn it on. I wasn't saying this earlier, because now they will read this and know how to fix all their problems:

The version of Mepis 6.5 (32-bit) I'm running is obviously not the same as the one they think I'm running. I knew this when they first started their new approach to taking over my machine at boot-up, because
the splash screen is DIFFERENT. Okay? My CD's splash screen didn't used to look like it looks now. Now, there are F-key options at the top, and a white border or screen with smaller blue box in it, listing the various boot MEPIS options. So I knew they had started hacking in such a way that my system is simply a node on their existing system from the time I start.

Also, of course, all the BIOS options they alter are a clue. They always start now with Security: keyboard locked/keyboard unlocked, although I never set that in my BIOS. Earlier, the keyboard wasn't responding properly as I used the down-arrow to get to the option (60-MHz) I use; there was a very discernible delay before the keyboard (my tapping the keys) would 'synch' with the visible response on the monitor. Ever since I mentioned that on this board, that delay doesn't happen anymore.

They are using serial ports & game ports although I disabled them in the BIOS earlier. Now, I'm just using default BIOS, except altering the Startup sequence, since I have no HD or floppy, but I was earlier disabling those ports -- and they were using them. Are using them. Anyway, I hope now I've posted enough that savvy hackers (who won't have posted here) have a clue what to look for. Now that I've really given the game away, I expect I'll only be able to access the Internet from the library, when I can get out safely again.
 
Old 12-27-2007, 09:21 AM   #56
techwatcher
Member
 
Registered: Aug 2006
Distribution: MEPIS
Posts: 73

Original Poster
Rep: Reputation: 15
Okay, they haven't been able yet to shut me out of the Internet, and I have a couple specific questions:
The KDE System Guard Process Table lists a couple processes I want to kill. I killed them last night without any problem, but today (even though I'm running again as root this morning), I can't kill them: wrap_wq is the first, and right after it is ndis_wq.

I suspect these are related to what I used to know as "ndiswrapper" which has to do with NetBIOS, so I want to kill them. Anyway, as I said, last night I killed them from Konsole with no problem, but I can't use kill <pid> today to kill them. The sysguard's own "send signal" (SIGTERM, SIGSTOP) is also having no effect on them. Any ideas?

My second question: This is actually my second attempt today to get online. First time, I had accidentally left the Ethernet cable (from router) plugged into cable modem. When I thought I was ready to launch Firefox, turned out I could not launch any app again. When I used "shutdown now," hackers tried to intercept and restart... (eventually I pulled plug). Anyway, I saw an unusual message (which I'm copying here from my hand-written note):
Code:
Starting Common Unix Printing System: cupsdcupsd: Child exited with status 1!
Now I do know about CUPS, that it is a sort of network supposed to be used for printing. I've been killing bits of CUPS for days, since I know that's one way they were getting into/trying to get into my system. But I never saw this before, and have no idea what it signifies. Can anyone help me figure out what to do, if anything, about this?

Btw, I had trouble finding this thread today, because it was listed quite far down. An advanced search found it, but listed an incorrect 'last post' date.
 
Old 12-31-2007, 01:23 PM   #57
techwatcher
Member
 
Registered: Aug 2006
Distribution: MEPIS
Posts: 73

Original Poster
Rep: Reputation: 15
When I tried to get online again that night, the CD disk wouldn't even spin up fully. They finally learned enough about how that PC works to shut down the drive after I entered my boot options, I guess. No one has any answers? Guesses? I'm entering this from a 'Net Cafe.
 
Old 12-31-2007, 10:32 PM   #58
techwatcher
Member
 
Registered: Aug 2006
Distribution: MEPIS
Posts: 73

Original Poster
Rep: Reputation: 15
Well... By removing the battery to completely reset the BIOS, I was able to restore PC's functioning. (Anyone want to suggest how resetting the BIOS in this way could restore CD-ROM function? Thought not.)

My monitor is still wrong (looks like wrong resolution/size, currently), but I can function online at home again, currently.

Isn't anyone here able to point me to useful "man" items? The problem I'm having with the documentation is that it's fine if one already knows the specific routine (i.e., rsync) to look up "rsync" -- but I don't know the names of these routines. How can I read the manual to find out more about shutting down networking, not knowing what to enter as a relevant term? Just the other day I finally learned that eth0 and lo are called "interfaces." Couldn't someone explain things like this, or point me to an overview which will help me understand the vocabulary, at least?
 
Old 01-01-2008, 02:31 AM   #59
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
OK, I'm pretty sure this is just a mindless troll now. Goodbye. *unsubscribes from thread*

[edit]by the way, Happy New Year all[/edit]
 
Old 01-01-2008, 07:12 PM   #60
seelenbild28
Member
 
Registered: Oct 2005
Location: Germany, Berlin
Distribution: SuSE Linux 9.1/9.2/9.3/10.0/10.1, openSuSE 10.2, 10.3, Slackware, Debian, Redhat, BSD
Posts: 315

Rep: Reputation: 30
troll or ork*g

Last edited by seelenbild28; 01-01-2008 at 07:13 PM.
 
  


Closed Thread

Tags
localhost, mepis


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache : localhost/ works localhost/index.html does not PhilA Linux - Server 4 05-27-2007 08:32 PM
MySQL: Why are there two roots localhost, and localhost.localdomain? paulsiu Linux - Server 6 04-18-2007 10:43 AM
Change localhost name in username@localhost n175uj Linux - Newbie 4 07-01-2005 09:25 PM
Message from syslogd@localhost localhost kernel: Disabling IRQ #21 ylts Linux - Hardware 0 02-26-2005 09:01 AM
dns requests from localhost to localhost keex Linux - Networking 2 11-13-2003 02:47 PM


All times are GMT -5. The time now is 12:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration