[ubuntu-za] Security Setup For ADSL Router

Hilton Gibson hilton.gibson at gmail.com
Wed Jul 7 07:35:08 BST 2010


Hello Anton

Please take the time to read: 
http://www.ubuntu.sun.ac.za/wiki/index.php/Desktop
The wiki is campus oriented, but has help of a general security interest.

Cheers

hg

On 06/07/2010 20:23, Anton Binedell wrote:
> Hello,
>
> Thanks Mike for reassuring me that Linux is a safer alternative. I 
> will be installing the newest Ubuntu LTS tomorrow and I will be dual 
> booting it with Windows 7 (my kids have a lot of Windows games). I 
> have a Telkom ADSL with a router and I only use the Ethernet cable, 
> WiFi on the router is switched off. I want to make sure that I have 
> the safest security option available to avoid being hacked or 
> something (I know I am being paranoid, but reading on the newsletter 
> of another guy being hacked is unnerving).
>
> I did read the link supplied, but that's all Greek to me.
>
> Can you give me some guidance as to insure that I have done all that 
> is possible from my side to ensure that I don't become a victim of 
> being hacked? Also what programs other than the ones you mentioned 
> should one avoid on Ubuntu to ensure that one have the best security 
> solution?
>
> Regards
>
> --------------------------------------------------
> From: <ubuntu-za-request at lists.ubuntu.com>
> Sent: Tuesday, July 06, 2010 7:20 PM
> To: <ubuntu-za at lists.ubuntu.com>
> Subject: ubuntu-za Digest, Vol 58, Issue 6
>
>> Send ubuntu-za mailing list submissions to
>> ubuntu-za at lists.ubuntu.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>> or, via email, send a message with subject or body 'help' to
>> ubuntu-za-request at lists.ubuntu.com
>>
>> You can reach the person managing the list at
>> ubuntu-za-owner at lists.ubuntu.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of ubuntu-za digest..."
>>
>>
>> Today's Topics:
>>
>>   1. Re:  My Ubuntu 9.10 has been hacked. Need help (Raoul Snyman)
>>   2.  Fw: ubuntu-za Digest, Vol 58, Issue 5 (Anton Binedell)
>>   3. Re:  Fw: ubuntu-za Digest, Vol 58, Issue 5 (Mike Purves)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 06 Jul 2010 16:10:07 +0200
>> From: Raoul Snyman <raoul.snyman at saturnlaboratories.co.za>
>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>> To: Ubuntu South African Local Community <ubuntu-za at lists.ubuntu.com>
>> Message-ID: <6b063729fe31ea2453fe86fa47cc8461 at localhost>
>> Content-Type: text/plain; charset=UTF-8
>>
>> On Tue, 6 Jul 2010 13:13:35 +0200, Jason Plank wrote:
>>> Ubuntu has been hacked. Whoever it is periodically takes control of the
>>> mouse and draws pictures in flames, browses network, opens and messes
>> with
>>> applications and leaves messages in text files, so it's pretty much a
>> given
>>> that Ubuntu has been hacked.
>>
>> This description makes me pretty positive that someone is playing a 
>> trick
>> on you... Have you got something like VNC installed?
>>
>> Also, open a terminal, and type the following:
>>
>>  ps -ef > ps.txt
>>
>> and then e-mail ps.txt to the list.
>>
>> -- 
>> Raoul Snyman, B.Tech IT (Software Engineering)
>> Saturn Laboratories
>> m: 082 550 3754
>> e: raoul.snyman at saturnlaboratories.co.za
>> w: www.saturnlaboratories.co.za
>> b: blog.saturnlaboratories.co.za
>>
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Tue, 6 Jul 2010 18:36:18 +0200
>> From: "Anton Binedell" <binedella at telkomsa.net>
>> Subject: [ubuntu-za] Fw: ubuntu-za Digest, Vol 58, Issue 5
>> To: <ubuntu-za at lists.ubuntu.com>
>> Message-ID: <25C2506ECF934D6F8BF17BB197F2256F at AntonPC>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>>
>>
>> --------------------------------------------------
>> From: "Anton Binedell" <binedella at telkomsa.net>
>> Sent: Tuesday, July 06, 2010 6:23 PM
>> To: <ubuntu-za at lists.ubuntu.com>
>> Subject: Re: ubuntu-za Digest, Vol 58, Issue 5
>>
>>> Re:  My Ubuntu 9.10 has been hacked. Need help
>>>
>>> Hello,
>>>
>>> I am a bit confused here. I was under the impression that Linux 
>>> can't be
>>> hacked and are a very secure OS. Guy's please tell me that I am safe 
>>> using
>>> Linux?
