Thread: Am I being hacked?
View Single Post
  #7   (View Single Post)  
Old 3rd November 2010
ocicat ocicat is offline
Administrator
  
Join Date: Apr 2008
Posts: 3,319
Default
Quote:
Originally Posted by newbsdied View Post
How do i know i am getting hacked?
By searching for factual evidence, & avoiding hyperbolic traps.
  • The first thing is to look at the log files in /var/log. For starters, look at /var/log/authlog. Assuming that you aren't filtering out SSH traffic at your outermost router, you will likely see sizable attempts to log into root, or guesses to account names & passwords. This happens to most. If you don't want this traffic within your local network, determine whether your router (which I assume is some all-in-one commercial product) can filter port 22 (SSH). If your router can't, either ignore the problem or begin studying pf(4) to build your own firewall. A popular tutorial is:

    http://home.nuug.no/~peter/pf/

    Also, begin serious study of pf(4) as presented in the official FAQ:

    http://www.openbsd.org/faq/pf/index.html
  • Do you have a static IP connection to the Internet or DHCP? Are you leaving your connection open to the Internet all the time? This is a possible reason for why you are attracting script kiddies. They are simply looking for working IP addresses, & once they find one, they run their little scripts which will begin poking. If you leave access to the Internet on all the time, this gives them plenty of opportunity to look for holes.
Quote:
Every flavor of linux/unix i try crashes. My windows crashes. It never used to happen.
Okay, begin looking for common themes. Either your hardware is going bad, or you are perpetuating bad habits.
Quote:
I have the strictest firewall settings on all OSs. I have 30+ charector passwords. i have a wireless router with a strict firewall running wpa2 with 30+ random keys (numbers, upper, lower case, symbols). I keep up with patches and updates on all systems.
My suggestion would be to go to a library & begin reading introductory networking texts. Douglas Comer is a good author for starters.
Quote:
I even have sudo disabled. I have to SU to wheel user then su to root to make changes.
Personally, I believe sudo(8) is a better choice, but that is my opinion.
Quote:
So can someone help me? how do i trace an attack?
Learn networking, pf(4), & tcpdump(8).
Quote:
This week a new problem came up without making any changes. Now when i try to increase the backlight on my laptop, the backlight turns off completely. this happens in openbsd only.
Even though you are the originator of this thread, you are changing subjects. Since you have already started a similar thread on this topic, I would advise anyone responding to this thread to ignore this last unrelated subject.

Still, upon review, you have already strayed once before. Your initial inquiry was on "error 1" before digressing into concerns over being hacked. Please, stay on one subject. If you want to discuss something else, start a new thread.

Our goal to to faciliate searching as lots of people search these threads. One way to make this simple is to limit threads to a single subject.
Reply With Quote