[ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
Paul McMaster
paul at vanilla.co.za
Tue Jul 6 12:24:35 BST 2010
Hi
To stop it running:
sudo /etc/init.d/ssh stop
Also check what ports your PC is listening on.
Kind regards,
Paul McMaster
On Tue, Jul 6, 2010 at 1:19 PM, Jason Plank <plank.jason at gmail.com> wrote:
> Hi Corrie
> How do I check for ssh and stop it if it's running? I've had the ubuntu
> firewall off and on to test and either way he seems to get through. I'll try
> the passwords again
> Jason
>
> On Tue, Jul 6, 2010 at 1:15 PM, Corrie Strydom <corrie206 at gmail.com> wrote:
>>
>> On Tue, Jul 6, 2010 at 1:13 PM, Jason Plank <plank.jason at gmail.com> wrote:
>>>
>>> Hi Raoul
>>> Ubuntu has been hacked. Whoever it is periodically takes control of the
>>> mouse and draws pictures in flames, browses network, opens and messes with
>>> applications and leaves messages in text files, so it's pretty much a given
>>> that Ubuntu has been hacked.
>>> Hope that helps
>>> Jason
>>>
>>> On Tue, Jul 6, 2010 at 1:01 PM, Raoul Snyman
>>> <raoul.snyman at saturnlaboratories.co.za> wrote:
>>>>
>>>> On Tue, 6 Jul 2010 12:52:57 +0200, Jason Plank <plank.jason at gmail.com>
>>>> wrote:
>>>> > I hope someone can help or give me some advice. I've got Ubuntu 9.10
>>>> > running
>>>> > on one of our pc's at work as a LAMP server for joomla and I've also
>>>> > got
>>>> > virtualbox installed running NT4 workstation for a project we're
>>>> > working
>>>> > on.
>>>> > My problem is that some idiot has hacked the system and I can't seem
>>>> > to
>>>> > block him. I've tried turning of Remote Desktop, but he still get's in
>>>> and
>>>> > changes settings. I've also disabled a whole bunch of startup daemons.
>>>> > We're
>>>> > also behind a DLINK DFL-210 firewall and I've set it to drop incoming
>>>> RDP
>>>> > and telnet connections, but he still seems to be getting in. Can
>>>> > anyone
>>>> > give
>>>> > any ideas as to what I can do, other than format and redo the system?
>>>>
>>>> How do you know you've been "hacked"? What has been "hacked", Ubuntu or
>>>> the NT4 workstation virtual machine? Please provide a little more
>>>> information about why you think you've been hacked, it helps us to
>>>> pin-point the problem and figure out how to fix it.
>>>>
>>>> --
>>>> Raoul Snyman, B.Tech IT (Software Engineering)
>>>> Saturn Laboratories
>>>> m: 082 550 3754
>>>> e: raoul.snyman at saturnlaboratories.co.za
>>>> w: www.saturnlaboratories.co.za
>>>> b: blog.saturnlaboratories.co.za
>>>>
>>>> --
>>>> ubuntu-za mailing list
>>>> ubuntu-za at lists.ubuntu.com
>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>
>>>
>>>
>>> --
>>> Nothing is as wonderful as knowing Christ Jesus my Lord. I have given up
>>> everything else and count it all as garbage. All I want is Christ -
>>> Philippians 3:8 CEV
>>>
>>> --
>>> ubuntu-za mailing list
>>> ubuntu-za at lists.ubuntu.com
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>
>>
>>
>> Is ssh running? do you have ubuntu firewall turned on? is your root and
>> user password sufficiently difficult to guess?
>> Change passwords everywhere, and make is difficult passwords.
>> Corrie
>> --
>> ubuntu-za mailing list
>> ubuntu-za at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>
>
>
>
> --
> Nothing is as wonderful as knowing Christ Jesus my Lord. I have given up
> everything else and count it all as garbage. All I want is Christ -
> Philippians 3:8 CEV
>
> --
> ubuntu-za mailing list
> ubuntu-za at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>
>
--
Paul McMaster
Vanilla
Phone: +21 409 7997
office: 125 Buitengracht Street, Cape Town
More information about the ubuntu-za
mailing list