Help with configuration

5 replies [Last post]
bperry
Offline
Joined: 05/20/2012

I've been having a time with my system being modifed for some mysterious reason and whoever has been doing that replaced a great many of my Trisquel free software with other things. I could go into a lot more detail but how would I ask someone here who is a documented Trisquel user for a long period of time to look at my system and see why this keeps happening to me. It appears to be a rootkit but the log files say that is not the case. That someone has been intentionally modifying my system over and over for some period of time,. A couple of years perhaps. And Trisquel was a good vehicle for me to prove this and the first installatin I made on this OS the modifier put in a great deal of Ubuntu code that was not present in the packages available for Trisqel. Is there anyone who could put a "watch" on my system and get to the bottom of this great mystery. I had previously prepared my systems based on the advice offered at http://debianhelp.wordpress.com but I had the same problem. I ran a root clamtk virus check offline on the previus system and it found twenty viruses in the underlying OS. And I saw someone trying to reroute my package by going through a Windows computer on this same network (I think) and send all my info to somewhere offline. I also saw, about 6 months or so ago, so a number of messages from the folks, or at least I think it was them because I had never heard of them and saw there had been messages left for the computer crackers callng them "script kiddies" and the like on another previous Ubuntu installation which I believe was the 10.04 LTS series. The url I found on that was honeynet.org so I think they were seening this happen a while back. It's a much longer story but I have a certain inherited paaranoid trait and this has just about driven me to the point of breakdown. But now I could see for sure because this was free software only and that the person or persons who were modifying this were not aware of that fact. So it was easy to see. Today and yesterday I started knowing what to delete that they added but I don't know why this has been happening. So I need some help from someone to get this behavior stopepd. I suppose it was someone who was offended because I write political writing under a pseudoname and I suppose someone was upset about that. Or who knows what.

Mampir
Offline
Joined: 12/16/2009

Could you give a specific example of a cracker's activity you've seen
on your computer? For example, names of files they put on your
computer.

Chris

I am a member!

Offline
Joined: 04/23/2011

I'm not sure of what your situation is although it is probably best from a security stand point to backup your files, wipe the machine, and reload.

Is there a reason you haven't done this, don't want to, or can't?

Cyberhawk

I am a translator!

Offline
Joined: 07/27/2010

To ensure a high level of security, you should use a router with a hardware firewall (which should have no rules for port-forwarding configured). Then double check if you have software that listens on some ports for connections, like ssh, Apache http server or the MySQL server, stuff like that.

This will make it considerably more difficult to get inside your computer.

To prevent hackers installing new software if they still manage to get into your machine somehow, you can try making a new password which should:
1. be 7 - 10 signs long for starters
2. include capital letters as well as small ones
3. include numbers
4. include special characters like !, ^, etc.

Also, turn off auto-login if you had it on.

That's all I can think about atm. as far security goes. It's sure a good idea to wipe the HDD and do a clean install first.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

I disagree about you choice of a password. A password can be both secure and easy to remember.

And I agree with Chris: the system should be reinstalled to be certain no rootkit is present anymore.

Cyberhawk

I am a translator!

Offline
Joined: 07/27/2010

Thank you for that link, awesome piece of information! I was basically just repeating what the IT-department of my company told everybody.