|
being hacked?
Hi, everyone,
I am quite new to linux and I have to ask for some help here. Recently, I browse into my home directory and noticed there were some suspicious hidden files there. One such file is .user60.db. I think I might be hacked by an intruder. I have removed the said file with bash command rm .user60.db since then. Would like to receive some comments and perhaps some good news! Thank you very much. smallfish linux fans |
looks like a database file that is used by some program or whatever it may be on your machine.
i don't think you have been hacked thats for sure. |
Just for security, check you ports. Download Nmap http://www.insecure.org/nmap/ (If you already dont have it). Its an excellent tool. Check for your ports like this:
nmap localhost It will give you a list of open ports..close unnecessary ports. |
A simple way to find out is to see the contents of your /etc/passwd. See if there are any strange users there, especially with a UID of 0 (root UID).
Another way is to examine your logs to see if there are any signs of intrusion (if you had setup iptables to log connections). |
Bding hacked?
DrOzz,
Thank you for the GOOD NEWS and perhaps the bad news - because I have already removed the file .user60.db from my home directory due to security concern. I did have an html editor BLUE FISH installed in my system. And this .user60.db file also show up in the home directories of the user accounts. Thanks again. smallfish linux fans p.s. sorry for the late response due to difficulty in making the post reply page to work because I didn't set up cookies correctly. |
I used command cat /etc/passwd to view the passwd file and this is what comes up plus other non-suspicious login and nologin.
root : x : 0 : 0 : root : /root : /bin/bash I don't really have an exact idea what it is telling me about system security issues. would appreciate further comments. thank you very much smallfish linux fans |
After downloading nmap, I used the command nmap localhost and it shows
the opened ports are all tcp services, including ssh, x11, smtp, etc. What commands can I use to close the open ports. Thank you very much. smallfish linux fans |
i don't quite understand what you getting at?
lets just put it this way: so, by convention UID's of 499 (depending on distro it may be 500) or less are special system UID's, and roots' UID is 0, Regular users get UID's starting at 500, (again, depending on distro it may start at 501) |
weird, it double posted for some reason.
|
|
how about if you give all the service opened in your server?
|
Not sure I follow your question/reply joseph? You want to know if it's ok to open all your ports on a server? Not the greatest idea really... Can you clarify what you mean?
And DrOzz, nice use of 'colors' in your sig ;) Cool |
Re: being hacked?
Quote:
After that, follow unSpawns many threads on this, just do a search for "being hacked" or check out the main sticky thread in the Security section. Cool |
i mean, i just wanna know about what service is opened, i do not have any other meaning, maybe i can giving him which port need to be opened and which service need more attention.
sorry for last reply. |
Oh, I see! So he could post up something like:
ps aux And give us a bit of info about what he's wanting to run/running so we can guide him on what to close up... :) Sounds good ;) Cool |
| All times are GMT -5. The time now is 01:14 AM. |