|
what's going on ?
|
| Author |
Message |
d_olson27
Super Moderator
Posts: 7,091
Group: Super Moderators
Joined: Oct 2010
Status:
Offline
|
RE: what's going on ?
^Yes. Definitely do that (after updating your security software). If restarting your computer didn't work, I think your security may have been compromised.
Friends will let you be who you are. Best friends will never let you forget it. I'm just trying to be everyone's best friend.
|
|
| 05-26-2012 05:04 PM |
|
 |
Phillip J Fry
Unregistered
|
RE: what's going on ?
Okay, I'm upgrading the system from 10.10 to whatever comes after that :/ It's going to take forever but It needs to be done 
|
|
| 05-26-2012 10:29 PM |
|
|
ῦ
Administrator
Posts: 10,317
Group: Administrators
Joined: Feb 2007
Status:
Away
|
RE: what's going on ?
Does this happen with any other devices on your network?
If yes;
You have a problem at the Router. Restore to factory.
If No;
You have a local problem. Which OS are you using; If Windows, how often do you reboot it? What AV are you using?
Regardless of OS; Have you tried alternative DNS? Have you tried flushing your cache?
As far as I am aware, your ISP has no blocks placed against it here.
|
|
| 05-28-2012 09:34 PM |
|
|
Phillip J Fry
Unregistered
|
RE: what's going on ?
It's like this Nu:
1: There's someone or something connecting to computer on the home server when that person isn't on (I've seen this with Ether-ape utility for Linux)
2: I cannot connect to any of my e-mails (Hot-mail) or sign in to any of them (Yahoo) :/
3: I google searched some of the websites I frequently visit and there's this red shield on most of them that reads "Tracked" when I hover my mouse over them.
4: Most recently my "other" Yahoo account was hacked into, and I closed this one off, and I had to delete my face book account for fear of it being compromised, but now my other Yahoo account's probably hacked into and I can't close it off neither.
It's like this attacker has access to my browser's history, cause when I googled all my history, they all show up in the results with that red "tracked" shield right next to them.
I'm not sure what's going on but I don't like it at all
Also I'm using Ubuntu Linux 10.10 and can't upgrade it cause the upgrade manager isn't showing the next version of Ubuntu :'( Should I change my DNS or IP address ?
|
|
| 05-28-2012 11:26 PM |
|
|
ῦ
Administrator
Posts: 10,317
Group: Administrators
Joined: Feb 2007
Status:
Away
|
RE: what's going on ?
I don't know what that Tracked thing is.
I would work to the assumption that you have been compromised or something has broken; have you tried connecting to, say, hotmail.co.uk, or yahoo.ca?
|
|
| 05-29-2012 12:14 AM |
|
|
Gareth
Administrator
Posts: 11,444
Group: Administrators
Joined: Jul 2004
Status:
Offline
|
RE: what's going on ?
kinda hard when the proxy site your using can't access your e-mails :/ I fear I'm being "investigated" cause I talked about ROM hacking on those sites. They should go after "real" criminals and not just some video game enthusiasts
I seriously doubt it's that, if you were the subject of any kind of surveillance you would not know about it (a sniffer would be run at your ISP or they'd use one of the black boxes) and that kind of stuff doesn't happen to low-profile targets such as yourself.
“Lanie, I’m going to print more printers. Lots more printers. One for everyone. That’s worth going to jail for. That’s worth anything.” - Printcrime by Cory Doctrow
|
|
| 05-29-2012 12:17 AM |
|
|
Gareth
Administrator
Posts: 11,444
Group: Administrators
Joined: Jul 2004
Status:
Offline
|
RE: what's going on ?
It's like this Nu:
1: There's someone or something connecting to computer on the home server when that person isn't on (I've seen this with Ether-ape utility for Linux)
2: I cannot connect to any of my e-mails (Hot-mail) or sign in to any of them (Yahoo) :/
3: I google searched some of the websites I frequently visit and there's this red shield on most of them that reads "Tracked" when I hover my mouse over them.
4: Most recently my "other" Yahoo account was hacked into, and I closed this one off, and I had to delete my face book account for fear of it being compromised, but now my other Yahoo account's probably hacked into and I can't close it off neither.
It's like this attacker has access to my browser's history, cause when I googled all my history, they all show up in the results with that red "tracked" shield right next to them.
I'm not sure what's going on but I don't like it at all
Also I'm using Ubuntu Linux 10.10 and can't upgrade it cause the upgrade manager isn't showing the next version of Ubuntu :'( Should I change my DNS or IP address ?
Take a screenshot of point 3, via a photo of your monitor if no other way. Let us see it.
“Lanie, I’m going to print more printers. Lots more printers. One for everyone. That’s worth going to jail for. That’s worth anything.” - Printcrime by Cory Doctrow
|
|
| 05-29-2012 12:18 AM |
|
|
142857
Posts: 6,173
Group: Registered
Joined: May 2010
Status:
Offline
|
RE: what's going on ?
