I think I was hacked....

Bob Elzer bob.elzer at gmail.com
Thu Sep 15 06:56:05 MST 2016 

If it really is a minecraft server look for a directory named "world" that
contains another directory named "playerdata"

There would also be a .jar file in the same directory as world

Try   /usr/bin/ls -aCRF | less
And search for those directories

You could at least find out the date the files were created

On Sep 14, 2016 10:01 PM, "Eric Oyen" <eric.oyen at icloud.com> wrote:

> well,
> there might be a way to tell which system utilities got changed. if you
> happen to have a spare box, install an identical setup to your current
> machine. then do an md5sum on all executables. do the same on your current
> box and then on the clean machine, run diff against both generated lists.
> you might find out that you have a root kit or trojan or some other malware
> in operation.
>
> Also, it is likely that someone may have found an exploit on your machine
> (when was it last updated with security patches?).  This is going to take a
> bit of work, but you might just find out what happened.
>
> I had this type of situation crop up in 2004 when I was using a debian
> machine as the house firewall. I thought I had locked everything down and
> even sealed off ports with the iptables script I wrote. NOPE! someone found
> an exploit and the next thing I knew was that I had several infected
> binaries on my system and some invisible process that tried running an
> additional networking service I hadn't previously installed.
>
> teaches me to think I was an expert (I was, but there is always someone
> better).
>
> ah well, its a bit of work, so get cracking.
>
> -eric (from the offices of the technomage guild).
> On Sep 14, 2016, at 4:15 PM, Michael wrote:
>
> I think my tvserver was hacked. I finally wrote to the kodi people because
> nothing 2 of 3 things weren't working and finally the third thing stopped
> working. Here is the message I sent them:
> //////////////////
> primewire has not worked for around 6 months, project free tv stopped
> working around 3 months ago and as of yesterday SALTS stopped working.
> Apparently I had to put the kodiogfile thing on my computer again and the
> log it gave me doesn't look right but here is what it gave me:
> https://paste.ubuntu.com/23179881/
> the prime wire thing I was told was because I needed the new version of
> kodi but I let apt take care of updatin and it hasn't updated yet so I
> figured it wasn't ready. PFTV I figured was following primewire.... and I
> just read in the forums how someone has primewire working so I am just
> messed up. Can ya help a poor ol soul?
>
> I just looked at that URL and it is something about minecraft. huh? I
> don't play minecraft! and that computer hasn't had minecraft.... did
> someone hack into that box?
> \\\\\\\\\\\\\\\
> So I turned the computer off, disconnected it from the internet, turned it
> back on, and changed my password. Then I reconnect the internet and now I
> ask you is there anything else I should do?
> --
> :-)~MIKE~(-:
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20160915/7556875b/attachment.html>

More information about the PLUG-discuss mailing list