>>>
>>> --------------------------------------------------
>>> From: <ubuntu-za-request at lists.ubuntu.com>
>>> Sent: Tuesday, July 06, 2010 4:13 PM
>>> To: <ubuntu-za at lists.ubuntu.com>
>>> Subject: ubuntu-za Digest, Vol 58, Issue 5
>>>
>>>> Send ubuntu-za mailing list submissions to
>>>> ubuntu-za at lists.ubuntu.com
>>>>
>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>> or, via email, send a message with subject or body 'help' to
>>>> ubuntu-za-request at lists.ubuntu.com
>>>>
>>>> You can reach the person managing the list at
>>>> ubuntu-za-owner at lists.ubuntu.com
>>>>
>>>> When replying, please edit your Subject line so it is more specific
>>>> than "Re: Contents of ubuntu-za digest..."
>>>>
>>>>
>>>> Today's Topics:
>>>>
>>>>   1. Re:  My Ubuntu 9.10 has been hacked. Need help (Wesley)
>>>>   2. Re:  My Ubuntu 9.10 has been hacked. Need help (Jason Plank)
>>>>   3. Re:  My Ubuntu 9.10 has been hacked. Need help (Hilton Gibson)
>>>>   4. Re:  My Ubuntu 9.10 has been hacked. Need help (Mike Purves)
>>>>   5. Re:  My Ubuntu 9.10 has been hacked. Need help (Alf Stockton)
>>>>   6. Re:  Nvidia FX5500 with 10.04 (Andre Rossouw)
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>>
>>>> Message: 1
>>>> Date: Tue, 6 Jul 2010 12:10:42 +0000
>>>> From: "Wesley" <wesley.werner at gmail.com>
>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>> To: "Ubuntu South African Local Community"
>>>> <ubuntu-za at lists.ubuntu.com>
>>>> Message-ID:
>>>> <637040835-1278418241-cardhu_decombobulator_blackberry.rim.net-1874170468- at bda049.bisx.produk.on.blackberry> 
>>>>
>>>>
>>>> Content-Type: text/plain
>>>>
>>>> My thoughts exactly Robert.
>>>>
>>>> Jason to get the IP of the machine you're browsing from, go to
>>>> http://www.whatismyip.com but that could just show your proxy's IP 
>>>> if you
>>>> are behind one.
>>>> [Sent via my BB:21F7F343]
>>>>
>>>> -----Original Message-----
>>>> From: Robert <robket at gmail.com>
>>>> Sender: ubuntu-za-bounces at lists.ubuntu.com
>>>> Date: Tue, 6 Jul 2010 14:02:26
>>>> To: Ubuntu South African Local Community<ubuntu-za at lists.ubuntu.com>
>>>> Reply-To: Ubuntu South African Local Community
>>>> <ubuntu-za at lists.ubuntu.com>
>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>
>>>> -- 
>>>> ubuntu-za mailing list
>>>> ubuntu-za at lists.ubuntu.com
>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> Message: 2
>>>> Date: Tue, 6 Jul 2010 14:14:12 +0200
>>>> From: Jason Plank <plank.jason at gmail.com>
>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>> To: wesley.werner at gmail.com, Ubuntu South African Local Community
>>>> <ubuntu-za at lists.ubuntu.com>
>>>> Message-ID:
>>>> <AANLkTilKoe1SB0bDWLs5f4GX9LIFq2TWNx9vrqEuGecm at mail.gmail.com>
>>>> Content-Type: text/plain; charset="utf-8"
>>>>
>>>> Hi there
>>>>
>>>> The address it gives just goes to our ADSL router. I don't know how 
>>>> the
>>>> guy
>>>> was getting to the pc as it definitely isn't an internal person. At 
>>>> the
>>>> moment, things seem ok, but I'll keep checking. It would stay fine 
>>>> for a
>>>> while, then he would do something :-(
>>>>
>>>> Jason
>>>>
>>>> On Tue, Jul 6, 2010 at 2:10 PM, Wesley <wesley.werner at gmail.com> 
>>>> wrote:
>>>>
>>>>> My thoughts exactly Robert.
>>>>>
>>>>> Jason to get the IP of the machine you're browsing from, go to
>>>>> http://www.whatismyip.com but that could just show your proxy's IP if
>>>>> you
>>>>> are behind one.
>>>>> [Sent via my BB:21F7F343]
>>>>>
>>>>> -----Original Message-----
>>>>> From: Robert <robket at gmail.com>
>>>>> Sender: ubuntu-za-bounces at lists.ubuntu.com
>>>>> Date: Tue, 6 Jul 2010 14:02:26
>>>>> To: Ubuntu South African Local Community<ubuntu-za at lists.ubuntu.com>
>>>>> Reply-To: Ubuntu South African Local Community
>>>>> <ubuntu-za at lists.ubuntu.com
>>>>> >
>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>>
>>>>> -- 
>>>>> ubuntu-za mailing list
>>>>> ubuntu-za at lists.ubuntu.com
>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>> ubuntu-za mailing list
>>>>> ubuntu-za at lists.ubuntu.com
>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>> Nothing is as wonderful as knowing Christ Jesus my Lord. I have 
>>>> given up
>>>> everything else and count it all as garbage. All I want is Christ -
>>>> Philippians 3:8 CEV
>>>> -------------- next part --------------
>>>> An HTML attachment was scrubbed...
