New System taken over by unknown remote....
Hi. I had done a fresh install of Gentoo. Installed a few drivers needed. Installed x11.org . installed Gnome.
My computer was then left without any connection to the internet and was shutdown & unplugged for alittle over a month. I reconnected and powered it up for the first time since. Not even 5 minutes after booting up to run updates and installs, I watched:eek::scratch: as someone had taken remote control of my system and running commands to force download files from some ftp server.:banghead::banghead::banghead::banghead: How do I regain control of the system and secure it or am I SOL and having to reinstall from scatch again? I know the information is located some where in the handbook but I was not locating it. How do I protect a new install from future events of things repeating? |
Unplug the system from your network and then go through your accounts and eliminate any remote access accounts, user accounts, reset passwords, and possibly implement a firewall through IPTables as well as look into the Hardening Linux handbooks around the internet on how to prevent a hacker from accessing and controlling your system.
|
Quote:
Quote:
So, please, describe the real symptoms instead of telling us what your impressions are. |
Quote:
@OP: while no longer maintained the CERT Intruder Detection Checklist might help you focus your efforts if you don't know where to look. |
All times are GMT -5. The time now is 07:19 PM. |