Malware can be sneaky. It can make it look like you have serious problems with your computer and attempt to get you to buy dodgy services that cost hundreds of dollars to "fix" the problem. Do you get messages telling you that your security has been compromised, or anything like that? The messages may look legit.
|
|
| 05-29-2012 12:27 AM |
|
|
Gareth
Administrator
Posts: 11,444
Group: Administrators
Joined: Jul 2004
Status:
Offline
|
RE: what's going on ?
I've figured out some of what's going on here.
First of all, google "cookie law" and click news - that's where the tracked icon is coming from.
As for the weird connections, it's background noise or possibly a misconfigured server that script kiddies are abusing mixed with a bit too much paranoia.
Suggestion - just shutdown any network services you don't need.
“Lanie, I’m going to print more printers. Lots more printers. One for everyone. That’s worth going to jail for. That’s worth anything.” - Printcrime by Cory Doctrow
|
|
| 05-29-2012 12:40 AM |
|
|
Phillip J Fry
Unregistered
|
RE: what's going on ?
Well I could provide you guys with some screen shots, but it's going to be a while. Got to wait till everyone's asleep to catch this unusual activity.
And I've tried to connect to the most frequent sites I visit, but the connection always time outs on me, is why I wanted my account closed on here cause the e-mail I used to create it was compromised as well. I can't access any e-mail services without it acting up later.
This same IP address that accesses this other computer on our server also scans my computer everytime I'm on the internet.
Here's the event's from Fire-starter (my firewall):
Time:May 22 10:25:27 Direction: Unknown In:wlan0 Out: Port:41055 Source:69.171.228.70 Destination:***.***.**.* Length:67 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 23 16:40:18 Direction: Unknown In:wlan0 Out: Port:36622 Source:64.4.34.129 Destination:***.***.**.* Length:290 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 24 01:45:21 Direction: Unknown In:wlan0 Out: Port:55539 Source:184.50.255.139 Destination:***.***.**.* Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 24 01:45:21 Direction: Unknown In:wlan0 Out: Port:41658 Source:184.28.251.55 Destination:***.***.**.* Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 24 01:45:21 Direction: Unknown In:wlan0 Out: Port:37404 Source:23.1.140.20 Destination:***.***.**.* Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 24 01:45:21 Direction: Unknown In:wlan0 Out: Port:37405 Source:23.1.140.20 Destination:***.***.**.* Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 24 01:45:21 Direction: Unknown In:wlan0 Out: Port:37404 Source:23.1.140.20 Destination:***.***.**.* Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 24 01:45:21 Direction: Unknown In:wlan0 Out: Port:41658 Source:184.28.251.55 Destination:***.***.**.* Length:44
184.28.251.55 connects to this other computer on my server by a proxy server as well. The three IP addresses keep scanning my computer the whole time I'm on the internet.
I think 184.28.251.55 connects to the "Other" computer on our sever (The other computer being a Microsoft windows OS) and scans my computer when the person who uses the "Other" computer isn't on :/
|
|
| 05-29-2012 01:49 AM |
|
|
Gareth
Administrator
Posts: 11,444
Group: Administrators
Joined: Jul 2004
Status:
Offline
|
RE: what's going on ?
It's background noise - everyone gets scanned like that when online, personally i'd ignore it.
“Lanie, I’m going to print more printers. Lots more printers. One for everyone. That’s worth going to jail for. That’s worth anything.” - Printcrime by Cory Doctrow
|
|
| 05-29-2012 09:42 AM |
|
|
Phillip J Fry
Unregistered
|
RE: what's going on ?
Well Gareth here's something to interest any Linux user: A scanned result after using rkhunter (root kit hunter) to scan my root directory.
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preloaded libraries [ None found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/fuser [ OK ]
/bin/grep [ OK ]
/bin/ip [ OK ]
/bin/kill [ OK ]
/bin/less [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/lsmod [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/readlink [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/which [ OK ]
/bin/dash [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/curl [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/dpkg [ OK ]
/usr/bin/dpkg-query [ OK ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lsof [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/mlocate [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pgrep [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/rkhunter [ OK ]
/usr/bin/rpm [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/sha224sum [ OK ]
/usr/bin/sha256sum [ OK ]
/usr/bin/sha384sum [ OK ]
/usr/bin/sha512sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strace [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/gawk [ OK ]
/usr/bin/lwp-request [ OK ]
/usr/bin/bsd-mailx [ OK ]
/usr/bin/w.procps [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ OK ]
/sbin/ifup [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/nologin [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/rsyslogd [ OK ]
/usr/sbin/sestatus [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/unhide-linux26 [ OK ]
[Press <ENTER> to continue]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
Adore Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
cb Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
Fu Rootkit [ Not found ]
***`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
iLLogiC Rootkit [ Not found ]
IntoXonia-NG Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
ld-linuxv.so Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx2 Rootkit [ Not found ]
Phalanx2 Rootkit (extended tests) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
'Spanish' Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
trNkit Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
Vampire Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
Xzibit Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
ZK Rootkit [ Not found ]
Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]
Checking for Apache backdoor [ Not found ]
Performing Linux specific checks
Checking loaded kernel modules [ OK ]
Checking kernel module names [ OK ]
[Press <ENTER> to continue]
Checking the network...