>>>> URL:
>>>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/c1ff7d2d/attachment-0001.htm 
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> Message: 3
>>>> Date: Tue, 06 Jul 2010 14:18:45 +0200
>>>> From: Hilton Gibson <hilton.gibson at gmail.com>
>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>> To: ubuntu-za at lists.ubuntu.com
>>>> Message-ID: <4C331F25.6050709 at gmail.com>
>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>>
>>>> Hi Jason
>>>>
>>>> Also check this: 
>>>> http://www.ubuntu.sun.ac.za/wiki/index.php/NetworkSafety
>>>>
>>>> Cheers
>>>>
>>>> hg
>>>>
>>>> On 06/07/2010 14:14, Jason Plank wrote:
>>>>> Hi there
>>>>>
>>>>> The address it gives just goes to our ADSL router. I don't know how
>>>>> the guy was getting to the pc as it definitely isn't an internal
>>>>> person. At the moment, things seem ok, but I'll keep checking. It
>>>>> would stay fine for a while, then he would do something :-(
>>>>>
>>>>> Jason
>>>>>
>>>>> On Tue, Jul 6, 2010 at 2:10 PM, Wesley <wesley.werner at gmail.com
>>>>> <mailto:wesley.werner at gmail.com>> wrote:
>>>>>
>>>>>     My thoughts exactly Robert.
>>>>>
>>>>>     Jason to get the IP of the machine you're browsing from, go to
>>>>>     http://www.whatismyip.com but that could just show your 
>>>>> proxy's IP
>>>>>     if you are behind one.
>>>>>     [Sent via my BB:21F7F343]
>>>>>
>>>>>     -----Original Message-----
>>>>>     From: Robert <robket at gmail.com <mailto:robket at gmail.com>>
>>>>>     Sender: ubuntu-za-bounces at lists.ubuntu.com
>>>>> <mailto:ubuntu-za-bounces at lists.ubuntu.com>
>>>>>     Date: Tue, 6 Jul 2010 14:02:26
>>>>>     To: Ubuntu South African Local
>>>>>     Community<ubuntu-za at lists.ubuntu.com
>>>>> <mailto:ubuntu-za at lists.ubuntu.com>>
>>>>>     Reply-To: Ubuntu South African Local Community
>>>>> <ubuntu-za at lists.ubuntu.com <mailto:ubuntu-za at lists.ubuntu.com>>
>>>>>     Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need 
>>>>> help
>>>>>
>>>>>     --
>>>>>     ubuntu-za mailing list
>>>>>     ubuntu-za at lists.ubuntu.com <mailto:ubuntu-za at lists.ubuntu.com>
>>>>>     https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>
>>>>>
>>>>>
>>>>>     --
>>>>>     ubuntu-za mailing list
>>>>>     ubuntu-za at lists.ubuntu.com <mailto:ubuntu-za at lists.ubuntu.com>
>>>>>     https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>> Nothing is as wonderful as knowing Christ Jesus my Lord. I have given
>>>>> up everything else and count it all as garbage. All I want is 
>>>>> Christ -
>>>>> Philippians 3:8 CEV
>>>>
>>>> -- 
>>>> Hilton Gibson
>>>> Systems Administrator
>>>> JS Gericke Library Room 1025D
>>>> Stellenbosch University
>>>> Private Bag X5036
>>>> Stellenbosch
>>>> 7599
>>>> South Africa
>>>>
>>>> Tel: +27 21 808 4100 | Cell: +27 84 646 4758
>>>>
>>>> -------------- next part --------------
>>>> An HTML attachment was scrubbed...
>>>> URL:
>>>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/67fd43ce/attachment-0001.htm 
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> Message: 4
>>>> Date: Tue, 6 Jul 2010 14:23:15 +0200
>>>> From: Mike Purves <michael.purves at gmail.com>
>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>> To: Ubuntu South African Local Community <ubuntu-za at lists.ubuntu.com>
>>>> Message-ID:
>>>> <AANLkTilYRpJq-ldCKD1e1nLDEt4eMYouFXqvv1yDINiq at mail.gmail.com>
>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>>
>>>> What about wifi access.  Someine in the vacinity has connected to your
>>>> work
>>>> and has found that linux box...perhaps even opened up a back door for
>>>> himself....
>>>>
>>>> Check the users on that machine...perhaps you should acitivate the 
>>>> root
>>>> user
>>>> with a strong password...Check your wifi settings, dont use WEP etc 
>>>> etc
>>>>
>>>> The person is gaining access a limited number of ways...Need to check
>>>> them
>>>> one by one.
>>>>
>>>>
>>>> Regards
>>>>
>>>> MP75
>>>> On Tue, Jul 6, 2010 at 2:14 PM, Jason Plank <plank.jason at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi there
>>>>>
>>>>> The address it gives just goes to our ADSL router. I don't know 
>>>>> how the
>>>>> guy
>>>>> was getting to the pc as it definitely isn't an internal person. 
