SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there anyway i can tell if some one has hack into my system?
There are a few things you can do to prevent being owned like patching your system and having a hardware and software firewall.
You can run the rkhunter utility to see if you have a rootkit on your system. Besides the odd mouse behavior is there any other reason that you think you've been hacked?
Not too long ago I was assisting an acquaintance with his Linux Mint laptop. Every so often the mouse cursor would move a bit. this persisted a while until I asked him if his wireless mouse was in his pocket and if so, was it "on".
It was, and I called him a dink.
...Sometimes my pointer moves "by itself" too, especially if I hold my thinkpad's mouse nipple in one direction for too long.
Greenfly, I suggest you rule out things like cat hair and dust under your mouse. But installing a firewall and, like hitest suggests, rkhunter is always good advice.
@frankbell - When i was on yahoo noscript i have allow yahoo.com and yimg.com.
@hitest - Thanks,I'll to do scan see it finds anything.
Btw: This what my netstat -ano showed just after that incident.
tcp 0 0 192.168.1.130:45774 206.190.56.190:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:58913 104.76.110.228:443 ESTABLISHED keepalive (0.76/0/0)
tcp 0 0 192.168.1.130:51752 72.30.2.106:443 ESTABLISHED keepalive (2.10/0/0)
tcp 0 0 192.168.1.130:35674 98.139.180.149:443 TIME_WAIT timewait (44.04/0/0)
tcp 0 0 192.168.1.130:41338 72.30.202.247:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:56733 207.244.77.134:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:41521 206.190.57.61:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:58203 72.21.91.187:443 ESTABLISHED keepalive (2.33/0/0)
tcp 0 0 192.168.1.130:60352 45.79.133.136:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:45976 98.139.21.45:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:45683 206.190.56.190:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:36846 52.84.27.193:80 TIME_WAIT timewait (28.17/0/0)
And This is my iptables rules.
Chain INPUT (policy DROP 56 packets, 6876 bytes)
pkts bytes target prot opt in out source destination
12238 15M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
83 4996 ACCEPT all -- lo any loopback/8 loopback/8
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8588 785K ACCEPT all -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED
Last edited by GreenFireFly; 12-11-2015 at 12:04 AM.
Yeah that's dinking and it can happen with a lot of mice. Mainly it affects Bluetooth, RF, and other wireless mice, but I have seen it affect Laser and Optical mice as well as Roller/Ball mice as well, but more rarely. Usually it's from the mouse driver trying to settle into a spot from a previous movement.
Unless you're running an SSH, VNC, or RDP, then it's just the mouse dinking.
I assume your system is patched and that you have an effective firewall. If you need a firewall script, I have a very basic one here.
This to me seems like less of a security question and more an issue with paranoia due to being uninformed about how hackers work.
Hackers do not notify their targets before, during, or after a hack. That would defeat the purpose of hacking a system in the first place. It would be a waste of time to execute a hack only to tell the target to clean up the system, or even take that system offline. Hackers do not hack systems of little to no value. So unless you have some super secret data, you work for a company that has valuable data stored on your desktop at home, or you like to keep your financial or tax records in clear text, you are just being paranoid. Also, just so you know, the mouse moving around on your screen is not a symptom of being hacked.
Sure, being the latest addition to a botnet is a scary thing. This usually only happens to systems that are not using a firewall, not patched, and those systems that the end-user is running as administrator or root. Think, low hanging fruit.
If you are really that paranoid about being hacked then there are some easy things to do to check for rootkits. These are the basic commands that will allow you to identify rootkits on your system.
lsof - list all open files or processes by a user id
netstat - list all open network connections
tcpdump - track network activity on suspect ports
rkhunter - check for rootkits
chkrootkit - check for rootkits
If you are still paranoid after this, use tripwire. It is a host based intrusion detection system that should only be installed onto freshly installed systems. It will guarantee file integrity on your system if you keep the tripwire database up to date. You will be notified by tripwire every time a file has been modified on your system. Not great for home desktops, since files change all the time. Tripwire is better for servers. A fresh installation increases file integrity.
If you are still paranoid after that installing snort.... Use a network intrusion detection system. Install snort on your network gateway, or set up DHCP/DNS on a separate machine that forwards traffic to your gateway. Install snort on this machine and you will be notified by email of any network intrusions. Of course, you have to learn to install and configure snort first.
A browser hack can be averted by using these add ons:
Noscript
AdBlock - ad servers can be hacked too..
HTTPS-Everywhere
Ghostery
Disconnect
Keep browser updated!
Finally, trust in our benevolent dictator and the Slackware development team. These people have the experience and are all knowing. Let them ease your paranoia by releasing security updates when they deem it necessary. After all, these guys have been doing this for decades without error.
Hackers do not notify their targets before, during, or after a hack. That would defeat the purpose of hacking a system in the first place. It would be a waste of time to execute a hack only to tell the target to clean up the system, or even take that system offline. Hackers do not hack systems of little to no value. So unless you have some super secret data, you work for a company that has valuable data stored on your desktop at home, or you like to keep your financial or tax records in clear text, you are just being paranoid. Also, just so you know, the mouse moving around on your screen is not a symptom of being hacked.
For the most part that is true, but, not always. When I started out with Linux (2002) I put a web server on-line; at the time I didn't know a lot about security. It was an old, beige box that was serving nothing of value(a proof of concept just to see if I could do it).
The box got owned. He changed my root password and let me know that he was in control. Some hackers will own you just to f*#@ with you. Good advice in your post.
So many sophisticated theoretical considerations in this thread. The base of science is experiment. Just replace your mouse with a new one and check if the problem still exists.
You can also ask a friend to try your mouse on his/her computer.
Swap the mouse first. If this is a desktop also check the power supply. I know this sounds crazy by a mouse moving all by its lonesome is often the first sign you don't have stable power.
I have had 2 optical mouse, which at times would move by themselves. It was most noticable in first person shooters when you were suddenly looking at the sky. I ended up throwing it out because it was impossible to play games or do any accurate thing on the pixel level, such as drawing a straight line in GIMP. I remember the first time it happened and immediately though the possibility of having a RAT on linux. But soon noticed that when i was testing various live CD's, the self movement continued to happen while not even connected to the network.
Dust/particles on the optical sensor is the first thing to check.
Then the surface your mouse is on. If you are moving the mouse over a multicoloured/shaped graphic on a mousepad, this may cause inaccurate movement, so maybe try a plain black mousemat.
I would probably put it down to the accuracy of the optical sensor itself. The cheaper ones tend to all have this self moving behaviour at times.
But that's to say the movement is sudden / jumpy like. Of course, if your mouse smoothly moves over your applications menu, scrolls to a category and selects a program before browsing through your files... you may want to yank the network cable in this case lol.
I have a wired USB optical mouse that will disconnect/connect multiple times, usually resulting in a movement that makes the screensaver login screen appear. You can check /var/log/messages right after it occurs to see if it reports anything (it did in my case).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.