[ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
Jason Plank
plank.jason at gmail.com
Tue Jul 6 13:06:09 BST 2010
Well, I've gone through auth.log and can't really find much in the line of
ip/dns. I did find a whole bunch of stuff with pam_unix and root, but that's
about all. I don't even have a root account enabled I always use sudo.
Jason
On Tue, Jul 6, 2010 at 1:46 PM, Jason Plank <plank.jason at gmail.com> wrote:
> Hi Wayne
>
> I'm actually not sure how to give the address. It's supposed to be only on
> a local network with internet access through a firewall, so I'm not even
> sure how the guy got in. If someone can tell me how to find the address I
> can let you know.
>
> Jason
>
> On Tue, Jul 6, 2010 at 1:43 PM, wayne <plettpc at gmail.com> wrote:
>
>> Hi Jason
>>
>> How about giving us the URL, and we can see if we can also draw neat
>> flames!
>>
>> No, seriously let us check from outside!
>>
>> Wayne A
>>
>>
>>
>>
>> Jason Plank wrote:
>> > Hi Raoul
>> >
>> > Ubuntu has been hacked. Whoever it is periodically takes control of the
>> > mouse and draws pictures in flames, browses network, opens and messes
>> > with applications and leaves messages in text files, so it's pretty much
>> > a given that Ubuntu has been hacked.
>> >
>> > Hope that helps
>> >
>> > Jason
>> >
>> > On Tue, Jul 6, 2010 at 1:01 PM, Raoul Snyman
>> > <raoul.snyman at saturnlaboratories.co.za
>> > <mailto:raoul.snyman at saturnlaboratories.co.za>> wrote:
>> >
>> > On Tue, 6 Jul 2010 12:52:57 +0200, Jason Plank
>> > <plank.jason at gmail.com <mailto:plank.jason at gmail.com>>
>> > wrote:
>> > > I hope someone can help or give me some advice. I've got Ubuntu
>> 9.10
>> > > running
>> > > on one of our pc's at work as a LAMP server for joomla and I've
>> > also got
>> > > virtualbox installed running NT4 workstation for a project we're
>> > working
>> > > on.
>> > > My problem is that some idiot has hacked the system and I can't
>> > seem to
>> > > block him. I've tried turning of Remote Desktop, but he still
>> get's in
>> > and
>> > > changes settings. I've also disabled a whole bunch of startup
>> daemons.
>> > > We're
>> > > also behind a DLINK DFL-210 firewall and I've set it to drop
>> incoming
>> > RDP
>> > > and telnet connections, but he still seems to be getting in. Can
>> > anyone
>> > > give
>> > > any ideas as to what I can do, other than format and redo the
>> system?
>> >
>> > How do you know you've been "hacked"? What has been "hacked", Ubuntu
>> or
>> > the NT4 workstation virtual machine? Please provide a little more
>> > information about why you think you've been hacked, it helps us to
>> > pin-point the problem and figure out how to fix it.
>> >
>> > --
>> > Raoul Snyman, B.Tech IT (Software Engineering)
>> > Saturn Laboratories
>> > m: 082 550 3754
>> > e: raoul.snyman at saturnlaboratories.co.za
>> > <mailto:raoul.snyman at saturnlaboratories.co.za>
>> > w: www.saturnlaboratories.co.za <
>> http://www.saturnlaboratories.co.za>
>> > b: blog.saturnlaboratories.co.za <
>> http://blog.saturnlaboratories.co.za>
>> >
>> > --
>> > ubuntu-za mailing list
>> > ubuntu-za at lists.ubuntu.com <mailto:ubuntu-za at lists.ubuntu.com>
>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>> >
>> >
>> >
>> >
>> > --
>> > Nothing is as wonderful as knowing Christ Jesus my Lord. I have given up
>> > everything else and count it all as garbage. All I want is Christ -
>> > Philippians 3:8 CEV
>> >
>>
>>
>> --
>> ubuntu-za mailing list
>> ubuntu-za at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>
>
>
>
> --
> Nothing is as wonderful as knowing Christ Jesus my Lord. I have given up
> everything else and count it all as garbage. All I want is Christ -
> Philippians 3:8 CEV
>
--
Nothing is as wonderful as knowing Christ Jesus my Lord. I have given up
everything else and count it all as garbage. All I want is Christ -
Philippians 3:8 CEV
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/549dc4ca/attachment-0001.htm
More information about the ubuntu-za
mailing list