I looked rather thoroughly through the /root./.bash_bashhistory file and found to my surprise quite a few commands that looked unfamiliar. For example...
Quote:
ufw
ufw enable
ufw allow proto tcp from 192.168.1.101 to any
ufw
ufw --help
show ARG
ufw show ARG
ufw status
add allow 51413/tcp from *
ufw add allow 51413/tcp from *
ufw add allow 51413/tcp from Anywhere
ufw add allow proto tcp from Anywhere to 51413 from Anywhere
ufw add allow proto tcp from Anywhere to 51413
ufw show aRG
ufw show ARG
ufw status
ufw allow proto udp from 192.168.1.101 to any
ufw status
ufw allow proto udp from 192.168.1.104 to any
ufw allow proto tcp from 192.168.1.104 to any
ufw status
which su
cd ..
cd ..
grep wireshark .*
rgrep wireshark .*
fg
cd /etc/init.d/
cd /etc/init.d/
cd ..
ls -lR iptables
ls -lR iptables*
ls -lR *iptables*
ls -R *iptables*
iptables -nvL -t filter
iptables -nvL -t filter |more
chkconfig --list iptables
apt-get install chkconfig
cd /var/log
ls -l
more ufw.log
ls -l
more udev
emacs auth.log
tail -f auth.log
chmod 755 /var/www
ls -l /etc/passwd
ls -l /etc/shadow
grep shadow /etc/group
grep shadow /etc/passwd
more /etc/passwd
These all look suspicious to me and just yesterday, I had a definite breakin on my Windows 7 machine! They chnaged my password so I couldn't login and made the password hint something sompletlely different than I had there. I think this thread should be closed as "I got hacked good". Since I have done a clean install of linux and Windows with all new "good" passwords.
Comments
Post a Comment