>>>>> At the
>>>>> moment, things seem ok, but I'll keep checking. It would stay fine 
>>>>> for a
>>>>> while, then he would do something :-(
>>>>>
>>>>> Jason
>>>>>
>>>>>
>>>>> On Tue, Jul 6, 2010 at 2:10 PM, Wesley <wesley.werner at gmail.com> 
>>>>> wrote:
>>>>>
>>>>>> My thoughts exactly Robert.
>>>>>>
>>>>>> Jason to get the IP of the machine you're browsing from, go to
>>>>>> http://www.whatismyip.com but that could just show your proxy's 
>>>>>> IP if
>>>>>> you
>>>>>> are behind one.
>>>>>> [Sent via my BB:21F7F343]
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Robert <robket at gmail.com>
>>>>>> Sender: ubuntu-za-bounces at lists.ubuntu.com
>>>>>> Date: Tue, 6 Jul 2010 14:02:26
>>>>>> To: Ubuntu South African Local Community<ubuntu-za at lists.ubuntu.com>
>>>>>> Reply-To: Ubuntu South African Local Community <
>>>>>> ubuntu-za at lists.ubuntu.com>
>>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>>>
>>>>>> -- 
>>>>>> ubuntu-za mailing list
>>>>>> ubuntu-za at lists.ubuntu.com
>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> ubuntu-za mailing list
>>>>>> ubuntu-za at lists.ubuntu.com
>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>> Nothing is as wonderful as knowing Christ Jesus my Lord. I have 
>>>>> given up
>>>>> everything else and count it all as garbage. All I want is Christ -
>>>>> Philippians 3:8 CEV
>>>>>
>>>>> -- 
>>>>> ubuntu-za mailing list
>>>>> ubuntu-za at lists.ubuntu.com
>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>
>>>>>
>>>> -------------- next part --------------
>>>> An HTML attachment was scrubbed...
>>>> URL:
>>>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/3d192270/attachment-0001.htm 
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> Message: 5
>>>> Date: Tue, 06 Jul 2010 14:47:33 +0200
>>>> From: Alf Stockton <alf at stockton.co.za>
>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>> To: Ubuntu South African Local Community <ubuntu-za at lists.ubuntu.com>
>>>> Message-ID: <4C3325E5.1060800 at stockton.co.za>
>>>> Content-Type: text/plain; charset=UTF-8; format=flowed
>>>>
>>>> On 06/07/2010 12:52, Jason Plank wrote:
>>>>> Hi Guys
>>>>>
>>>>> I hope someone can help or give me some advice. I've got Ubuntu 9.10
>>>>> running on one of our pc's at work as a LAMP server for joomla and 
>>>>> I've
>>>>> also got virtualbox installed running NT4 workstation for a project
>>>>> we're working on. My problem is that some idiot has hacked the system
>>>>> and I can't seem to block him. I've tried turning of Remote 
>>>>> Desktop, but
>>>>> he still get's in and changes settings. I've also disabled a whole 
>>>>> bunch
>>>>> of startup daemons. We're also behind a DLINK DFL-210 firewall and 
>>>>> I've
>>>>> set it to drop incoming RDP and telnet connections, but he still 
>>>>> seems
>>>>> to be getting in. Can anyone give any ideas as to what I can do, 
>>>>> other
>>>>> than format and redo the system?
>>>>>
>>>> To identify who logged into my server and from where I have entered 
>>>> the
>>>> following in my /etc/profile on my debian server.
>>>>
>>>> echo "Subject: Login on `hostname`" > ./logon.txt
>>>> echo "by `who | awk '{print $1}'` from URL `who | awk '{print 
>>>> $5}'`" >>
>>>> ./logon.txt
>>>> /usr/sbin/sendmail -t alf at stockton.co.za < ./logon.txt
>>>>
>>>>
>>>> -- 
>>>> ---
>>>>
>>>> Regards,
>>>> Alf Stockton www.stockton.co.za
>>>>
>>>> To err is human, to forgive canine.
>>>>
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> Message: 6
>>>> Date: Tue, 06 Jul 2010 16:13:13 +0200
>>>> From: Andre Rossouw <andre at arnet.co.za>
>>>> Subject: Re: [ubuntu-za] Nvidia FX5500 with 10.04
>>>> To: Ubuntu South African Local Community <ubuntu-za at lists.ubuntu.com>
>>>> Message-ID: <1278425593.10453.6.camel at pe-andrer-5>
>>>> Content-Type: text/plain; charset="utf-8"
>>>>
>>>> Hi, thanks for the response.
>>>>
>>>> On Tue, 2010-07-06 at 13:09 +0200, Wesley Werner wrote:
>>>>> Which Ubuntu version are you running? Have a look here too:
>>>>> https://help.ubuntu.com/community/NvidiaManual
>>>>
>>>> I'm using 10.04. I'll give that a go this weekend and see how it goes.
>>>> -- 
>>>> Andre Rossouw <andre at arnet.co.za>
>>>> -------------- next part --------------
>>>> A non-text attachment was scrubbed...
