Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Every time I do a some surfing with my saved bookmarks, some hack suddenly starts uploading all my files.. So the culprit is obviously one or more of my hundreds of bookmarks.. but I don't know which one, yet.. I'm narrowing it down...
I don't care that the "mindless little monkey" is getting the files on this hd.. It's only my Internet computer anyway... I flash-drive transfer all Internet important things from it, daily, to my unconnected private computers... This way the Internet rarely touches my private HD's, except when they're updating OS's..
This Internet computer has only a few hundred desktop backgrounds, 400 tunes, an empty folder for new pix for transfers, an empty folder for new posts and notes for transfers, and a growing folder full of various Linux distributions which I will eventually make ISO install CD's and test out these many strange installations...
My private computer isn't Net-connected, but only for moments when its acquiring updates.. The moment the downloads are complete, I pull the connection from the tower.. I wish I had an in-line switch to disconnect the Net from the tower.. Is there one?..
Thing is, when that goof is uploading my Internet computer's files, he is seriously slowing down the operation of this low Ram antique tower... I wants to somehow "sour the milk", to give him his reason why to not want to upload my files..
I wants to make an "attack-file" that grabs his uploading connection and locks it in, into a huge 20-gig file of Linux OS ISO's.. so the only way he can disconnect from that file is to reboot or physically disconnect from the Net.. Is this possible?..
"Hacker's Victims Fight Back"...
How can I find if the attacker's OS is Windows, or Linux..?
Ideally, I'd like to somehow start a fire under or in his chair...
One of my hobbies is learning pix-editing by editing nude art.. I suspect the hack is "one of the government's xxx sites, in which they tap into any computer that visits their site"...
Can I lock my files with a password..? I'm not doing anything illegal.. I'm merely learning pix editing... I feel like I'm being treated as a criminal.. And their meddling does slow my computer operations a lot... Eventually I will figure out which sites are the crap sites, and simply boycott them...
Last edited by cosmicbrat; 01-05-2011 at 05:22 AM.
Click here to see the post LQ members have rated as the most helpful post in this thread.
Every time I do a some surfing with my saved bookmarks, some hack suddenly starts uploading all my files..
How do you know this?
If you're using some kind of traffic monitor, can you share its output with us?
Quote:
I wants to somehow "sour the milk", to give him his reason why to not want to upload my files..
I wants to make an "attack-file" that grabs his uploading connection and locks it in, into a huge 20-gig file of Linux OS ISO's.. so the only way he can disconnect from that file is to reboot or physically disconnect from the Net.. Is this possible?..
We don't allow members to help with that sort of thing here. Regardless, your priority should be finding the hole being exploited and patching it ASAP, IMO. The quicker you post some factual, relevant, technical information (log file snippets, connection and process snapshots, etc.), the quicker someone here may help you address this possible breach.
I know this when the hd starts going hyper-active, till I reboot...
I don't have any services running.. no updaters set to automatic.. no indexers... no active processes.. The hd just goes wild...
I link to a few websites, then suddenly the hd is pumping out data about as fast as it loads data into a flash... And the flashing operation's light on the tower flashes the same ways as it does when I'm uploading my files.. And the noisy hd makes the same sounds and spaces as it does when I'm working with pix files... If I remove all my files from my Internet tower, the hacking doesn't happen...
OK, You don't help with this sort of thing.. Can you PM me with a link of someone who does?.. I wants a little revenge for this ongoing abuse and torture...
"Plug the hole".. I thought I did everything to plug such holes...
Which log-files do you recommend I post snippets of?..
I just installed all the traffic monitors I could find in Fedora-14's Yumex.. Now I needs to learn how to use them...
I'm not familiar with Fedora, but there should be some System Monitor-like application that can show your memory (RAM) usage. Please tell us how much of your RAM is used -- as it sounds like it's thrashing (swapping to the hard drive) to me.
I hardly think that if there is someone uploading data from your PC, they'd wait until you clicked a bookmark to start uploading... Or that someone would specifically create a trojan that only works that way.
I once knew a guy who thought someone had uploaded a virus that'd make his mouse play up sometimes - jump across the screen sometimes, be unresponsive, etc - ... he couldn't be told otherwise - he was a Professor tho. :P It was just a bad usb/PS2 adapter that was should have been replaced... which they didn't. Although i did try to plug it in more securely... not that that helped a great deal.
