Find the answer to your Linux question:
Results 1 to 5 of 5
Now this could be just my fault or I might have been cracked, I haven't any idea at this point. Lemme start off at the beginning though: Things were going ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User George Harrison's Avatar
    Join Date
    Mar 2005
    Location
    Pepperland
    Posts
    445

    uh-oh, I think something bad happened to my slack box...


    Now this could be just my fault or I might have been cracked, I haven't any idea at this point. Lemme start off at the beginning though: Things were going great for me, I found my home with Slackware 10.1 and I put on slapt-get and things were going quite well. Then I sort of figured out how to use pkgtool, I went to linuxpackages.net and I downloaded firefox 1.0.6 for i686 and I went in as root and did makepkg firefox.tgz and installpkg firefox.tgz and it looked like it was going well it then asked me if I wanted it exclusively have this package under "root.root" or something, I was doing this resonably late last night so I said yes and it was finished afterwards I went to bed (forgot to turn computer off). I wake up this morning and click on the terminal on the kicker to try to launch Firefox from it but it just says "cannot open /home/commandercool/kicker/terminal it has been malformatted" (example, and no my user is not commander cool, I just thought it would be funny to put that in there). It seems as though all the kicker icons were malformatted and I everything from the start menu refused to launch. I kill X, exit out and try to log in as user "cannot cd into /home/commandercool" umm.. ok now I'm getting worried, so let's try root

    "login: root"

    "password:foo_example_blah"

    Sorry

    AHH!! In a panicked rush I format and threw Debian on my box, I don't know what happened. Was this my fault for putting everything as root for the pkgtool question? If so why was I not able to log in as root? I was not running a server at all, I dunno what happened here.
    Registered Linux user #393103

  2. #2
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682
    Since you wiped Slack, you really can't tell what happened to your box. When something like this happens, I'd run a rootkit scan and check all logs for anything that looks odd. That's always the starting point.

    Unfortunately, this isn't possible if you've wiped Slack.
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

  3. #3
    Linux User George Harrison's Avatar
    Join Date
    Mar 2005
    Location
    Pepperland
    Posts
    445
    Yeah.. I was in a panicked rush and erased it. It really scared me when I couldn't log into root. I did have chkrootkit installed actually but what good would it have done if I could not get into my system? It kicked me out when I tried to login to my user and root. I think I did the right thing and formatted the moment I knew what was going on.
    Registered Linux user #393103

  4. #4
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    Disconnecting the net and resetting the root password in single mode would of been the best thing to do, then you can figure out what was wrong, why it was wrong, and how to fix it so it doesn't occur again.
    If the machine still didn't allow you to login after you reset the password, the chances are high that it just wasn't allowing local root logins, I have root logins on the local machine disabled and always use su from a user account, if I do something that stops me logging in at all then I can just fire up install cd 1 and recover the system with the command line it provides

  5. #5
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,844
    Quote Originally Posted by Krendoshazin
    Disconnecting the net and resetting the root password in single mode would of been the best thing to do, then you can figure out what was wrong, why it was wrong, and how to fix it so it doesn't occur again.
    If the machine still didn't allow you to login after you reset the password, the chances are high that it just wasn't allowing local root logins, I have root logins on the local machine disabled and always use su from a user account, if I do something that stops me logging in at all then I can just fire up install cd 1 and recover the system with the command line it provides
    That would have been my response - no headless chicken mode, I run more than one computer, and I'd want to know whether I had been hacked and how much damage had been done. The first step in that is to to unplug the wire from the NIC and try to get access without a reboot, using any of the user accounts if root isn't available. I think it's quite important if I'd made a mistake allowing someone into the system to try find out what I'd done wrong, that way I could prevent it happening again.
    Linux user #126863 - see http://linuxcounter.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •