Question:
My Linux PC has been hacked once and attempted a second hack. What do I do?
masteroftitanic
2012-09-15 06:41:44 UTC
Last night, on Facebook, me and my friend were discussing, things, that could'v sparked interest to like the government or something. We were talking about all the 9/11 conspiracy theories, we also talked about how we thought where we live might be a terrorist target. I mentioned we should move to Canada (nobody hates Canada). Then my jackass friend sent the message "and bomb it". Right after that I got a notification that Remote Desktop had been activated. My security settings were modified so they didn't need my password or my confirmation to access my computer. I was unable to disconnect them so I instantly unplugged my computer. I logged back in a few hours later. i fixed my security settings, checked facebook and talked to the jackass friend that started it. He told me that his computer was also accessed, but he uses Windows. After a couple minutes of talking to him we both went to bed. I woke up this morning with a message on my computer screen. They tried to connect again while i was sleeping. I got their IP address.

Their IP address was:
static.121.187.9.5.clients.your-server.de

I tried looking up this IP and came to a website, a Japanese website, this IP was mixed in with a bunch of other ones.
What should I do? Should I be worried?

This is my computers OS:
Linux Ubuntu 11.04 Natty Narwhal
Five answers:
Mark
2012-09-15 09:49:58 UTC
Go to police station and report the IP
anonymous
2012-09-15 07:13:35 UTC
I suspect this is a troll or uncommonly elaborate hoax for Y!A. A route trace on that address resolves to 5.9.187.121, and checking the authoritative whois server (RIPE NCC) for its address block shows the IP address is assigned among a small block of 16 IPs to someone in Iran.



If you leave your remote-control ports open to all outside connections, then you don't belong on the interwebs, and if the NSA is interested in monitoring you there are far more effective and subtle ways to do so than brute-forcing a remote control service connection via a poorly obscured Euro-zone IP under a fake Iranian profile.
?
2012-09-15 09:12:35 UTC
Ubuntu 12.04 is out and Unity is SOOO much better you may want to upgrade

It is supported for 5 years

Did you explain to your friend that HE/SHE IS A COMEPLETE DUMASS AND THAT YOU SHOULD NEVER EVER SAY STUFF LIKE THAT JUST JOKING AROUD OR NOT

well i think you should disconnect or turn off your MODEM the shabang

Then get on another device with net and find out how to SECURE a linux machine

I probably should too um and install wireshark

Btw i really think your friend may have pissed off a few people

I have an idea --- let them connect

Open Libre office Writer and tell them it was 'the other guy/ga/' and SINCERELY appologize to them and try to explain that you were not being serious---- and DO NOT let it happen again

Btw i think this is the best way i mean just say sorry and i think they will be ok
anonymous
2012-09-15 06:51:48 UTC
The NSA monitors all internet traffic and easily has the technology to pick up on that comment very quickly. Obviously this is something they look for. They are probably reading this.



If Im right, and this was the NSA, then they were probably only investigating to see if it might be a credible threat. You may get a visit, maybe not.



However, if it wasnt a Government agency doing an investigation, I would do a secure wipe of your hard drive, change all passwords, ect.
anonymous
2012-09-15 07:22:52 UTC
These are well known servers for robots and spamming etc. It is probably found you from a link via Facebook. Were you and your friend playing anything or using any apps within Facebook? If so it was probably able to follow you back home. Once they have found a way in they will report back and others will come to exploit the hole. It is not necessarily anything sinister but you should review your security settings.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...