[SOLVED] Someone uploading information without permission!
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have instances of someone uploading information from my computer, this happens somewhat often.
Today I was searching for a recipe when all of a sudden my screen dimmed, the search ended and my DSL modem was working like crazy.
No way to tell (as far as I know) if it was uploading or downloading but sense I was doing nothing I'm damn sure someone is uploading information! This went on for 5 minutes give or take!
I have the selections set to "NO" for any of this type of activity in Firefox/Edit/preferences including updating of anything.
Can anyone tell me what is going on?
Running Ubuntu 12.04. Install all updates as soon as they come in on a daily basis. This week alone the system has downloaded and installed over 170 MB of updates.
If you guys have the time I would really appreciate some help.
Do you have a wireless router? If so, the first thing to do is change your wireless password, as well as your computer user password(s); you should also change your router password (see the manufacturer's website or the docs for your router for instructions). Your router may also maintain connection logs; it would be worth looking at them.
Since you are using Linux, it is unlikely that you have a virus in the classic sense, but it is possible that you might have been victimized by some "social engineering" or browser exploit.
Do you have a wireless router? If so, the first thing to do is change your wireless password, as well as your computer user password(s); you should also change your router password (see the manufacturer's website or the docs for your router for instructions). Your router may also maintain connection logs; it would be worth looking at them.
Since you are using Linux, it is unlikely that you have a virus in the classic sense, but it is possible that you might have been victimized by some "social engineering" or browser exploit.
Hi Frank. No router connected. Just a DSL modem connected to the wall jack with my telephone to the second wall jack
Hi Frank. No router connected. Just a DSL modem connected to the wall jack with my telephone to the second wall jack
It's always better to put a router between your computer and the modem. Then nobody can connect directly to your computer from the internet. Your computer is given a local, non-routable ip address by the router, and it acts as a shield. This is assuming, of course that your DSL modem is not actually a router as well - sometimes they are all-in-one boxes. You should be able to tell by checking your computer's ip address - if it starts with something like 192.168.x.x or 10.x.x.x then your modem is probably also a router, because those address ranges are non-routable. You can get your ip address by typing ifconfig at the console, usually. This presents a lot of info, but look for the bit that says something like "inet addr".
There are tools to check for rootkits, but I don't know offhand how up-to-date or effective they are (especially if you already have an infection). But it's worth a try: Look for chkrootkit and/or rkhunter. Both should be available for free via apt-get or whatever you use.
I always install tripwire on my machines, and configure it so that it can pick up when important files have been changed without my knowledge. It's too late for your current situation, though, tripwire is something you set up very soon after you have set up the computer (and preferably before exposing it bare to the internet).
Honestly, 99.9% of malware issues can be avoided by following these rules:
1. Never click on links in emails, unless you know for a fact where it came from. Hover your mouse over the link to make sure it's going where it says it's going.
2. Install AdBlock Plus (for Mozilla-based browsers)
3. Always try to have your computer behind a router, this is your first line of defense
4. Learn about making firewall rules for your computer, e.g. iptables
5. Turn off or disable all services that you don't use
If you're already infected then the best course is probably to get a router, then backup all the personal files on your computer (i.e. the ones that you generated or saved, that wouldn't be replaced by a re-install), then do a complete system wipe and re-install from scratch. Re-partition and format the hard drive too, just in case there's some nasty in the boot sector. Then you reinstall from behind your router, with confidence that nobody can connect to your computer from the outside during the install and post-install period. Then lock things down, install tripwire so you have a good snapshot of how things should be, and you should be good to go.
Be safe, but personally I think you're just being paranoid. I also have no idea why you think Firefox options secure your network connection... they don't. Screen dimming in Ubuntu just means the system is too busy to do anything else and is usually swapping like hell, or your machine is too weak to run it full speed.
Since you're running Ubuntu 12.04, you might check the firewall, which is usually installed as a default:
Code:
sudo ufw status
If the reply is "disabled", run
Code:
sudo ufw enable
That won't let anything in you didn't ask for.
But for what it's worth, a 32-bit installation of 12.04 has been giving me some grief lately by graying out when I try to update stuff. My solution has been to go to Synaptic, hit Reload, then click Mark all updates, then hit Apply: it does the update job through a different path.
My thanks to Neil. What I thought was just a modem must be a combination Router/modem. IP address starts with 192.168........
It happened again, this time I caught this, waxcdn.com and code.jquery.com. I went to the web sites they are some sort of new technlogy that downloads information (Not upload) faster that companies are evidently starting to use in delivering information to the computer. So, evidently I don't have a problem.
albinard, I made a mistake when I said I was running Ubuntu 12.04, it's 14.04, sorry.
Why it dimmed my screen I do not know! My system has more than enough power/ram/disk space.
Maybe I was parinoid, but I would rather be that than sorry!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.