>>>> Name: not available
>>>> Type: application/pgp-signature
>>>> Size: 198 bytes
>>>> Desc: This is a digitally signed message part
>>>> Url :
>>>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/6651b13a/attachment.pgp 
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> -- 
>>>> ubuntu-za mailing list
>>>> ubuntu-za at lists.ubuntu.com
>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>
>>>>
>>>> End of ubuntu-za Digest, Vol 58, Issue 5
>>>> ****************************************
>>>
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: smime.p7s
>> Type: application/x-pkcs7-signature
>> Size: 2008 bytes
>> Desc: not available
>> Url : 
>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/9181aded/attachment-0001.bin 
>>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Tue, 6 Jul 2010 19:20:31 +0200
>> From: Mike Purves <michael.purves at gmail.com>
>> Subject: Re: [ubuntu-za] Fw: ubuntu-za Digest, Vol 58, Issue 5
>> To: Ubuntu South African Local Community <ubuntu-za at lists.ubuntu.com>
>> Message-ID:
>> <AANLkTikUgy_KybX97I9T5ueBfhV51hvcRRa4IiguJTdv at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Yes Anton, very safe. But like any system, you need to be proactive.
>>
>> For eg: never use your name/password combination for logins.  Most 
>> hackers
>> have a huge list of names with possible passwords to try and gain 
>> access to
>> your machine.
>>
>> Services like SSH, webmin, apache, vnc in Linux or RDP, IIS, 
>> filesharing in
>> Windows are all great tools, however, you need to protect yourself 
>> and your
>> network every which way you can.
>>
>> Also, many people inadvertently install software in Linux but don't 
>> always
>> understand the ramifications. eg. Installing MYSQL and opening its 
>> port to
>> the internet...Where anyone that is IP and port scanning will pick it 
>> up and
>> start attacking.
>>
>> So, what does this all mean.  Protect yourself. Hilton Gibson below has
>> given a link wrt more information
>>
>> If you need help....to confirm your security setup...Ask us....
>>
>> Mike
>>
>>
>> On Tue, Jul 6, 2010 at 6:36 PM, Anton Binedell 
>> <binedella at telkomsa.net>wrote:
>>
>>>
>>>
>>> --------------------------------------------------
>>> From: "Anton Binedell" <binedella at telkomsa.net>
>>> Sent: Tuesday, July 06, 2010 6:23 PM
>>> To: <ubuntu-za at lists.ubuntu.com>
>>> Subject: Re: ubuntu-za Digest, Vol 58, Issue 5
>>>
>>>  Re:  My Ubuntu 9.10 has been hacked. Need help
>>>>
>>>> Hello,
>>>>
>>>> I am a bit confused here. I was under the impression that Linux 
>>>> can't be
>>>> hacked and are a very secure OS. Guy's please tell me that I am 
>>>> safe using
>>>> Linux?
>>>>
>>>> --------------------------------------------------
>>>> From: <ubuntu-za-request at lists.ubuntu.com>
>>>> Sent: Tuesday, July 06, 2010 4:13 PM
>>>> To: <ubuntu-za at lists.ubuntu.com>
>>>> Subject: ubuntu-za Digest, Vol 58, Issue 5
>>>>
>>>>  Send ubuntu-za mailing list submissions to
>>>>> ubuntu-za at lists.ubuntu.com
>>>>>
>>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>> or, via email, send a message with subject or body 'help' to
>>>>> ubuntu-za-request at lists.ubuntu.com
>>>>>
>>>>> You can reach the person managing the list at
>>>>> ubuntu-za-owner at lists.ubuntu.com
>>>>>
>>>>> When replying, please edit your Subject line so it is more specific
>>>>> than "Re: Contents of ubuntu-za digest..."
>>>>>
>>>>>
>>>>> Today's Topics:
>>>>>
>>>>>  1. Re:  My Ubuntu 9.10 has been hacked. Need help (Wesley)
>>>>>  2. Re:  My Ubuntu 9.10 has been hacked. Need help (Jason Plank)
>>>>>  3. Re:  My Ubuntu 9.10 has been hacked. Need help (Hilton Gibson)
>>>>>  4. Re:  My Ubuntu 9.10 has been hacked. Need help (Mike Purves)
>>>>>  5. Re:  My Ubuntu 9.10 has been hacked. Need help (Alf Stockton)
>>>>>  6. Re:  Nvidia FX5500 with 10.04 (Andre Rossouw)
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------- 
>>>>>
>>>>>
>>>>> Message: 1
>>>>> Date: Tue, 6 Jul 2010 12:10:42 +0000
>>>>> From: "Wesley" <wesley.werner at gmail.com>
>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>> To: "Ubuntu South African Local Community"
>>>>> <ubuntu-za at lists.ubuntu.com>
>>>>> Message-ID:
>>>>>
>>>>> <637040835-1278418241-cardhu_decombobulator_blackberry.rim.net-1874170468- at bda049.bisx.produk.on.blackberry 
>>>>>
>>>>> >
>>>>>
>>>>> Content-Type: text/plain
>>>>>
>>>>> My thoughts exactly Robert.
