Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I just installed Samba today, and it all seems to be working correctly, I can access my Linux home directory from my Windows PC's, and I can access my Windows computers from my Linux computer.
However, I was browsing my Windows share via Linux, and noticed the following text file:
Be VERY careful sharing files out on your PC.
I can see your entire drive over the internet and was able to create this file.
I could have deleted anything I wanted or accessed your personal data.
Unshare your drive or other more devious people will do the above!
Have a nice day.
for more info.
Is this a genuine breakin, or is this file created when I used samba?
I use samba for years and never found something similar !
First, don't panic! Shut samba down, and get offline. Now think about it:
-Can this be a joke of your friends ?
-What permissions are set (open to the whole world ?)
-Is there a firewall not working ?
-Check if there are other new files or changed files !
And then run a Antivirus tool from CD, not from the harddisk. Don't forget to check ALL files, even those on the linux boxes (a virus can't harm linux, but the windows PC's can get it again).
Finaly close the hole in your security and go online.
Google turns up zero matches for any phrase in the text of that file. It's not unlikely that someone could notice your wide-open server within minutes. They were likely just bored and scanning your neighbourhood of IP addresses.
It is likely a good samaritan, running an automated script which leaves the notice, if it can gain the perms.
Okay, so it is a breakin. Secure my system?- How, when I am unsure how they managed to gain access in the first place...
A password is required to access the share, plus I'm behind two firewalls.... I know it's not impossible, but it seems unlikely that I would be hacked this quickly, with the firewalls and passwords and all...
How should I start to go about securing my system. (BTW, the 'intrusion' is on a Windows XP Home laptop)
Originally posted by TBomb Okay, so it is a breakin. Secure my system?- How, when I am unsure how they managed to gain access in the first place...
1 - Try emailing the guy for details on how he did it.
2 - Check vuln sites like securityfocus.com and the like for vulnerabilities in the software you're using (samba, your firewall, etc.).
3 - Make sure your software is up to date.
Also, do a very thorough check for other strange looking files on the share. Just because somebody left a nice note claiming to be a good samaritan doesn't mean they didn't leave something less friendly behind too.
As for fixing this -- is it possible that someone else on your LAN did this as a prank (or is a cracker running some sort of auto-scanner)? If not, double check your firewalls to see if they leak NetBIOS info. Are you using publically-routable IP addresses on your internal network? If not, this becomes somewhat more troubling. Also, you need to make sure that no one got in through any of the ports you do have open. In short, you'll need to do some detective work. Until that's done, it's probably wise to shut down Samba.