[ubuntu-za] My Ubuntu 9.10 has been hacked. Need help

Tue Jul 6 12:19:41 BST 2010

Hi Corrie

How do I check for ssh and stop it if it's running? I've had the ubuntu
firewall off and on to test and either way he seems to get through. I'll try
the passwords again

Jason

On Tue, Jul 6, 2010 at 1:15 PM, Corrie Strydom <corrie206 at gmail.com> wrote:

> On Tue, Jul 6, 2010 at 1:13 PM, Jason Plank <plank.jason at gmail.com> wrote:
>
>> Hi Raoul
>>
>> Ubuntu has been hacked. Whoever it is periodically takes control of the
>> mouse and draws pictures in flames, browses network, opens and messes with
>> applications and leaves messages in text files, so it's pretty much a given
>> that Ubuntu has been hacked.
>>
>> Hope that helps
>>
>> Jason
>>
>>
>> On Tue, Jul 6, 2010 at 1:01 PM, Raoul Snyman <
>> raoul.snyman at saturnlaboratories.co.za> wrote:
>>
>>> On Tue, 6 Jul 2010 12:52:57 +0200, Jason Plank <plank.jason at gmail.com>
>>> wrote:
>>> > I hope someone can help or give me some advice. I've got Ubuntu 9.10
>>> > running
>>> > on one of our pc's at work as a LAMP server for joomla and I've also
>>> got
>>> > virtualbox installed running NT4 workstation for a project we're
>>> working
>>> > on.
>>> > My problem is that some idiot has hacked the system and I can't seem to
>>> > block him. I've tried turning of Remote Desktop, but he still get's in
>>> and
>>> > changes settings. I've also disabled a whole bunch of startup daemons.
>>> > We're
>>> > also behind a DLINK DFL-210 firewall and I've set it to drop incoming
>>> RDP
>>> > and telnet connections, but he still seems to be getting in. Can anyone
>>> > give
>>> > any ideas as to what I can do, other than format and redo the system?
>>>
>>> How do you know you've been "hacked"? What has been "hacked", Ubuntu or
>>> the NT4 workstation virtual machine? Please provide a little more
>>> information about why you think you've been hacked, it helps us to
>>> pin-point the problem and figure out how to fix it.
>>>
>>> --
>>> Raoul Snyman, B.Tech IT (Software Engineering)
>>> Saturn Laboratories
>>> m: 082 550 3754
>>> e: raoul.snyman at saturnlaboratories.co.za
>>> w: www.saturnlaboratories.co.za
>>> b: blog.saturnlaboratories.co.za
>>>
>>> --
>>> ubuntu-za mailing list
>>> ubuntu-za at lists.ubuntu.com
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>
>>
>>
>>
>> --
>> Nothing is as wonderful as knowing Christ Jesus my Lord. I have given up
>> everything else and count it all as garbage. All I want is Christ -
>> Philippians 3:8 CEV
>>
>> --
>> ubuntu-za mailing list
>> ubuntu-za at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>
>>
>
> Is ssh running? do you have ubuntu firewall turned on? is your root and
> user password sufficiently difficult to guess?
> Change passwords everywhere, and make is difficult passwords.
>
> Corrie
>
> --
> ubuntu-za mailing list
> ubuntu-za at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>
>

-- 
Nothing is as wonderful as knowing Christ Jesus my Lord. I have given up
everything else and count it all as garbage. All I want is Christ -
Philippians 3:8 CEV
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/82403e68/attachment.htm 