I just discovered that someone had hacked into my system, and it all started after (or during) the upgrade! I was able to stop the hacking (yanked the Ethernet cable, changed my password, then reconnected and reinstalled my firewall). I then used RKhunter to look for problems. According to RKhunter, there was one file under usr/bin that had been replaced with a larger text file that could be run. I immediately moved that into quarantine. RKhunter also found that Gnome Flashback was too big - 256mb vs 1mb. I'm not sure if that's valid or not.
I actually watched as the person tried to move things around and then started trying to run different programs - and I did have files deleted (like my firewall). I have ClamTK (it seems to be a scanner only),apparmor is in my system (although I don't know how to use it), and I will be changing the rest of my passwords. I scanned regularly for viruses while running 18.04, btw.
Does anyone have suggestions for what to do next? I haven't run ClamTK on my system since the hack, although I'm getting ready to do so. I don't know if it will find anything - and I have had instances where it 'found' viruses in software that was clean (like text files I had made).
The problems started either during or right after the upgrade from 18.04 (which had some different problems that didn't point to hacking - and the upgrade fixed those issues). The hacker was mainly acting in the background, until when I caught that person doing stuff involving the desktop (and deleting files).
(I'd call the police about it, but don't have proof AND the local "Finest", the last time we had someone hack us (got into our router, turn on wifi, turned off encryption, and was downloading huge amounts of data while shutting us out - and then our software detected an attempt to get through our system firewalls) the police said there was nothing they could do, unless we could show that the hacker was doing something like downloading kiddy prn. They saw it happening with their own eyes, and i used "wifi radar" to show them where it came from (a 20 something that had proved to be a real problem!).
(1) Please be aware that hacking happened during (or within minutes after) the upgrade.
(2) I could use advice on what to do to prevent more hacking. I do the updates right away and am careful where I go on the internet.
(3) Could someone suggest software that would help to keep hackers and so on at bay?
Thanks!
Bob
Bookmarks