[ubuntu-za] My Ubuntu 9.10 has been hacked. Need help

Jason Plank plank.jason at gmail.com
Tue Jul 6 12:41:20 BST 2010


OK

I've made a hectic new password. I don't think I've got ssh installed. When
I tried to run sudo /etc/init.d/ssh stop it just said file not found. I'm
going through the auth.log now. Using gufw i've denied all access and only
allowed tcp to our internal office network for the joomla testing..

Will let you know if I still have a problem,

Jason

On Tue, Jul 6, 2010 at 1:26 PM, Corrie Strydom <corrie206 at gmail.com> wrote:

> On Tue, Jul 6, 2010 at 1:19 PM, Jason Plank <plank.jason at gmail.com> wrote:
>
>> Hi Corrie
>>
>> How do I check for ssh and stop it if it's running? I've had the ubuntu
>> firewall off and on to test and either way he seems to get through. I'll try
>> the passwords again
>>
>> Jason
>>
>>
>> On Tue, Jul 6, 2010 at 1:15 PM, Corrie Strydom <corrie206 at gmail.com>wrote:
>>
>>> On Tue, Jul 6, 2010 at 1:13 PM, Jason Plank <plank.jason at gmail.com>wrote:
>>>
>>>> Hi Raoul
>>>>
>>>> Ubuntu has been hacked. Whoever it is periodically takes control of the
>>>> mouse and draws pictures in flames, browses network, opens and messes with
>>>> applications and leaves messages in text files, so it's pretty much a given
>>>> that Ubuntu has been hacked.
>>>>
>>>> Hope that helps
>>>>
>>>> Jason
>>>>
>>>>
>>>> On Tue, Jul 6, 2010 at 1:01 PM, Raoul Snyman <
>>>> raoul.snyman at saturnlaboratories.co.za> wrote:
>>>>
>>>>> On Tue, 6 Jul 2010 12:52:57 +0200, Jason Plank <plank.jason at gmail.com>
>>>>> wrote:
>>>>> > I hope someone can help or give me some advice. I've got Ubuntu 9.10
>>>>> > running
>>>>> > on one of our pc's at work as a LAMP server for joomla and I've also
>>>>> got
>>>>> > virtualbox installed running NT4 workstation for a project we're
>>>>> working
>>>>> > on.
>>>>> > My problem is that some idiot has hacked the system and I can't seem
>>>>> to
>>>>> > block him. I've tried turning of Remote Desktop, but he still get's
>>>>> in
>>>>> and
>>>>> > changes settings. I've also disabled a whole bunch of startup
>>>>> daemons.
>>>>> > We're
>>>>> > also behind a DLINK DFL-210 firewall and I've set it to drop incoming
>>>>> RDP
>>>>> > and telnet connections, but he still seems to be getting in. Can
>>>>> anyone
>>>>> > give
>>>>> > any ideas as to what I can do, other than format and redo the system?
>>>>>
>>>>> How do you know you've been "hacked"? What has been "hacked", Ubuntu or
>>>>> the NT4 workstation virtual machine? Please provide a little more
>>>>> information about why you think you've been hacked, it helps us to
>>>>> pin-point the problem and figure out how to fix it.
>>>>>
>>>>> --
>>>>> Raoul Snyman, B.Tech IT (Software Engineering)
>>>>> Saturn Laboratories
>>>>> m: 082 550 3754
>>>>> e: raoul.snyman at saturnlaboratories.co.za
>>>>> w: www.saturnlaboratories.co.za
>>>>> b: blog.saturnlaboratories.co.za
>>>>>
>>>>> --
>>>>> ubuntu-za mailing list
>>>>> ubuntu-za at lists.ubuntu.com
>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Nothing is as wonderful as knowing Christ Jesus my Lord. I have given up
>>>> everything else and count it all as garbage. All I want is Christ -
>>>> Philippians 3:8 CEV
>>>>
>>>> --
>>>> ubuntu-za mailing list
>>>> ubuntu-za at lists.ubuntu.com
>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>
>>>>
>>>
>>> Is ssh running? do you have ubuntu firewall turned on? is your root and
>>> user password sufficiently difficult to guess?
>>> Change passwords everywhere, and make is difficult passwords.
>>>
>>> Corrie
>>>
>>> --
>>> ubuntu-za mailing list
>>> ubuntu-za at lists.ubuntu.com
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>
>>>
>> --
>> ubuntu-za mailing list
>> ubuntu-za at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>
>>
>
>
> 1. read,
> http://unixlab.blogspot.com/2010/02/how-to-disable-root-access-via-ssh.html
> 2. Uncomplicated Firewall (UFW), block all incoming ports,
> https://help.ubuntu.com/community/UFW
> <https://help.ubuntu.com/community/UFW>3. ssh , read
> https://help.ubuntu.com/community/SSH
>
>
> <https://help.ubuntu.com/community/SSH>
>
>
>
> --
> ubuntu-za mailing list
> ubuntu-za at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>
>


-- 
Nothing is as wonderful as knowing Christ Jesus my Lord. I have given up
everything else and count it all as garbage. All I want is Christ -
Philippians 3:8 CEV
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/9ca8c2f3/attachment.htm 


More information about the ubuntu-za mailing list