[mjolnir]

I am and have been the target of hackers hired by a world wide multi-million dollar company after a Wikipedia slip exposed my ip and a bunch of things that they didn't want people to know were exposed. It has been years since and if I plug my system to the internet on a Windows(xp,vista)OS, within seconds my computer is hacked tried all firewalls(Norton, Zonealarm) nothing.

So i'm at SUSE cause of the security, but recent issues have caused me to think about if i'm still being hacked.

First my system is all default settings cause im a noob, and my system was installed a few days ago using the network method(opensuse.org, 10.3 repo)I do all updates. I don't download anything, no p2p, no crazy sites, just browse the internet in firefox and do my work. I had my system kinda crash,("kinda" cause not like windows would) but Yast wouldn't open, couldn't shut down computer, most programs if they did do something would display a blank screen, but I was able to logout and did. I then logged in as root but wasn't asked for my password, never happened before didn't set autologin or anything. It went to the "are you sure" prompt, clicked continue but just grey screen. Now when my SUSE starts up its alot slower then before and the system up-to-date icon takes a really long time to check.

I should mention that the only thing i've installed is codecs that SUSE referred me to when I tried to play a mpeg, thats it. What I was doing when this happened I was browsing in Firefox, had Banshee running and was taking notes using Tomboy(coincidently stuff about the companies corruption). I was trying to quit Banshee but it wouldn't, when I noticed all these problems started cascading.

Anyway to know if my system is hacked? I know I have to reinstall cause its not running right. But are there ways to know if a IP is pinging or portscanning me or other ways to monitor whats going on, on the internet.

Any help or info is much appreciated, Thanks.

[gogalthorp]

This sound more like hard disk corruption.

Press esc when booting it will then show the details.

You should run a low level disk test program like SpinRite ( note this is not a free program) to test and correct sector level problems.

[mjolnir]

Ok thanks you probably right cause I did some partitioning before installing SUSE, might have done something wrong. I always press esc to see if I can see if everything ok, but most info that goes by I have no idea and it goes by way to quick.

Hey I have a boot disk UBCD would that have anything that would help me? Or is there something else i can do?

[Jonathan183]

gogalthorp is probably right ... there are a couple of things you should do though ...
1. do not login as root user unless this is absolutely essential, particularly don't login as root when on the net.
2. if you think the system has been compromised backup data files only and do a clean install.
3. a chkrootkit scan is probably worth doing every now & then ... do the first scan after a clean install and save the output to log files, so if necessary you can compare things in future.

[Dapper Dan]

Hi mjolnir, on the other... assuming your IP address is static, why don't you simply ask your ISP to give you a new address? Or are you running DHCP? If so, shut the machine off overnight. In the morning when you boot up, you should be assigned a new IP address.

A few things you can do:

Run nmapfe to see which ports are open and closed. You can download it from yast if it isn't installed. Also run rkhunter, a command line utility that looks for root kits and other malicious programs. To run:

Code:

rkhunter -c -sk --display-logfile

To see if any ports have possibly been tampered with to listen that shouldn't be:

Code:

netstat -ltun

Have a close look at /var/log/messages to see if there is something amiss there, like someone is entering through ssh (port 22). Having a router configured for security is also a good idea. There are other things you can do, but that should give you enough to keep occupied for now.

[mjolnir]

No i never login as a root user when connected to the net.

Im wondering how to fix my partitions and get a clean install.

And also what tools do you use in SUSE to monitor your network to see if IPs are pinging you or trying to portscan or something.

[mjolnir]

Thanks gogalthorp and Dapper Dan

But to Dapper Dan I do use DHCP through a router and I will always get hacked if running Windows even with Zonealarm on Vista, XP doesn't matter. I tried so many thing for months and regardless within seconds im hacked.

If their is a actual way to hide from whoever I would be ecstatic and could run a Windows and SUSE system, cause I like thing about SUSE alot but haven't been able to run Windows for awhile. If thats possible please let me know how.

[Jonathan183]

Quote:

No i never login as a root user when connected to the net.

Im wondering how to fix my partitions and get a clean install.

And also what tools do you use in SUSE to monitor your network to see if IPs are pinging you or trying to portscan or something.

Download the DVD or CD (from the OpenSUSE website) to do the install from. You can confirm the e5checksum before you burn the CD (the e5checksums are on the OpenSUSE web site).

Backup the data you want and wipe the partitions, if you need Windows as well do a fresh install of that from the Windows installation media (I don't use Windows on the web - but do have machines setup to dual boot).

Ed: I'd always wipe the disk on a compromised system & do a fresh install. Restore only the data you need back to the hard drive otherwise you increase the risk of compromising the freshly installed system. Use new user logins and passwords for all users especially change the root user password.

Make sure you have the firewall enabled and your web access is considered an external zone (you setup the firewall during the install).

I don't monitor for portscans but I do a chkrootkit scan fairly regularly & compare with the scan log from the initial install with the latest scan.

[mjolnir]

Yea I will wipe my partitions and do another clean install, and I do have the firewall active,all the default stuff cause im a noob.

But I am very intrigued at actually being able to run a Windows system online, as i'm hacked within seconds of connecting to the net. I know its not a SUSE question but if someone can tell me how, i'd be very greatfull.

[Jonathan183]

Quote:

Originally Posted by Jonathan183

(I don't use Windows on the web - but do have machines setup to dual boot).

Quote:

Originally Posted by mjolnir

But I am very intrigued at actually being able to run a Windows system online, as i'm hacked within seconds of connecting to the net. I know its not a SUSE question but if someone can tell me how, i'd be very greatfull.

As I said I don't use Windows on the net. If I did, I would download the firewall using Linux. Do the Windows install and install the firewall while disconnected from the net. The other thing I would do is use dynamic IP address (and make sure port forwarding is not set on the router).