Focus on Linux
Did I get hacked? Feb 11 2007 07:43PM
Grant (emailgrant gmail com) (6 replies)
Re: Did I get hacked? Feb 27 2007 09:10PM
Alexandros Papadopoulos (apapadop alumni cmu edu)
Re: Did I get hacked? Feb 23 2007 04:44PM
BJ Dierkes (wdierkes 5dollarwhitebox org)
Re: Did I get hacked? Feb 14 2007 03:15PM
terry white (twhite aniota com)
Re: Did I get hacked? Feb 14 2007 01:11AM
Greg Metcalfe (metcalfegreg qwest net)
On Sunday 11 February 2007 11:43, Grant wrote:
> The entire contents of my /home/grant/vmware folder have suddenly
> disappeared. I haven't noticed anything else strange yet. I did
> configure and start shorewall for the first time yesterday instead of
> using a few iptables commands from the Gentoo Home Router Guide, and
> I'm running PenguinTV (a video RSS aggregator with an ebuild in
> bugs.gentoo.org) and transmission (a bittorrent client in portage) for
> the first time. My shorewall config is here:
>
> http://archives.gentoo.org/gentoo-user/msg_108375.xml
>
> What should I do next?
>
> - Grant
Not nearly enough info for anyone to make a call on wether you got hacked. You
might bear in mind that 99% of the time, this sort of thing is the result of
an accidental 'rm'. What you should probably do next is look at your shell
history file to see if that might be the case.

If nothing turns up, check your system logs, etc. Consider this as a good
reason to run some sort of host intrusion detection system. You might even
consider writing a rudimentary HIDS yourself.

Doing the research required to do anything like a good job of it will teach
you a lot about what to look for in the future. No offense meant, but you
won't get far into a project like that before you realize that you haven't
given anyone *nearly* enough information to answer the question, "Did I get
hacked?"

Someone with the *exact* same system configuration might be able to answer
your question (most probably if they've been hacked, and can prove it) but
that's pretty unlikely. Gentoo isn't that popular (nothing against it, for
you Gentoo folk, but it really does have minor market share compared to, say,
Ubuntu, Debian, Fedora, or RH).

So you're asking a very generic question, usually immediately assignable to
operator error, about a somewhat specialized distro, with a very specific
loadout.

I wish you well, but that's going to be tough question to get a good answer
to. OTOH, maybe a few Gentoo aficionados will be pissed at my response,
research the problem within an inch of it's life, and come up with an
immediate answer, just to prove me wrong. That would fix you up nicely, and I
hope it happens. I'm just a bit doubtful.

[ reply ]
Re: Did I get hacked? Feb 13 2007 08:46PM
Isaac Perez Moncho (suscripcions tsolucio com)
Re: Did I get hacked? Feb 13 2007 07:19PM
Manuel Arostegui Ramirez (manuel todo-linux com)


 

Privacy Statement
Copyright 2010, SecurityFocus