Find the answer to your Linux question:
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 30
Hi All, I'm concerned my security has been breached but I don't know how to check it. I noticed at least yesterday (could have been before) that my fans were ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru jmadero's Avatar
    Join Date
    Jul 2007
    Location
    California
    Posts
    1,998

    SOB...concerned I've been breached


    Hi All,

    I'm concerned my security has been breached but I don't know how to check it. I noticed at least yesterday (could have been before) that my fans were running pretty hard, so I checked up on conky and low and behold, my computer is uploading at 200 kb/s....no clue what's uploading or why. I've checked on different users and all of them show the same thing, as soon as wireless is up it begins, I shut down skype, gwibber, essentially everything that I do as a user and it's still showing 200 kb/s, several gigs uploaded (somewhere)?? in the past two days.


    How can I check to see what the hell is going on? I'm pretty nervous right now so any help would be greatly appreciated. Is there an easy way for me to see where my things are being uploaded to? Something similar to the top command for cpu and memory? Thanks again....
    Bodhi 1.3 & Bodhi 1.4 using E17
    Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17

    "The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"

  2. #2
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    Have you run anything like rkhunter to check for rootkits?
    Or do you see anything in your running processes that look odd?
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  3. #3
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    I agree with Jayd, run RKHunter after installing and updating it. Check netstat output for anything foreign.
    Code:
    netstat -a
    Use the who command to see if anyone is logged in
    Code:
    who
    Check your logs in /var/log
    Here is a good starting point.
    Linux Administrator's Security Guide - Linux Attack Detection
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

  4. #4
    Linux Guru jmadero's Avatar
    Join Date
    Jul 2007
    Location
    California
    Posts
    1,998
    I ended up downgrading from 11.04 to 10.10. I'm not seeing the issue any more. What would be the result of a rootkit issue? Does that mean someone was taking my stuff from my system? Should I start changing passwords??
    Bodhi 1.3 & Bodhi 1.4 using E17
    Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17

    "The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"

  5. #5
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    The results of a rootkit could be epic pwnage! You could be running a Spam network unknown to you or your machine could be "Rented out" by the attacker for a number of different things, none of which are very favorable.
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

  6. #6
    Linux Guru jmadero's Avatar
    Join Date
    Jul 2007
    Location
    California
    Posts
    1,998
    SOB...how would something like this happen? My passwords are strong, I don't keep root logged in or use su.....a;sdlgkjas;f frustrated
    Bodhi 1.3 & Bodhi 1.4 using E17
    Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17

    "The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"

  7. #7
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    Quote Originally Posted by jmadero View Post
    SOB...how would something like this happen? My passwords are strong, I don't keep root logged in or use su.....a;sdlgkjas;f frustrated
    Well, you never proved it did happen. Just a hunch, right? The link I posted above should give you some ideas on how it "Could happen".
    Just curious, did you completely reinstall? Including formatting the HD?
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

  8. #8
    Linux Guru jmadero's Avatar
    Join Date
    Jul 2007
    Location
    California
    Posts
    1,998
    Formatted my root directory, not my home. Should I be concerned about my home directory?
    Bodhi 1.3 & Bodhi 1.4 using E17
    Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17

    "The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"

  9. #9
    Linux Guru jmadero's Avatar
    Join Date
    Jul 2007
    Location
    California
    Posts
    1,998
    directory = partition Could something else explain 10 gigs uploaded for no reason??
    Bodhi 1.3 & Bodhi 1.4 using E17
    Dell Studio 17, Intel Graphics card, 4 gigs of RAM, E17

    "The beauty in life can only be found by moving past the materialism which defines human nature and into the higher realm of thought and knowledge"

  10. #10
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    If you downgraded... did you do that before or after you noticed the odd behavior?
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

Page 1 of 3 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •