Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-06-2006, 12:49 PM
|
#1
|
|
LQ Newbie
Registered: Mar 2006
Posts: 7
Rep: 
|
Was my PC hacked?
Hi there, i'm new at linux, and don't know much about it.
I have a problem, i was watching my message center of my photography site account, and them my page changed to www.ardeamor.com (thats portuguese) i didn't do anything, and i didn't knew that page, could someone be playing in my PC?
Please help, i don't want this "oh i'm the greatest" hackers wannabe in my PC...
Oh, and i'm using SimplyMepis Linux and i thing that the firewall GuardDog is working.
Sorry if i sound sooo newbie, but i am, i'm used to windows (i know, that sucks)
Thanks... |
|
|
|
|
04-06-2006, 02:21 PM
|
#2
|
|
Senior Member
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440
Rep: 
|
Quote:
|
and i thing that the firewall GuardDog is working
|
Hmm, that's not a good sign. You should be able to tell if it is or not working. Anyhow a couple things:
1. Check your processes. Anything running that shouldn't be?
2. Check what modules are loaded. Again, any modules that shouldn't be loaded.
3. Check your logs. Who's been logging in and from where
4. Check your configs. Look at the timestamps to see if they were modified recently and by who
5. I'm guessing you don't have tripwire or AIDE or some kind of file/binary auditing program. Install it and see if it detects any rootkits and/or hidden processes
6. Do a netstat and see the connections established on your box, and which ports are open.
That's for starters.
-twantrd |
|
|
|
|
04-06-2006, 04:52 PM
|
#3
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
i'm not sure if an uber-newbie would know what processes "shouldn't" be running... 
iguana, this could have simply been a advertisment javascript redirection or something like that... i mean, it's good that you are concerned about security and stuff, but you'd need more than a URL redirection to have any real worries... that's why twantrd made those great suggestions about things to check... he's completely right, you should definitely be able to tell if your firewall is working or not... we can help you with that if you post the output of this command (you'll need to be root to run it): also, you should scan your box remotely... here's a site that will scan your box for free:
https://www.grc.com/x/ne.dll?bh0bkyd2
as for the browser thing, what browser do you use?? if it's firefox, you might wanna look into this extension:
http://www.noscript.net
Last edited by win32sux; 04-06-2006 at 04:53 PM.
|
|
|
|
|
04-07-2006, 08:29 AM
|
#4
|
|
LQ Newbie
Registered: Mar 2006
Posts: 7
Original Poster
Rep:
|
Quote:
|
Originally Posted by win32sux
i'm not sure if an uber-newbie would know what processes "shouldn't" be running... |
I got that right... lol. too newbie...
I asked because it was happening to a friend of mine things like, firefox closing it self, page changing all by itself (like happened) to me, and it was a guy from the department were my friends studies...
Thanks for those cool links, the grc link said that my PC is safe. (i made have upgragraded my disto since that thing happened too)
About the command, is it safe to post so many info in the forum?
Oh and i use firefox 1.5
Thanks for the help... |
|
|
|
|
04-07-2006, 08:38 AM
|
#5
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
|
Originally Posted by the-iguana
About the command, is it safe to post so many info in the forum?
|
yes, it's safe... most of the time you'd wanna edit your external IP address if it appears in the output (using something like "xxx.xxx.xxx.xxx" is common)...
yeah, so do i... i find the noscript extension to be great for giving me a little more peace of mind when surfing the web, especially when i'm surfing free adult websites and stuff like that... it blocks java, javascript, flash, and other nonsense... great stuff IMHO... |
|
|
|
All times are GMT -5. The time now is 09:28 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
