Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: What are the possible hacker backdoors?

  1. #1
    Join Date
    Sep 2008
    Location
    Slovenia
    Posts
    335

    Default What are the possible hacker backdoors?

    Hi all. I don't have any intention to hack anywhere, instead I want to secure my suse 10.2 to prevent possible attacks from outside. I suspect someone did get on my pc (probably some of my coworkers), because around 100GB of my movies and other stuff have dissapered from disk during the night and at home I'm the only one working on this pc. My pc has at least the following connections for disposal:
    1)apache web server (running a simple web page)
    2)ssh
    3)nxserver for gui remote connection

    I did check /var/log/message but there was no message entry for ssh that would be suspicious for that magic night. Unfortunately the nxserver is 1.5v and has no log (soon I'm replacing it with 3.0 that has loggin possible). My pc is behind router and has firewall enabled, but some ports are left open (for nx connection,...) So my questions are:
    1)What or where could be possible backdoors?
    2)How could I prevent or at least limit them?
    3)Which log files do indicate possible atacks or connections attempts?
    Thanks for you help.

  2. #2
    Join Date
    Jan 2008
    Location
    U.K East Anglia
    Posts
    2,581

    Default Re: What are the possible hacker backdoors?

    install rkhunter & run it, it will let you know of any vulnerabilities

    Andy
    To be is to do = Immanuel Kant
    To do is to be = Descartes.
    Do be do be do = Frank Sinatra

    SuSE user since 7.0,Linux user since 1994

  3. #3
    Join Date
    Mar 2008
    Location
    Phuket, Thailand
    Posts
    26,657
    Blog Entries
    38

    Default Re: What are the possible hacker backdoors?

    Quote Originally Posted by arcull View Post
    I did check /var/log/message but there was no message entry for ssh that would be suspicious for that magic night.
    In case they modified the log, ... you could also check your bash shell history. Hackers sometimes forget to modify that.

    In case your movies were on an NTFS partition, is it possible it simply did not mount properly (because of a clean unmount from a recent MS-Windows boot)?

  4. #4
    Join Date
    Mar 2008
    Location
    Phuket, Thailand
    Posts
    26,657
    Blog Entries
    38

    Default Re: What are the possible hacker backdoors?

    Quote Originally Posted by arcull View Post
    3)nxserver for gui remote connection
    Look for someone logging in (via nx) with your password during the night in /var/log/messages (nx users a user account, so it should show up there). You could possibly change your password NOW to avoid a repeat.

  5. #5
    Join Date
    Sep 2008
    Location
    Slovenia
    Posts
    335

    Default Re: What are the possible hacker backdoors?

    Thanks for the hints.
    In case your movies were on an NTFS partition, is it possible it simply did not mount properly
    both disks have just ext3 partitions so this shouldn't be the problem.

    In case they modified the log, ... you could also check your bash shell history
    can you please tell me how to do that. Thanks again.

  6. #6
    Join Date
    Mar 2008
    Location
    Phuket, Thailand
    Posts
    26,657
    Blog Entries
    38

    Default Re: What are the possible hacker backdoors?

    Quote Originally Posted by arcull View Post
    can you please tell me how to do that. Thanks again.
    I'm not at a Linux PC right now.

    I recall (and I have a bad memory) that the command is simply:
    history

    and if that scrolls off the screen type:
    history > bash-history.txt

    and use a text editor to open "bash-history.txt".

    In fact one can go direct to the file (instead) where the history is stored, but I don't know that off the time of my head ... I would need to be at a Linux PC for a dozen seconds to find that.

  7. #7
    Join Date
    Jan 2009
    Location
    PARADISE
    Posts
    929

    Default Re: What are the possible hacker backdoors?

    Interesting topic. Now is it actually possible to remove ALL traces on a compromised system?
    If so I wonder why hackers wouldnt write a small program to automate that task and clean up everything that needs to be removed. Im quite sure thats already the case...

    TheMask.
    CHECK OUT THESE GitHub PROJECTS!

    https://secupwn.github.io/Android-IMSI-Catcher-Detector/
    https://github.com/SecUpwN/Spotify-AdKiller

  8. #8
    Join Date
    Sep 2008
    Location
    Slovenia
    Posts
    335

    Default Re: What are the possible hacker backdoors?

    Thanks oldcpu, I'll check it.
    If so I wonder why hackers wouldnt write a small program to automate that task and clean up everything that needs to be removed
    I'm against hacking if it's used for spying,copying private date and doing any other damages to remote computers and people. On the other hand if it's organized for intentional security investigations with the consent of the "victim" or exclusive for study purposes, then I approve it. Anyway in my case I have just a few malicous coworkers, trying to tease me. Besides, in my opinion linux users in general are more open minded and morally aware, but there are always some fools who are not.

  9. #9
    Join Date
    Mar 2008
    Location
    Phuket, Thailand
    Posts
    26,657
    Blog Entries
    38

    Default Re: What are the possible hacker backdoors?

    Quote Originally Posted by TheMask View Post
    If so I wonder why hackers wouldnt write a small program to automate that task and clean up everything that needs to be removed. Im quite sure thats already the case...
    Hmmm.... possible, but in the processing of removing, one could leave a trace by removing too much. Hence I'm not so certain that is already the case. .. or rather, its the case "perfectly" ... things get missed.

    But I'm always willing to learn on this.

  10. #10
    Join Date
    Jan 2009
    Location
    PARADISE
    Posts
    929

    Default Re: What are the possible hacker backdoors?

    Quote Originally Posted by arcull
    I'm against hacking if it's used for spying,copying private date and doing any other damages to remote computers and people. On the other hand if it's organized for intentional security investigations with the consent of the "victim" or exclusive for study purposes, then I approve it. Anyway in my case I have just a few malicous coworkers, trying to tease me. Besides, in my opinion linux users in general are more open minded and morally aware, but there are always some fools who are not.
    Quote Originally Posted by oldcpu
    Hmmm.... possible, but in the processing of removing, one could leave a trace by removing too much. Hence I'm not so certain that is already the case. .. or rather, its the case "perfectly" ... things get missed.

    But I'm always willing to learn on this.
    Thank you for clarifying that. I totally agree with both of you.
    Now for my opnion such scripts already exist - and if they are properly programmed, no trace would be left of the attack/tease/hack. Thats what I meant in my previous post.
    If anyone would have used such a script in your case, you would hardly be able notice anything besides the loss of your data...

    TheMask.
    CHECK OUT THESE GitHub PROJECTS!

    https://secupwn.github.io/Android-IMSI-Catcher-Detector/
    https://github.com/SecUpwN/Spotify-AdKiller

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •