LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-04-2010, 03:10 PM   #1
pwabrahams
Member
 
Registered: Nov 2005
Location: Deerfield MA
Distribution: OpenSuSE, Kubuntu
Posts: 272

Rep: Reputation: 41
Keystroke logger infestation?


One of my websites has been hacked, and the hosting company thinks we might be suffering from a keystroke logger. We have a number of different computers here, mostly running Linux (OpenSuSE and Kubuntu) but a few running Windows as a dual-boot.

Is there a way I can check the safety of my Linux systems? Have there been problems with malicious loggers under Linux? It's tempting to say that it's all the fault of the Windows systems, but that might be false optimism.
 
Old 10-04-2010, 03:21 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Every operating system has key loggers, viruses, etc. Run chkrootkit and rkhunter on the system at the minimum. In windows bring it up in safe mode without networking and run several good virus scanners over the machines and check hijackthis and verify everything seems sane. Then evaluate potential other methods you could be exposing your passwords, do you type them into unencrypted webforms? Are you running a control panel of any kind? Are you using ftp or pop3/imap without ssl? Are all the versions of your software up to date? etc.
 
Old 10-04-2010, 03:28 PM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,769
Blog Entries: 1

Rep: Reputation: 410Reputation: 410Reputation: 410Reputation: 410Reputation: 410
Quote:
One of my websites has been hacked, and the hosting company thinks we might be suffering from a keystroke logger.
Can I ask why they think that? In this forum we like to have evidence before we start theorizing as to what the issue might be.

Quote:
Is there a way I can check the safety of my Linux systems? Have there been problems with malicious loggers under Linux? It's tempting to say that it's all the fault of the Windows systems, but that might be false optimism.
There certainly are keystroke loggers that will work under Linux, but like any software, someone would have to gain root access to install it and get it to run.

So probably the place to start is to describe a bit more about the computers, such as the distro they're running and the status of patching. Also, what kinds of services are run on them and are they exposed to a LAN or the internet? It would also be useful to know how physically secure they are and if strong passwords are enforced, particularly for the root account. The more details about the systems and environment, the better.

As a start, you might run ps -afxwwwe to see if anything unusual seems to be running.
 
1 members found this post helpful.
  


Reply

Tags
keystroke logger, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Clicksor infestation in Firefox / Linux pwabrahams Linux - Software 4 03-08-2010 07:15 PM
WARN: Mystery infestation strikes Linux/Apache Web sites win32sux Linux - Security 5 01-28-2008 10:38 PM
System logger & Kernel logger service start twice? quanta Fedora 0 12-07-2007 06:09 AM
keystroke logger??? paugros Linux - Security 18 03-24-2005 12:06 PM
new worm KEYSTROKE LOGGER witeshark General 36 02-02-2004 12:44 PM


All times are GMT -5. The time now is 08:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration