Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31

Thread: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

  1. #1
    Join Date
    Jan 2014
    Beans
    50

    I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    I just discovered that someone had hacked into my system, and it all started after (or during) the upgrade! I was able to stop the hacking (yanked the Ethernet cable, changed my password, then reconnected and reinstalled my firewall). I then used RKhunter to look for problems. According to RKhunter, there was one file under usr/bin that had been replaced with a larger text file that could be run. I immediately moved that into quarantine. RKhunter also found that Gnome Flashback was too big - 256mb vs 1mb. I'm not sure if that's valid or not.

    I actually watched as the person tried to move things around and then started trying to run different programs - and I did have files deleted (like my firewall). I have ClamTK (it seems to be a scanner only),apparmor is in my system (although I don't know how to use it), and I will be changing the rest of my passwords. I scanned regularly for viruses while running 18.04, btw.

    Does anyone have suggestions for what to do next? I haven't run ClamTK on my system since the hack, although I'm getting ready to do so. I don't know if it will find anything - and I have had instances where it 'found' viruses in software that was clean (like text files I had made).

    The problems started either during or right after the upgrade from 18.04 (which had some different problems that didn't point to hacking - and the upgrade fixed those issues). The hacker was mainly acting in the background, until when I caught that person doing stuff involving the desktop (and deleting files).

    (I'd call the police about it, but don't have proof AND the local "Finest", the last time we had someone hack us (got into our router, turn on wifi, turned off encryption, and was downloading huge amounts of data while shutting us out - and then our software detected an attempt to get through our system firewalls) the police said there was nothing they could do, unless we could show that the hacker was doing something like downloading kiddy prn. They saw it happening with their own eyes, and i used "wifi radar" to show them where it came from (a 20 something that had proved to be a real problem!).

    (1) Please be aware that hacking happened during (or within minutes after) the upgrade.
    (2) I could use advice on what to do to prevent more hacking. I do the updates right away and am careful where I go on the internet.
    (3) Could someone suggest software that would help to keep hackers and so on at bay?

    Thanks!

    Bob

  2. #2
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    How are you connected to the internet? Did the intruder compromise your router/gateway?
    Please read The Forum Rules and The Forum Posting Guidelines

    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

  3. #3
    Join Date
    Jan 2014
    Beans
    50

    Re: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    That I don't know yet. I've been trying to find problems in my system - something is off because the firewall on my computer was turned off again (it's supposed to stay on).

    I did find a bitcoin miner via rkhunter. It's in quarantine. I'm not sure how bad it is beyond that. I've been doing a full scan of my files (took hours), nothing found beyond the few. Right after I'd finished the upgrade, I had a weird thing happen - a warning of a memory overflow (or something like that) - that was before I started putting back in even basic programs.

  4. #4
    Join Date
    Jan 2014
    Beans
    50

    Re: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    Correction - I believe it was ClamTK that found it.

  5. #5
    Join Date
    Jan 2014
    Beans
    50

    Re: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    OK, more info. I have Global Protect installed (from my school - also my employer). I had a pop-up which stated "PanGPUI assert failure: ***stack smashing detected***:Terminated. Funny thing is that I thought I saw a pop-up like this before - but that was before I had globalprotect installed. I've removed Global Protect (at least I think so). I don't know if that has anything more to do with it, but after I saw the pop-up I tried to remove GlobalProtect via their instructions, and the system returned that it was NOT installed. I found a .sh file for uninstalling and that may have done it, I don't know - the text said that it was uninstalled (and user removed). (I got the software from our IT department.)

    Hope this helps - I've wasted a week and a few days almost nonstop trying to figure out why I was having so much trouble with 20.04!

  6. #6
    Join Date
    Jan 2014
    Beans
    50

    Re: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    (I should add that I JUST had the pop-up a few minutes ago.)

  7. #7
    Join Date
    Aug 2011
    Location
    51.8° N 5.8° E
    Beans
    5,765
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    If a hacker gained access to your computer, the only sure way to get rid of it is to nuke your system and make a fresh install. Format your hard drive, only keep documents known to be clean.

  8. #8
    Join Date
    Jan 2014
    Beans
    50

    Re: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    It took me two days to install everything, and I have literally thousands of documents that I keep (I'm a doctoral candidate and work as a part-time researcher). I don't HAVE two more days to go through and wipe-and-reinstall. I'll lose my job, and that will destroy any hope for a future. Therefore, I need a REAL solution, one that works.

    Let me put it this way - just getting the documents related to my dissertation research re-uploaded (with a fast backup drive) took three hours (that does include data and pictures). My latest (this month's) project for work involves over 400Mb of PDF files that I downloaded and have to read (official reports). I'm not going to start over. I CAN'T.

    There MUST be a different solution - and also this thread was a heads-up that something strange happened during (or just after) installation of 20.04. The symptoms started BEFORE I started uploading my files - and I didn't have any evidence of hacking before.

  9. #9
    Join Date
    Aug 2006
    Beans
    13,127
    Distro
    Ubuntu Mate 20.04 Focal Fossa

    Re: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    There is no way we can know what happened without you providing detailed info, which you seem to have no time for.

    I happen to know a good solution for you, it's <sudo poweroff>.

  10. #10
    Join Date
    Jan 2014
    Beans
    50

    Re: I WAS HACKED WHILE UPGRADING TO 20.04! Suggestions needed!

    I don't need snide and abusive comments either. If you can't help (or don't have reasonable suggestions), keep the comments to yourself. I didn't come here to be abused!

    I don't know WHAT information that might be needed - I'm doing the best I can! (I'm not a newbie, but I'm not a guru or OS enthusiast either. A computer is a tool, plain and simple - nothing more. I use Ubuntu because of all the problems I've had with Microsoft - starting BEFORE Windows.)

Page 1 of 4 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •