Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: owned?

  1. #1
    Join Date
    Nov 2005
    Location
    Denver, USA
    Beans
    254
    Distro
    Ubuntu 16.04 Xenial Xerus

    owned?

    so, i'm sitting at my computer (dell inspiron 530 running jaunty) yesterday morning surfing the web, and a message pops up saying "your computer is being controlled remotely by another user" or something like that. my initial thought is "whatever, just a glitch." then windows start moving around on their own and whoever or whatever it is starts typing a URL in a browser window. i panic and shut down my computer.

    i did have "you must confirm each access to this machine" deselected in remote desktop preferences, since i sometimes use vnc to remote into this desktop from my laptop. i selected it and haven't had whatever happened yesterday morning happen again.

    however, this morning, right when starting up some music in totem, i had a bunch of weird empty windows with the ubuntu help center icon (the little life preserver on the upper-left corner in a standard ubuntu install) start coming up. they rapidly got up to over fifty, so i panicked and shut down again.

    i've been (rather naively, i guess) complacent about security in the last two years or so since i moved to linux. i mean, i run all updates, set passwords on things, but that's about it. have i been owned? how would i know? what should i do to prevent whatever is happening, and to fix any security holes i've got now? i've got a base image of this machine that i built in clonezilla...should i reimage in case i've got root kits or back door vulnerablities or something like that now?

  2. #2
    Join Date
    Mar 2008
    Beans
    176
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: owned?

    From what you have described, yes you have been owned. Any box that is believed to be compromised should be re-imaged is my thinking, because you can never trust that system.

    When you reinstall the system, be sure to set up a password for remote viewing and select the box for you to confirm a remote session.

  3. #3
    Join Date
    Apr 2009
    Location
    Sofia, Bulgaria
    Beans
    Hidden!
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: owned?

    My suggestion to you is to reinstall the whole system and the next time use better firewall configuration in which only trusted ip's are allowed through the netfilter. You can also try network and host intrusion detection systems. Also before reinstalling copy all the logs from this system so you can better see what has happened. Hopefully the hacker didn't had time to change them.
    Ubuntu and FreeBSD - The Best!

  4. #4
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: owned?

    I would reboot while not connected to the network, go into the vino-preferences, disable remoted desktop, shutdown, reconnect network, and continue as normal, and see what happens.
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  5. #5
    credobyte is offline Iced Blended Vanilla Crème Ubuntu
    Join Date
    Jun 2009
    Beans
    1,559
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: owned?

    I would definitely go for a clean install .. compromised system can never be enough secure to leave it as it is.

  6. #6
    Join Date
    Nov 2007
    Location
    Sweden
    Beans
    2,200

    Re: owned?

    If you're using an ADSL modem you have the possibility to use an inbuilt firewall in your modem. That's way better security than relying on some software firewall to fix your security.

    As what have been suggested already, have proper routines in how you're handling your passwords, never write them up on some paper and never let them appear in any of your e-mails, be a bit paranoid about security and you'll have less trouble on your next Linux system.
    Debian 11 "Bullseye"
    HP Envy 2021 laptop
    Linux user since 1999.

  7. #7
    Join Date
    Nov 2005
    Location
    Denver, USA
    Beans
    254
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: owned?

    thanks for your advice everyone. i think i'll reimage, as most of you suggested. one quick question, one of you suggested copying my log files. what's the best way to do that?

  8. #8
    Join Date
    Aug 2009
    Beans
    61
    Distro
    Kubuntu

    Re: owned?

    Wow, not good mate

    On this matter, how does one ensure that remote viewing / access is turned off?

  9. #9
    Join Date
    Jun 2008
    Location
    Vancouver Canada
    Beans
    3,139
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: owned?

    Quote Originally Posted by kg84 View Post
    Wow, not good mate

    On this matter, how does one ensure that remote viewing / access is turned off?
    Hi kg84.

    Click system> administration> login window> remote.

    Make sure remote access is disabled.
    Attached Images Attached Images
    I learn something ubuntu everyday.
    dell precision T7500 1Tb hdd x 2
    2.67 Ghz intel xeon X5550 cpu
    nvidia quadro fx 4800-1.5 Gb video card

  10. #10
    Join Date
    Aug 2009
    Beans
    61
    Distro
    Kubuntu

    Re: owned?

    Quote Originally Posted by hansdown View Post
    Hi kg84.

    Click system> administration> login window> remote.

    Make sure remote access is disabled.

    Hiya hansdown.

    Sorted.

    Thanks (again)

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •