I´ve been Hacked!

Someone hacked into my computer. I´m on dailup, so in theory I´m as good as invisible because you get a new ip number every time. However recently every time I dailup and check my mail, I get port scanned. The lights are flashing with port scan attempted 204.16.208.135. This is not supposed to be happening, I´m on dailup and Iḿ on Linux!:eek:

I think I figured it out, something to do with the Evolution mail program and LDAP server. I go rid of them both and the problem seemed to disappear.

I´m thinking is possible that the Hackers have found some way of sending a spam gif that tricks the mail program to overflow, and then take over the mail program or worse my whole computer. Is this possible? And has this happened to anybody recently?

So just because of a port scan you assume that someone is “hacking” you boxorz.

Noxorz, no one is haxoring your boxorz.

But Social, how do you findout if they got in or not?

I did an #nmap -sS -OF -oN CheckHackerIP.txt 204.16.208.135 and I got nothing. And then I did an nmap on a second guy who tried to port scan me ppp652.hay.dailup.dodo.com.au and I got his open ports, and then I reported this guy to his provider which is Dodo. And I got a reply from Dodo that they will look into it, but that´s about it.

But I´m worried that they actually got in because I saw some strange programs on GNUSteps, showing some programs that I don´t use like xchat, rfbdrake, gaim, evolution come up like someone tried to activate them.

I did a google and found all these programs have vulnerabilities. So now I´m a little worried that these hackers actually got smart and found a way to break into Linux.

@Social: hahaheeheehohoharhar…
I get it.

Free_ality, I´m glad to see you have a sense of humour.

And more thing, if there´s anyone out there who knows how to configure pop filters on spamassassin to stop spam and spam gifs, I would love to hear from you. Thanks.

Ahahahahahahaha

LOL ozo you’re not getting hacked…

Until your computer starts popping up with random pr0n or your stuff gets deleted, you’re not being hacked. Portscans aren’t really anything to be concerned with unless they’re repeated a lot.

lol, anybody who uses IE has been hacked then.

ozo, like everyone else has said, I don’t think your being hacked. I don’t know if you back up your harddrives, but that sure wouldn’t hurt anything, if your worried.

Valarking and Lua, thanks for allaying my fears. Maybe youŕe right, I should back up and reinstall. I´ll do that over the next couple of days.

Xchat is an IRC client.
Gaim is another IRC client.
Evolution is email…

All of these applications do not run in the background. They need to be started up (unless you have them to boot up on a startup), So if they are appearing to be running, then you might have a problem.

Since evolution is a mail client, the program shouldnt be listening in on any port and due to the nature of how it runs, it only downloads and save files i.e. e-mails and displays text/ images, so i can’t see any true ‘vulnerabilities’ there. IRC clients are also relativly safe.

I personally would do some port /packet sniffing and see what is actually causing it all :slight_smile: Ethereal is a good app for that.

BTW, try searching that ip address on google. I did “whois:204.16.208.135” and you’ll find a post on a forum about this IP port scanning a bunch of people.

Looks like a port scanning bot is just targeting your IP address. Apparantly it’s just window messenger spam, the type that makes a popup appear on xP which has been abused to advertise.

Here is the location of the IP, just for the heck of it:

http://ip-adress.com/details.php?c=MjA0LjE2LjIwOC4xMzU6NjEuNTIzNDk5Oi0xNDkuNTc0OTA1OlYyRnphV3hzWVE9PTo=

It appears to be in Wasilla, Alaska.

I would suggest you install a firewall like firestarter. Firestarter will also log all incoming connections and by deafault will not allow these connections through. I also notice that if you have a windows system running, the amount of incoming connections increase dramatically.

Also unless you are very careless like using root as a normal account. You will never have a complete system failure using Linux.

One command: “sudo”. One of the reasons I love Ubuntu.

Wow! Arr Matey that´s incredible! You got a satellite picture of where the 204.16.208.135 guy lives! Thatś amazing. I couldn´t stop laughing. I couldn´t port scan his computer, yet you manage the get a picture of the guyś house from outter space. I just can´t believe what you can do with technology. :smiley:

Lukus, unforturnately all these programs run on start up on my computer. In the next day or so I´m going to reinstall everything, and all these programs I´m definetely not going to install. The bad guys are getting smarter, they are out there reading the latest vulnerability postings and working out ways to use it against us.

I still think it was that gif attachment on a spam letter, that tricked the Evolution program and turned it into a server, via LDAP. I couldn´t believe the LDAP and Evolution program were up and running in the background. I got rid of those and the port scannings have stopped.

Kit89, Firestarter sounds like a good program I will have to look into that. And Lukus, yes I was reading about that Ethereal program, I just downloaded it, I think it´s called Wireshark now.

Social, don´t worry the only time I run su, is when I´m installing something or nmapping.

BTW, I did find some cool LInux security links http://www.cromwell-intl.com/security/Index.html

Ozo thats very normal.
http://i14.tinypic.com/491lkw7.gif

Last 7 days I had 28168 attacks on my computer.

28168 Almost bursted tee out my mouth all over the place, damn 28168, still lolling some to that…