My Ubuntu PC Was extremely hacked.

Asked by reptileguy on 2008-12-09

On 12-07-2008 My Ubuntu PC Mysteriously opened the text writer known as Gedit, And there in front of me it spelled out the hacker wrote "I am the devil" I asked the hacker who he was and he just kept saying Satan ad stuff like that, He then deleted all the text we had written, and took control of my mouse, and computer for a minute or two, so I would consider this a serious issue for Ubuntu, How do I fix this, I installed Guarddog, But it says im not a super privileged user and im an administrator to the system. So yeah there is a huge security breach.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
2008-12-10
Last reply:
2009-07-14

This question was originally filed as bug #306388.

Bernhard (b.a.koenig) said : #1

Interesting, I have a gedit session where I can talk to Freddie Krueger. :)

Martin Kossick (hacktick) said : #2

Thank you for taking the time to report this issue and helping to make Ubuntu better. Examining the information you have given us, this does not appear to be a bug report so we are closing it and converting it to a question in the support tracker. We appreciate the difficulties you are facing, but it would make more sense to raise problems you are having in the support tracker at https://answers.launchpad.net/ubuntu if you are uncertain if they are bugs. For help on reporting bugs, see https://help.ubuntu.com/community/ReportingBugs.

I personally would recommend you to reinstall ubuntu and change all passwords. It could be a risk to connect to the internet before reinstalling.

goto (gotolaunchpad) said : #3

Reinstall Ubuntu from a CD and while doing that delete the whole hard disc drive (But everything is gone after that). Be sure to get the Ubuntu CD from an independent source.
Be sure to use really save passwords.

I hope this is a joke, and if so, then please stop doing things like this, we have better things to do. If this is no joke, then sorry. Are you sure that this could not be your brother or so who has physical access to your computer and maybe knows your password?

Tobias Wolf (towolf) said : #4

Sounds like a VNC session that was enabled for remote mouse and keyboard. Do you have Remote Desktop enabled in System → Preferences → Remote Desktop? Maybe a prank by someone.

reptileguy (brantjterry) said : #5

Im not at home right now but ill check on that remote desktop thing when i get home. Thank's, yeah he did it again last night and put nude pics on my desktop i guess of himself, I just deleted them he kept putting multply shots of the same imagines on my computer, he was ver fast, I just unpluged the ethernet cord, and restarted the system.

Bernhard (b.a.koenig) said : #6

You talked about your warrenty: does that mean you bought the computer with Ubuntu preinstalled?
Maybe you had some insecure personal settings from that install? Like remote desktop?

reptileguy (brantjterry) said : #7

YEs I bought the omputer from a store that sells used computer but instead of putting microsoft on them they put Ubuntu, And Ubuntu Is all they work with.

Do you have the Ubuntu install cd...?
Please also consider the most secure way is to reinstall Ubuntu...
so you are sure no trick software is installed on it...

If you think that reinstall Ubuntu is good for you and you have an unofficial Ubuntu live install cd
please check the md5sum of that cd and compare it with official md5sums.

Please ask if you are in trouble.

Thank you

reptileguy (brantjterry) said : #9

So Yesterday I got on my system and there was over 2000 New Icons on the desktop, that this guy put on there, Most of them were pornographic images I guess of his privates. (yeah thats really weird) this guy has problems, My computer would barily run because of the Icons. So i deleted them and then went to the system>preferences>remote desktop, and sure enough it was all checked off so a remote user was able to obserce my system and control from a remote place, So I unchecked those, And I was told to turn my ssh port off, I hadnt realized it was on. and so I was observing the auth.log on the system log and it lookedf like he was attempting to log in but couldnt, so Im still watching it though.

Bernhard (b.a.koenig) said : #10

You should probably contact the place you bought the computer and make them aware of that problem.

Jim Hutchinson (jphutch) said : #11

That is certainly some odd behavior but even a remote desktop session cannot work if you don't have ports open on the router (unless you don't use a router) unless you are "dialing out". If you do have a router, I'd make sure you don't have open ports or any kind of port forwarding. You can use a site like shields up (https://www.grc.com/x/ne.dll?bh0bkyd2) to test and see what is visible from the internet. Might be a good place to start.

kevmitch (kevmitch) said : #12

Here's a question. Everyone is assuming that this is coming from OUTSIDE. Could it be someone you know perhaps on the same router as you?

igneousquill (igneousquill) said : #13

First, notify the store you bought it from of what happened. It might be easier to just direct them to this thread.

Second, once the store is aware of what happened, get (or burn) a fresh Ubuntu live CD of your own and do a complete new installation. With Ubuntu a new installation incredibly easy and should take you no more than 15 minutes from start to finish. Of course, be sure to back up any of your personal files to a USB drive beforehand.

Can you help with this problem?

Provide an answer of your own, or ask reptileguy for more information if necessary.

To post a message you must log in.