I'd say the posts above are far more likely... it's prolly just swapping data to your swap file. And potentially loading cached data off the HDD.
Last edited by TheVillageIdiot; 01-05-2011 at 08:53 AM.
Errrrm..... I think you maybe dislissuional, other than getting help from a doctor have you concidered its simply swapping to hard drive? >_<
Hi Smiley.. You seem to be the one who is following me all over the Net, casting insults my way every time you post where I've posted... I wish I knew what you wanted from me... Is your name "Gorden..?
I did see a shrink about 8-years ago, to fulfil one of the requirements in a job application.. We had a long fun chat, and joked and laughed a lot, even to tears..
He told me that he feels that I am "more sane than he is".. and he had some time between patients, so he asked me to help him diagnose a few supposedly "fictitious cases"..
After that, he invited me to drop by into his office for coffee and chats any time I was in the area.. and requested that I assist him more with other problem diagnoses... We go fishing and hiking together occasionally... Maybe it's you who should be "getting help from a doctor", sir... Maybe you already are sir..?
I have 20 hd's.. I tried swapping.. It happens on all of them... Thanks for the suggestion.. Have you got any useful ones sir, without the insults please!.. I've heard them all.. They used to sting me, and sometimes bring tears to my eyes, but now they are only boring...
I really would like to solve this thing, so the computer doesn't run so slow when something/someone on the Net is messing in my PC...
How do I test to determine which ports are open.. and what's going in and out of them..?
I would like to get IP-Tables up and running, but I just can't get the dern thing going...
Last edited by cosmicbrat; 01-05-2011 at 12:06 PM.
I once knew a guy who thought someone had uploaded a virus that'd make his mouse play up sometimes - jump across the screen sometimes
One of the "senior" programmers at my last job was convinced we had installed remote desktop software on his workstation so we could spy on him. He came to that conclusion because his mouse would move around on its on or wouldn't react the way he thought it would. He ACTUALLY confronted us(IT staff) that we were spying on him.
No. We have better things to do that to "spy" on people at work. We gave him a new mouse and never heard another peep from him(well at least about that). The guy was a terrible programmer and was let go a few months later due to incompetence.
Maybe he was potentially a good programmer, who couldn't work under the stress you folks laid on him...
Maybe it was all just a personality conflict, in that you folks didn't like that he didn't think like you and believe in what you believe in, and maybe you just did what you had to, to get him fired... Think back on how you treated him.. How would you feel if others treated you the same..?
Do you happen to know how to get IP-Tables working in Fedora-14 sir..?
I have 20 hd's.. I tried swapping.. It happens on all of them...
I think what he actually meant was that your swap area on the disk may be being heavily used due to low memory conditions. In many cases, it would cause symptoms similar to what you have described. You can show us whether this is the case or not by running the free command before, during, and after the perceived issue and posting the output here.
Quote:
I link to a few websites, then suddenly the hd is pumping out data about as fast as it loads data into a flash... And the flashing operation's light on the tower flashes the same ways as it does when I'm uploading my files.. And the noisy hd makes the same sounds and spaces as it does when I'm working with pix files... If I remove all my files from my Internet tower, the hacking doesn't happen...
Okay, but how do you know it's "pumping out data"? Nothing you've posted so far would support that. We don't deal with imagination in LQSEC, we rely on facts. You can use iotop to see exactly which process is generating the disk activity (and amount, as well as type).
Quote:
OK, You don't help with this sort of thing.. Can you PM me with a link of someone who does?.. I wants a little revenge for this ongoing abuse and torture...
I don't see how a PM would change the ethics of this. Besides: 1) I don't really know people who do that kind of thing, and 2) There's nothing to suggest that this issue isn't being caused by something non-malicious. Others have posted examples here to illustrate how easy it can be to mistake non-malicious and malicious activity. With your cooperation, we can help you figure out what's happening.
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
try this
install iptraf (sudo yum install iptraf for fedora, sudo apt-get install iptraf for debian based)
run iptraf in a terminal (must be run as root or with sudo), select network monitor, select the interface in question (the one your internet connection is on) reproduce the issue with iptraf running and watch to see if your computer starts sending traffic and how much and to where
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.