>>>>>
>>>>> Jason to get the IP of the machine you're browsing from, go to
>>>>> http://www.whatismyip.com but that could just show your proxy's IP if
>>>>> you
>>>>> are behind one.
>>>>> [Sent via my BB:21F7F343]
>>>>>
>>>>> -----Original Message-----
>>>>> From: Robert <robket at gmail.com>
>>>>> Sender: ubuntu-za-bounces at lists.ubuntu.com
>>>>> Date: Tue, 6 Jul 2010 14:02:26
>>>>> To: Ubuntu South African Local Community<ubuntu-za at lists.ubuntu.com>
>>>>> Reply-To: Ubuntu South African Local Community
>>>>> <ubuntu-za at lists.ubuntu.com>
>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>>
>>>>> -- 
>>>>> ubuntu-za mailing list
>>>>> ubuntu-za at lists.ubuntu.com
>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> Message: 2
>>>>> Date: Tue, 6 Jul 2010 14:14:12 +0200
>>>>> From: Jason Plank <plank.jason at gmail.com>
>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>> To: wesley.werner at gmail.com, Ubuntu South African Local Community
>>>>> <ubuntu-za at lists.ubuntu.com>
>>>>> Message-ID:
>>>>> <AANLkTilKoe1SB0bDWLs5f4GX9LIFq2TWNx9vrqEuGecm at mail.gmail.com>
>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>
>>>>> Hi there
>>>>>
>>>>> The address it gives just goes to our ADSL router. I don't know 
>>>>> how the
>>>>> guy
>>>>> was getting to the pc as it definitely isn't an internal person. 
>>>>> At the
>>>>> moment, things seem ok, but I'll keep checking. It would stay fine 
>>>>> for a
>>>>> while, then he would do something :-(
>>>>>
>>>>> Jason
>>>>>
>>>>> On Tue, Jul 6, 2010 at 2:10 PM, Wesley <wesley.werner at gmail.com> 
>>>>> wrote:
>>>>>
>>>>>  My thoughts exactly Robert.
>>>>>>
>>>>>> Jason to get the IP of the machine you're browsing from, go to
>>>>>> http://www.whatismyip.com but that could just show your proxy's 
>>>>>> IP if
>>>>>> you
>>>>>> are behind one.
>>>>>> [Sent via my BB:21F7F343]
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Robert <robket at gmail.com>
>>>>>> Sender: ubuntu-za-bounces at lists.ubuntu.com
>>>>>> Date: Tue, 6 Jul 2010 14:02:26
>>>>>> To: Ubuntu South African Local Community<ubuntu-za at lists.ubuntu.com>
>>>>>> Reply-To: Ubuntu South African Local Community
>>>>>> <ubuntu-za at lists.ubuntu.com
>>>>>> >
>>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>>>
>>>>>> -- 
>>>>>> ubuntu-za mailing list
>>>>>> ubuntu-za at lists.ubuntu.com
>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> ubuntu-za mailing list
>>>>>> ubuntu-za at lists.ubuntu.com
>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>> Nothing is as wonderful as knowing Christ Jesus my Lord. I have 
>>>>> given up
>>>>> everything else and count it all as garbage. All I want is Christ -
>>>>> Philippians 3:8 CEV
>>>>> -------------- next part --------------
>>>>> An HTML attachment was scrubbed...
>>>>> URL:
>>>>>
>>>>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/c1ff7d2d/attachment-0001.htm 
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> Message: 3
>>>>> Date: Tue, 06 Jul 2010 14:18:45 +0200
>>>>> From: Hilton Gibson <hilton.gibson at gmail.com>
>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>> To: ubuntu-za at lists.ubuntu.com
>>>>> Message-ID: <4C331F25.6050709 at gmail.com>
>>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>>>
>>>>> Hi Jason
>>>>>
>>>>> Also check this:
>>>>> http://www.ubuntu.sun.ac.za/wiki/index.php/NetworkSafety
>>>>>
>>>>> Cheers
>>>>>
>>>>> hg
>>>>>
>>>>> On 06/07/2010 14:14, Jason Plank wrote:
>>>>>
>>>>>> Hi there
>>>>>>
>>>>>> The address it gives just goes to our ADSL router. I don't know how
>>>>>> the guy was getting to the pc as it definitely isn't an internal
>>>>>> person. At the moment, things seem ok, but I'll keep checking. It
>>>>>> would stay fine for a while, then he would do something :-(
>>>>>>
>>>>>> Jason
>>>>>>
>>>>>> On Tue, Jul 6, 2010 at 2:10 PM, Wesley <wesley.werner at gmail.com
>>>>>> <mailto:wesley.werner at gmail.com>> wrote:
>>>>>>
>>>>>>    My thoughts exactly Robert.
>>>>>>
>>>>>>    Jason to get the IP of the machine you're browsing from, go to
>>>>>>    http://www.whatismyip.com but that could just show your 
>>>>>> proxy's IP
>>>>>>    if you are behind one.
