I was hacked

[MikeCyber]

Hi
someone has placed a rootkit/remote desktop via a old, rarely used website login based on a dictionary word. How has he done that? I only managed to boot from CD, changed passwords and still need to reinstall all os including bios...
Thanks and regards
ps is it normal to have a BCD folder in the system-reserved/Boot directory?

[TheFu]

Not enough facts to say anything. Act like we are 12 and need proof.

[MikeCyber]

Return-Path: <Aaron@smith793.edu>
X-Originating-IP: [5.239.113.129]

That sounds bad. Many problems with that ip. I wont boot windows anymore but format all. Enough work for the next days and lost data...

[TheFu]

So, you don't want any help figuring out what might have happened by providing facts?

[MikeCyber]

i only boot from cd. i have no facts only that email askin to pay. read above ive asked how such can be done. bios and ubuntu is flickering because of rootkit

[lisati]

That sounds bad. Many problems with that ip. I wont boot windows anymore but format all. Enough work for the next days and lost data...

A quick bit of research indicates that a device that has recently used that IP address has likely been compromised. Your best defense is to report incoming emails originating from that address to the relevant provider, and stay well clear of opening any attachments contained therein.

[MikeCyber]

Yes I was aware and never opened any unknown email attachments. That's why I'm surprised and wonder how he could place a rootkit only by knowing one of my old, simple web passwords. Is there a know vulnerability in 18.04?
Aargh wanted to delete MBR but deleted also partition table. Hopefully gparted can repair that...
Any help on how to flash the Bios on my Asus Z87Pro? Thanks

[TheFu]

Any system that isn't patched routinely will quickly become hackable. In the last 12 months, there have been 2 remote access attack vectors to gain root that any linux system connected to the internet would be susceptible. If you layer on an unpatched web server with a bonehead password, then it is just a little easier.

Once on the system, there are almost always methods to elevate to root. Every OS has bugs.
Security of 18.04 is unproven. Only time can provide any assurance for security. 18.04 replaced a few fundamental networking packages. Those new packages have a very short time in the world to prove their security unlike the prior packages which had years - some had decades - of avoiding attacks.

Don't forget that a careless admin can setup a system in a way that allows all sorts of non-admin users to gain higher privileges. Strong file and directory permissions are central to Unix security, but a user and admin can override the defaults without consideration. For example, web-admins often setup upload directories with 777 permissions, because it is easier than doing it right.

If you "only boot from cd" then the OS is out of date and unpatched. That is fine for a client system, but not for a server. For example, booting from a read-only CD to do online banking is the recommended method for CFOs worldwide. https://krebsonsecurity.com/online-b...or-businesses/ But running a server is completely different. Servers need multiple layers of security, constant monitoring, and versioned, automatic, backups so that once an incident happens, research in all the changes over time is possible.

I've been hacked 3 times now, since the early 1990s. The last was in 2014 while at a security conference - they got in over bluetooth on a 100% patched system. I don't enable bluetooth on any devices anymore after doing more research.
All the hacks were my failure to properly secure the system. All of them. A painter doesn't blame his brush after making an ugly portrait. It is frustrating, but hardly the brushes fault.

[mcyber4]

Yes that monkey also hacked my Phone via Bluetooth. I've trashed both my old 50.-$ phone and 10y old monitor that I couldn't reset. Luckily my expensive TV doesn't have Bluetooth. I was hacked around 2000 twice on Windows and only last year twice on Ubuntu. Probably by the same baldie, stinky monkey.
Firewall and

lynis are on my to do list. Looking around for some intrusion detection and trace apps but consider even chromebooks if they run Linux apps.

[mcyber4]

I'm in the process of updating my 5y old PC and wonder if my cdrom could be hacked alike my Monitor? Something else? Basically I only want to keep my cdrom, casing and power supply. I've not yet tried my cdrom and powersupply, should be no risk I guess? Thanks