Performing check for backdoor ports
Checking for TCP port 1524 [ Not found ]
Checking for TCP port 1984 [ Not found ]
Checking for UDP port 2001 [ Not found ]
Checking for TCP port 2006 [ Not found ]
Checking for TCP port 2128 [ Not found ]
Checking for TCP port 6666 [ Not found ]
Checking for TCP port 6667 [ Not found ]
Checking for TCP port 6668 [ Not found ]
Checking for TCP port 6669 [ Not found ]
Checking for TCP port 7000 [ Not found ]
Checking for TCP port 13000 [ Not found ]
Checking for TCP port 14856 [ Not found ]
Checking for TCP port 25000 [ Not found ]
Checking for TCP port 29812 [ Not found ]
Checking for TCP port 31337 [ Not found ]
Checking for TCP port 33369 [ Not found ]
Checking for TCP port 47107 [ Not found ]
Checking for TCP port 47018 [ Not found ]
Checking for TCP port 60922 [ Not found ]
Checking for TCP port 62883 [ Not found ]
Checking for TCP port 65535 [ Not found ]
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
[Press <ENTER> to continue]
Checking the local host...
Performing system boot checks
Checking for local host name [ Found ]
Checking for system startup files [ Found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ None found ]
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
Checking for hidden files and directories [ Warning ]
[Press <ENTER> to continue]
System checks summary
=====================
File properties checks...
Files checked: 135
Suspect files: 0
Rootkit checks...
Rootkits checked : 242
Possible rootkits: 0
Applications checks...
All checks skipped
The system checks took: 1 minute and 24 seconds
All results have been written to the log file (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
I praise you and nu on your vast knowledge about computers and stuff, but can you tell me what the next step I should take to stop people from logging into my computer using a SSH root login or whatever the f*** this/these a****le's are using to login into my computer ? I'm sorry for the language and the rudeness but I'm a complete noob to when it comes to Linux network security and my Dad isn't always on the Internet 24/7 to see potential risks on our home server, so I'd like to know how I can I stop being a potential risk to our home server, or do you guys know any links to free Linux books on Network security I could download ? free is better as my Dad is struggling to catch up in bills and we're already living on a prayer as it is and we're hoping to survive till the first of June
|
|
| 05-29-2012 01:13 PM |
|
|
Phillip J Fry
Unregistered
|
RE: what's going on ?
I don't mean to sound all p*ssed off, but the last 18 TFS (Team Four Star) videos I downloaded, (11-26)from YouTube were stolen beneath my nose the whole time I was on the internet. Now I have to download them again as we speak, and who knows what this a**hole is doing with my IP address as I type this post. Probably telling his friends that I'm an all out sucker for Linux security and that I'm as easy to hack as an idiotic Microsoft user. So if you guys are going to bit** about my last post then consider how you'd feel if you were in my position right now.
So please forgive me for my language when I say this:
Internet crackers (CRiminal hACKERS) deserve to be a** raped while skinned alive, while someone dumps acid and salt on their bare flesh!
I do hope their sodo****D in federal prison as they reflect on the cyber crimes they committed for the next 5-15 years spent for being so god**mn STUPID! Sorry Administrators and moderators on here but I'm sure you feel the same way about no good sneaky criminals on the internet
|
|
| 05-29-2012 01:56 PM |
|
|
Phillip J Fry
Unregistered
|
RE: what's going on ?
And P.S. I had to stay up all the f**king night to re-download these videos cause I wanted to do as many as I could before I slept and now I have to re-download them from YouTube.
No sleep for me as I don't want to get into the "up all righter routine" again
I really hope that the Cracker who's tracking my moves is seeing this post and is on this site as a guest cause I just want to say this: you better hope that I or my father don't successfully use a whois tracer on your a** cause I will do so many illegal things to your a** that it'll make the worst Lions-gate horror film look like a Disney movie compare to what I want to do to your kind of sneaky a**es.
Please forgive me D_olson, Nu, Gareth as I had had enought of these criminals and is sleep deprived. Now I have to stay up till at least 8 Pm tonight cause I was doing so well in staying on a daily schedule. If you do end up banning me cause of the language and violence I wrote in this post then it's for the best for this site. But remember this:
I'M SLEEP DEPRIVED!
|
|
| 05-29-2012 02:15 PM |
|
|
|
|
Homepage
Avatars
AutTV
Forums
Games
Chatroom
Search
Calendar
Help
