Jump to content

I Was Hacked!?!


maypo
 Share

Recommended Posts

Hey all. I am running Ubuntu 9.10 on a few boxes at home. Have Verizon Fios router, with wifi through the house, wpa2 with a random alphanumeric password, SSID broadcast turned off and MAC verification on. I was playing around with Ubuntu Remote Desktop, and turned it on on 1 box, allowing viewing and control of the box through Remote Desktop, thinking this was safe, as an intruder would have to get on the local network through the router firewall to hack the box. I was surprised to see that someone was able to get in and control the mouse and open some files on the box. I immediately closed down the box and inactivated Remote Desktop. Any ideas about safety/hackability?? I thought I was doing everything right and no one would have been able to easily get through wpa2. (I know the wifi doesn't extend to the curb, so was someone sitting in my backyard with a sniffer???).

Any ideas are appreciated.

Thanks,

Maypo.

Link to comment
Share on other sites

If the pc itself was using wireless and you enabled something locally that didnt require a login(which I thought linux forces you to do anyway with just about any feature, especially uBuntu with sudo) then they could get in without the router and just via your wifi card as an adhoc network. More than likely though, someone got in through a flaw in your network, maybe even via the internet via router or browser exploit of some sort. Check your router has remote admin disabled and no funky dns settings or port forwarding has been changed as well as what services and ports are open on the uBuntu box. What other machines are on your network? Any windows boxes? Do they share the same passwords with the uBuntu box. If someone compromised another node on your network that shared the same passwords, they could have jumped machine to machine.

Link to comment
Share on other sites

By default the built-in VNC server on Ubuntu is disabled. If you enabled it without changing anything, it will not have a password, but will ask for yer permission if someone is trying to connect.

VNC is pathetically insecure, unless you are tunneling it over something like SSH. Most of the stories I've heard of people being hacked was due to them accidentally or purposely exposing VNC to the internet.

Check the firewall on yer router and make sure there are no ports forwarded that aren't supposed to be.

Link to comment
Share on other sites

There are also some 0-days for certain linux kernels and distros, so be aware of that as well.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...