>>>>>>    [Sent via my BB:21F7F343]
>>>>>>
>>>>>>    -----Original Message-----
>>>>>>    From: Robert <robket at gmail.com <mailto:robket at gmail.com>>
>>>>>>    Sender: ubuntu-za-bounces at lists.ubuntu.com
>>>>>> <mailto:ubuntu-za-bounces at lists.ubuntu.com>
>>>>>>    Date: Tue, 6 Jul 2010 14:02:26
>>>>>>    To: Ubuntu South African Local
>>>>>>    Community<ubuntu-za at lists.ubuntu.com
>>>>>> <mailto:ubuntu-za at lists.ubuntu.com>>
>>>>>>    Reply-To: Ubuntu South African Local Community
>>>>>> <ubuntu-za at lists.ubuntu.com <mailto:ubuntu-za at lists.ubuntu.com>>
>>>>>>    Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need 
>>>>>> help
>>>>>>
>>>>>>    --
>>>>>>    ubuntu-za mailing list
>>>>>>    ubuntu-za at lists.ubuntu.com <mailto:ubuntu-za at lists.ubuntu.com>
>>>>>>    https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>
>>>>>>
>>>>>>
>>>>>>    --
>>>>>>    ubuntu-za mailing list
>>>>>>    ubuntu-za at lists.ubuntu.com <mailto:ubuntu-za at lists.ubuntu.com>
>>>>>>    https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> Nothing is as wonderful as knowing Christ Jesus my Lord. I have 
>>>>>> given
>>>>>> up everything else and count it all as garbage. All I want is 
>>>>>> Christ -
>>>>>> Philippians 3:8 CEV
>>>>>>
>>>>>
>>>>> -- 
>>>>> Hilton Gibson
>>>>> Systems Administrator
>>>>> JS Gericke Library Room 1025D
>>>>> Stellenbosch University
>>>>> Private Bag X5036
>>>>> Stellenbosch
>>>>> 7599
>>>>> South Africa
>>>>>
>>>>> Tel: +27 21 808 4100 | Cell: +27 84 646 4758
>>>>>
>>>>> -------------- next part --------------
>>>>> An HTML attachment was scrubbed...
>>>>> URL:
>>>>>
>>>>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/67fd43ce/attachment-0001.htm 
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> Message: 4
>>>>> Date: Tue, 6 Jul 2010 14:23:15 +0200
>>>>> From: Mike Purves <michael.purves at gmail.com>
>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>> To: Ubuntu South African Local Community <ubuntu-za at lists.ubuntu.com>
>>>>> Message-ID:
>>>>> <AANLkTilYRpJq-ldCKD1e1nLDEt4eMYouFXqvv1yDINiq at mail.gmail.com>
>>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>>>
>>>>> What about wifi access.  Someine in the vacinity has connected to 
>>>>> your
>>>>> work
>>>>> and has found that linux box...perhaps even opened up a back door for
>>>>> himself....
>>>>>
>>>>> Check the users on that machine...perhaps you should acitivate the 
>>>>> root
>>>>> user
>>>>> with a strong password...Check your wifi settings, dont use WEP 
>>>>> etc etc
>>>>>
>>>>> The person is gaining access a limited number of ways...Need to check
>>>>> them
>>>>> one by one.
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>> MP75
>>>>> On Tue, Jul 6, 2010 at 2:14 PM, Jason Plank <plank.jason at gmail.com>
>>>>> wrote:
>>>>>
>>>>>  Hi there
>>>>>>
>>>>>> The address it gives just goes to our ADSL router. I don't know 
>>>>>> how the
>>>>>> guy
>>>>>> was getting to the pc as it definitely isn't an internal person. 
>>>>>> At the
>>>>>> moment, things seem ok, but I'll keep checking. It would stay 
>>>>>> fine for a
>>>>>> while, then he would do something :-(
>>>>>>
>>>>>> Jason
>>>>>>
>>>>>>
>>>>>> On Tue, Jul 6, 2010 at 2:10 PM, Wesley <wesley.werner at gmail.com> 
>>>>>> wrote:
>>>>>>
>>>>>>  My thoughts exactly Robert.
>>>>>>>
>>>>>>> Jason to get the IP of the machine you're browsing from, go to
>>>>>>> http://www.whatismyip.com but that could just show your proxy's 
>>>>>>> IP if
>>>>>>> you
>>>>>>> are behind one.
>>>>>>> [Sent via my BB:21F7F343]
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Robert <robket at gmail.com>
>>>>>>> Sender: ubuntu-za-bounces at lists.ubuntu.com
>>>>>>> Date: Tue, 6 Jul 2010 14:02:26
>>>>>>> To: Ubuntu South African Local 
>>>>>>> Community<ubuntu-za at lists.ubuntu.com>
>>>>>>> Reply-To: Ubuntu South African Local Community <
>>>>>>> ubuntu-za at lists.ubuntu.com>
>>>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>>>>
>>>>>>> -- 
>>>>>>> ubuntu-za mailing list
>>>>>>> ubuntu-za at lists.ubuntu.com
>>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -- 
>>>>>>> ubuntu-za mailing list
>>>>>>> ubuntu-za at lists.ubuntu.com
>>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> Nothing is as wonderful as knowing Christ Jesus my Lord. I have 
>>>>>> given up
>>>>>> everything else and count it all as garbage. All I want is Christ -
>>>>>> Philippians 3:8 CEV
>>>>>>
>>>>>> -- 
>>>>>> ubuntu-za mailing list
>>>>>> ubuntu-za at lists.ubuntu.com
>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>
>>>>>>
>>>>>>  -------------- next part --------------
>>>>> An HTML attachment was scrubbed...
