Been hacked/need advice

I learned recently that people had been snooping on my computer. The worst repercussions from what I can tell will probably be embarrassment. Don’t know how long it’s been going on, or exactly what they took, but I’m a little spooked right now.

I had run tests and didn’t see anything unusual, but I guess I was careless. I’m offline now, and don’t know at this point how this all happened. I need to figure this out before going back up and making the same mistakes. Any advice?

You didn’t say how that access was made to your computer…?

I’m not sure at this point, that’s what I need to resolve before going back online.

If you have a reasonable suspicion that your system has been hacked, yet do not know what has been changed → trash the system and do a fresh install. There’s no way to be sure that what you check now is not corrupted either.

But to be honest: I doubt that your suspicion is actually reasonable - so tell us a bit more.

You need to give us a clue what makes you think this way…

What sensitive data you have on it (Eg; Passwords) LOL - Hope not.
Plan for a complete format and re-install

I had suspicions at one point, but couldn’t find anything unusual (ports, rootkits). Then I started getting hints from people, and finally somebody was chowning user files on my sytem. I unplugged at that point, and I have done a new install. I’m thinking of closing everything but http at this point.

So did you have ssh open or something? Did you check ssh logins? Or whatever. I’m still blindfold here…

SSH was disabled by default, don’t really have any need for it. Never did check the login, though.

chief sealth wrote:
> I started getting hints from people, and finally
> somebody was chowning user files on my sytem.

did these folks who gave you hints have physical access to your computer?

that is, could they walk up and touch it while you were not in the
same room with it?

if so, that is most likely the source of your problem…

if you don’t have physical security you have no security…

well, there are ways but they get kinda wild…

CAVEAT: [posted via NNTP w/openSUSE 10.3]