Results 1 to 10 of 30
Hi All,
I'm concerned my security has been breached but I don't know how to check it. I noticed at least yesterday (could have been before) that my fans were ...
- 04-12-2011 #1Linux Guru
- Join Date
- Jul 2007
- Location
- California
- Posts
- 1,958
SOB...concerned I've been breached
Hi All,
I'm concerned my security has been breached but I don't know how to check it. I noticed at least yesterday (could have been before) that my fans were running pretty hard, so I checked up on conky and low and behold, my computer is uploading at 200 kb/s....no clue what's uploading or why. I've checked on different users and all of them show the same thing, as soon as wireless is up it begins, I shut down skype, gwibber, essentially everything that I do as a user and it's still showing 200 kb/s, several gigs uploaded (somewhere)?? in the past two days.
How can I check to see what the hell is going on? I'm pretty nervous right now so any help would be greatly appreciated. Is there an easy way for me to see where my things are being uploaded to? Something similar to the top command for cpu and memory? Thanks again....Bodhi 1.3 & Bodhi 1.4 using E17
Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17
"The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"
- 04-13-2011 #2Trusted Penguin
- Join Date
- Feb 2008
- Location
- Kentucky
- Posts
- 4,071
Have you run anything like rkhunter to check for rootkits?
Or do you see anything in your running processes that look odd?Jay
New users, read this first.
New Member FAQ
Registered Linux User #463940
I do not respond to Private Messages asking for Linux help. Please, keep it on the public boards.
- 04-13-2011 #3Super Moderator
- Join Date
- Apr 2006
- Location
- Texas
- Posts
- 7,145
I agree with Jayd, run RKHunter after installing and updating it. Check netstat output for anything foreign.
Use the who command to see if anyone is logged inCode:netstat -a
Check your logs in /var/logCode:who
Here is a good starting point.
Linux Administrator's Security Guide - Linux Attack DetectionI do not respond to private messages asking for Linux help, Please keep it on the forums only.
All new users please read this.** Forum FAQS. ** Adopt an unanswered post.
- 04-13-2011 #4Linux Guru
- Join Date
- Jul 2007
- Location
- California
- Posts
- 1,958
I ended up downgrading from 11.04 to 10.10. I'm not seeing the issue any more. What would be the result of a rootkit issue? Does that mean someone was taking my stuff from my system? Should I start changing passwords??
Bodhi 1.3 & Bodhi 1.4 using E17
Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17
"The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"
- 04-13-2011 #5Super Moderator
- Join Date
- Apr 2006
- Location
- Texas
- Posts
- 7,145
The results of a rootkit could be epic pwnage! You could be running a Spam network unknown to you or your machine could be "Rented out" by the attacker for a number of different things, none of which are very favorable.
I do not respond to private messages asking for Linux help, Please keep it on the forums only.
All new users please read this.** Forum FAQS. ** Adopt an unanswered post.
- 04-13-2011 #6Linux Guru
- Join Date
- Jul 2007
- Location
- California
- Posts
- 1,958
SOB...how would something like this happen? My passwords are strong, I don't keep root logged in or use su.....a;sdlgkjas;f frustrated
Bodhi 1.3 & Bodhi 1.4 using E17
Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17
"The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"
- 04-13-2011 #7Super Moderator
- Join Date
- Apr 2006
- Location
- Texas
- Posts
- 7,145
Well, you never proved it did happen. Just a hunch, right? The link I posted above should give you some ideas on how it "Could happen".
Originally Posted by jmadero 
Just curious, did you completely reinstall? Including formatting the HD?I do not respond to private messages asking for Linux help, Please keep it on the forums only.
All new users please read this.** Forum FAQS. ** Adopt an unanswered post.
- 04-13-2011 #8Linux Guru
- Join Date
- Jul 2007
- Location
- California
- Posts
- 1,958
Formatted my root directory, not my home. Should I be concerned about my home directory?
Bodhi 1.3 & Bodhi 1.4 using E17
Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17
"The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"
- 04-13-2011 #9Linux Guru
- Join Date
- Jul 2007
- Location
- California
- Posts
- 1,958
directory = partition
Could something else explain 10 gigs uploaded for no reason??
Bodhi 1.3 & Bodhi 1.4 using E17
Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17
"The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"
- 04-13-2011 #10Trusted Penguin
- Join Date
- Feb 2008
- Location
- Kentucky
- Posts
- 4,071
If you downgraded... did you do that before or after you noticed the odd behavior?
Jay
New users, read this first.
New Member FAQ
Registered Linux User #463940
I do not respond to Private Messages asking for Linux help. Please, keep it on the public boards.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts