I think I was hacked....

Wed Sep 14 22:01:02 MST 2016

well,
there might be a way to tell which system utilities got changed. if you happen to have a spare box, install an identical setup to your current machine. then do an md5sum on all executables. do the same on your current box and then on the clean machine, run diff against both generated lists. you might find out that you have a root kit or trojan or some other malware in operation.

Also, it is likely that someone may have found an exploit on your machine (when was it last updated with security patches?).  This is going to take a bit of work, but you might just find out what happened.

I had this type of situation crop up in 2004 when I was using a debian machine as the house firewall. I thought I had locked everything down and even sealed off ports with the iptables script I wrote. NOPE! someone found an exploit and the next thing I knew was that I had several infected binaries on my system and some invisible process that tried running an additional networking service I hadn't previously installed.

teaches me to think I was an expert (I was, but there is always someone better).

ah well, its a bit of work, so get cracking.

-eric (from the offices of the technomage guild).
On Sep 14, 2016, at 4:15 PM, Michael wrote:

> I think my tvserver was hacked. I finally wrote to the kodi people because nothing 2 of 3 things weren't working and finally the third thing stopped working. Here is the message I sent them:
> //////////////////
> primewire has not worked for around 6 months, project free tv stopped working around 3 months ago and as of yesterday SALTS stopped working. Apparently I had to put the kodiogfile thing on my computer again and the log it gave me doesn't look right but here is what it gave me:
> https://paste.ubuntu.com/23179881/
> the prime wire thing I was told was because I needed the new version of kodi but I let apt take care of updatin and it hasn't updated yet so I figured it wasn't ready. PFTV I figured was following primewire.... and I just read in the forums how someone has primewire working so I am just messed up. Can ya help a poor ol soul?
> 
> I just looked at that URL and it is something about minecraft. huh? I don't play minecraft! and that computer hasn't had minecraft.... did someone hack into that box?
> \\\\\\\\\\\\\\\
> So I turned the computer off, disconnected it from the internet, turned it back on, and changed my password. Then I reconnect the internet and now I ask you is there anything else I should do?
> -- 
> :-)~MIKE~(-:
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20160914/10fee6cf/attachment.html>