1: What version of Ubuntu are you running? Are you dual booting, and is this system networked with other machines, if so what operating platform and versions are they running?
Linux Mint 13, Dual boot with Windows Vista SP 2
I use a Windows 7 SP1 Box with the same modem-- I don't know if that's considered a network
2 : Why do you think you were cracked? Please post a paste from the log file or a screenshot, or written description of what you are experiencing.
I keep noticing my Gmail accounts are being accessed from IP numbers in other US States. I checked under "recent account activity" on my inbox
Examples include : auth.log snippets, syslog snippets, av alerts, rkhunter/chkrootkit reports, odd browser behavior, IDS logs, etc.
3: If this machine is networked with other machines is the same behavior observed there?
Again I use the same modem for my Windows 7 box, but I don't know if you would consider that a network. (one modem, one ethernet cable, only one PC is connected to the web at a time)
4: Is this machine shared between multiple users, or is it for your use only. Also, is it using strong credentials for all forms of authentication?
I have 4 accounts on this computer -- 2 for Linux Mint and 2 for Windows Vista
5: What services are the machine in question running? Also are any other network services running on other machines on the network? If so what are they?
I don't know what services are running. I typed ssh, vnc, mysql, and apache in terminal, and only ssh returned something. The others said command not found are you sure you have " " installed.
6: Did you recently download or install anything from an untrusted source? (IE: PPA, or from the internet, including bash scripts)
I don't know if I got anything from an untrusted source. I only download apps from Official websites. I got Virtualbox from oracle.com
7: Is the compromised machine or network in question on a wireless network? If so what type of security measures are in place? WEP/WPA/WPA2/Open ?
The machine is a laptop, but I don't ever use wireless internet
8: What other security measures are you utilizing on your sytem? Apparmor? UFW? Firestarter? etc...
I'm using UFW uncomplicated firewall and clamtk virus scanner. I think I have apparmor
9: Have you added, modified, damaged or replaced any hardware in the system recently?
No.
10: Is the noticed activity repeatable?
The moment I notice one of my gmail accounts was accessed from a remote IP I delete the account, so I can't really answer this question. It has happened to two accounts recently, and one in the past.
Bookmarks