[SOLVED] Mouse, keyboard, window getting hijacked by unknown hacker
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
probably I would try to download an iso (from "outside", using a safe line), and boot from that liveCD. And from that system you may try to reset your router and upload an official firmware. But probably cheaper and faster to buy a new one.
No, this guy obviously either has an open port leading to X-windows, or, more likely I think, he does have a malicious neighbor playing with Bluetooth. And, if his router has firewall capability, it is obviously turned off.
AND, thus the need for protections on the boxes INSIDE the network: placed before you first connect. If the enemy is already inside your network, the security on each node is your only remaining protection.
I wish some one of us with security experience lived close enough to track the worm down and throttle it. (Figure of speech folks. No actually throttling going on here.)
Pete lq. I was going to say this! A harmful hacker tries to remain undetected as long as possible. However, best to be cautious.
I've experienced bluetooth hacking from a neighbour who was using it to turn on wifi in both Win10 and linuxmint. I had a really fun time with android bluetooth also being hacked on tablet and me installing LM 17.3 hacked .iso.
I'm in a bind & looking for info re a good bluetooth firewall as I use bluetooth to communicate with tablet, tv, mobile phone, laptop as I am hearing impaired.
If your new Linux install seems to get pwned everytime, you really need to throw the router away, as it is very likely that the routes and DNS on it are poisoned. You must have antagonized someone really that bad.
Not really, could be evil kids, people wanting a botnet setup, or free internet.
My neighbours are just a'holes. Hacked & abused my internet twice with $200 then $400 monthly bills. ISP didn't charge me thank god. Fortunately I got heaps of evidence & ISP & Aust Fed Police verified and dealt with them.
Unless OP's webcam has been hacked, my guess is a
neighbour or their kids.
No, this guy obviously either has an open port leading to X-windows, or, more likely I think, he does have a malicious neighbor playing with Bluetooth. And, if his router has firewall capability, it is obviously turned off.
I wish some one of us with security experience lived close enough to track the worm down and throttle it. (Figure of speech folks. No actually throttling going on here.)
Know what you mean! Before I reverted to ADSL2 I tracked down two of the SSID's I had identified on my laptop as the wifi hackers eg screenshot of them trying to connect to my router etc. When strolling with my tablet, I would be repeatedly disconnected in front of their house with their SSID taking over. Police & ISP confirmed and acted.
Afterthought, save data and using a clean live cd, change all permissions and esp use chmod -R -x * to render them nonexecutable. Then save them on clean media or better DVD.
Then make sure no rootkit is in mbr by "zeroing" ALL drives including your backup drive.
dd if=/dev/zero of=/dev/hda.
This writes zeroes all over drive hda. Can use /dev/urandom also.
Go grab a coffee, stop it, then format the drive. Their is an option to specify size to be overwritten which I can't remember.
I'm back,
I checked my router, it was busted, or atleast the logging stopped and date was changed to 2010. There was no available firmware update, so instead I did a hard reset and tried to harden against Netbios / LLMNR on my linux, set os firewall to public, and so far the attack stopped, but I still feel vulnerable about the router, I had two modems at home one for wifi, but my isp connected them under the same line therefore it's still capable of getting infected again, plus I get the feeling that this hacker is persistent. What's next? should I go for antivirus and anti-rootkits?
Also, how do you harden against MDNS, QUIC and SSDP? Or is there such?
Code:
chmod -R -x *
wouldn't this also affect the linux system and the apps I use?? I'll check the dd.
Quote:
really? another systemd hater?
I take back my word, I found that this distro also has systemd...
Quote:
No, this guy obviously either has an open port leading to X-windows, or, more likely I think, he does have a malicious neighbor playing with Bluetooth. And, if his router has firewall capability, it is obviously turned off.
I'm using a traditional desktop, it doesn't have bluetooth. As for the phones, mine wasn't enabled, one of my friends tried a factory reset and the phone was suddenly filled with adware, she was forced to replaced it only for it to get infected gain. I think he's more like a lunatic with sadistic intent than an evil child.
"set os firewall to public" this is normally the default.
I'm not sure what you're saying re wireless LAN but I'd turn off wifi and actually remove the network as well, at least till you've got ethernet LAN tied down as securely as possible. Reason - Reaper and rainbow tables.
"plus I get the feeling that this hacker is persistent. What's next? should I go for antivirus and anti-rootkits?"
Why not? A rootkit on hard drive could explain the persistence issue. A trojan connecting with hacker.
"wouldn't this also affect the linux system and the apps I use?? I'll check the dd."
I did say DATA. Apps should be installed with new install. The aim is to remove rootkits in mbr, which is not affected by simply formatting.
"As for the phones, mine wasn't enabled, one of my friends tried a factory reset and the phone was suddenly filled with ..."
You also have to turn off scanning, discovery as well.
What if they reset it someplace away from where you live?
This does indeed sound like a psychopath is at work. They feel in control and find it amusing to hurt others.
Have all your neighbours contacted their ISP? Numerous complaints may bring action. It may also be an ISP network issue.
My router got wrecked again after entering the internet. Wireshark has been receiving gibberish search queries and network errors, this is scary.
By the way, thanks for your advice you've been all a great help. I going to try out the rest of the solutions you've all shared. Wish me luck in saving my computer guys!
do you own or rent
If you rent don't rule out someone using the land lord's key
or a previous tenant using there key
I've had land lords that handed out keys to my apt like business cards
you could try using a thumb drive to boot the computer
put the thumb drive on your key chain so you don't leave home with out it
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.