Hi there, i'm new at linux, and don't know much about it.
I have a problem, i was watching my message center of my photography site account, and them my page changed to www.ardeamor.com (thats portuguese) i didn't do anything, and i didn't knew that page, could someone be playing in my PC?
Please help, i don't want this "oh i'm the greatest" hackers wannabe in my PC...
Oh, and i'm using SimplyMepis Linux and i thing that the firewall GuardDog is working.
Sorry if i sound sooo newbie, but i am, i'm used to windows (i know, that sucks)

Thanks...

Hmm, that's not a good sign. You should be able to tell if it is or not working. Anyhow a couple things:

1. Check your processes. Anything running that shouldn't be?
2. Check what modules are loaded. Again, any modules that shouldn't be loaded.
3. Check your logs. Who's been logging in and from where
4. Check your configs. Look at the timestamps to see if they were modified recently and by who
5. I'm guessing you don't have tripwire or AIDE or some kind of file/binary auditing program. Install it and see if it detects any rootkits and/or hidden processes
6. Do a netstat and see the connections established on your box, and which ports are open.

That's for starters.

-twantrd

i'm not sure if an uber-newbie would know what processes "shouldn't" be running...

iguana, this could have simply been a advertisment javascript redirection or something like that... i mean, it's good that you are concerned about security and stuff, but you'd need more than a URL redirection to have any real worries... that's why twantrd made those great suggestions about things to check... he's completely right, you should definitely be able to tell if your firewall is working or not... we can help you with that if you post the output of this command (you'll need to be root to run it):also, you should scan your box remotely... here's a site that will scan your box for free:

https://www.grc.com/x/ne.dll?bh0bkyd2

as for the browser thing, what browser do you use?? if it's firefox, you might wanna look into this extension:

http://www.noscript.net

I got that right... lol. too newbie...
I asked because it was happening to a friend of mine things like, firefox closing it self, page changing all by itself (like happened) to me, and it was a guy from the department were my friends studies...
Thanks for those cool links, the grc link said that my PC is safe. (i made have upgragraded my disto since that thing happened too)
About the command, is it safe to post so many info in the forum?
Oh and i use firefox 1.5

Thanks for the help...

yes, it's safe... most of the time you'd wanna edit your external IP address if it appears in the output (using something like "xxx.xxx.xxx.xxx" is common)...

yeah, so do i... i find the noscript extension to be great for giving me a little more peace of mind when surfing the web, especially when i'm surfing free adult websites and stuff like that... it blocks java, javascript, flash, and other nonsense... great stuff IMHO...