>>>>> URL:
>>>>>
>>>>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/3d192270/attachment-0001.htm 
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> Message: 5
>>>>> Date: Tue, 06 Jul 2010 14:47:33 +0200
>>>>> From: Alf Stockton <alf at stockton.co.za>
>>>>> Subject: Re: [ubuntu-za] My Ubuntu 9.10 has been hacked. Need help
>>>>> To: Ubuntu South African Local Community <ubuntu-za at lists.ubuntu.com>
>>>>> Message-ID: <4C3325E5.1060800 at stockton.co.za>
>>>>> Content-Type: text/plain; charset=UTF-8; format=flowed
>>>>>
>>>>> On 06/07/2010 12:52, Jason Plank wrote:
>>>>>
>>>>>> Hi Guys
>>>>>>
>>>>>> I hope someone can help or give me some advice. I've got Ubuntu 9.10
>>>>>> running on one of our pc's at work as a LAMP server for joomla 
>>>>>> and I've
>>>>>> also got virtualbox installed running NT4 workstation for a project
>>>>>> we're working on. My problem is that some idiot has hacked the 
>>>>>> system
>>>>>> and I can't seem to block him. I've tried turning of Remote 
>>>>>> Desktop, but
>>>>>> he still get's in and changes settings. I've also disabled a 
>>>>>> whole bunch
>>>>>> of startup daemons. We're also behind a DLINK DFL-210 firewall 
>>>>>> and I've
>>>>>> set it to drop incoming RDP and telnet connections, but he still 
>>>>>> seems
>>>>>> to be getting in. Can anyone give any ideas as to what I can do, 
>>>>>> other
>>>>>> than format and redo the system?
>>>>>>
>>>>>>  To identify who logged into my server and from where I have 
>>>>>> entered the
>>>>> following in my /etc/profile on my debian server.
>>>>>
>>>>> echo "Subject: Login on `hostname`" > ./logon.txt
>>>>> echo "by `who | awk '{print $1}'` from URL `who | awk '{print 
>>>>> $5}'`" >>
>>>>> ./logon.txt
>>>>> /usr/sbin/sendmail -t alf at stockton.co.za < ./logon.txt
>>>>>
>>>>>
>>>>> -- 
>>>>> ---
>>>>>
>>>>> Regards,
>>>>> Alf Stockton www.stockton.co.za
>>>>>
>>>>> To err is human, to forgive canine.
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> Message: 6
>>>>> Date: Tue, 06 Jul 2010 16:13:13 +0200
>>>>> From: Andre Rossouw <andre at arnet.co.za>
>>>>> Subject: Re: [ubuntu-za] Nvidia FX5500 with 10.04
>>>>> To: Ubuntu South African Local Community <ubuntu-za at lists.ubuntu.com>
>>>>> Message-ID: <1278425593.10453.6.camel at pe-andrer-5>
>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>
>>>>> Hi, thanks for the response.
>>>>>
>>>>> On Tue, 2010-07-06 at 13:09 +0200, Wesley Werner wrote:
>>>>>
>>>>>> Which Ubuntu version are you running? Have a look here too:
>>>>>> https://help.ubuntu.com/community/NvidiaManual
>>>>>>
>>>>>
>>>>> I'm using 10.04. I'll give that a go this weekend and see how it 
>>>>> goes.
>>>>> -- 
>>>>> Andre Rossouw <andre at arnet.co.za>
>>>>> -------------- next part --------------
>>>>> A non-text attachment was scrubbed...
>>>>> Name: not available
>>>>> Type: application/pgp-signature
>>>>> Size: 198 bytes
>>>>> Desc: This is a digitally signed message part
>>>>> Url :
>>>>>
>>>>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/6651b13a/attachment.pgp 
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> -- 
>>>>> ubuntu-za mailing list
>>>>> ubuntu-za at lists.ubuntu.com
>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>
>>>>>
>>>>> End of ubuntu-za Digest, Vol 58, Issue 5
>>>>> ****************************************
>>>>>
>>>>
>>>>
>>> -- 
>>> ubuntu-za mailing list
>>> ubuntu-za at lists.ubuntu.com
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>
>>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: 
>> https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100706/c351dff1/attachment.htm 
>>
>>
>> ------------------------------
>>
>> -- 
>> ubuntu-za mailing list
>> ubuntu-za at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>
>>
>> End of ubuntu-za Digest, Vol 58, Issue 6
>> **************************************** 

-- 
Hilton Gibson
Systems Administrator
JS Gericke Library Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758




More information about the ubuntu-za mailing list