Timeline for I was hacked? (am I a slave?)
Current License: CC BY-SA 4.0
6 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
Jun 14, 2019 at 23:40 | comment | added | Doug Smythies | For the other log entries, we can not tell because the lines are chopped. My guess is that they are O.k. as well. Note you will observe this stuff constantly on any external (WAN) facing device. Also UFW is extremely annoying because it uses one generic "UFW BLOCK" log prefix for all of its blocks. It should use a unique log prefix for every log entry so that the users knows the log branch it took from the resulting iptables rule set. | |
Jun 14, 2019 at 23:03 | comment | added | Byte Commander♦ | Those cron entries would appear on a normal machine too, so they are not an indicator neither for nor against any external intrusions. Don't know about the pihole. | |
Jun 14, 2019 at 22:33 | comment | added | eq3wv1rk | Thanks. I have pihole configured as my DNS, could it cause all the remaining log entries? also, I locked my computer now for an hour to see what happens, and I have noticed the following log entries (which have been logged after I locked the computer): pam_unix(cron:session): session opened for user root by (uid=0), pam_unix(cron:session): session closed for user root, are there any suspicious? | |
Jun 14, 2019 at 21:30 | comment | added | Byte Commander♦ |
Most likely, your current system (after your recent reinstall) is fine. Your points 2 and 3 are completely normal and would not have any connection to malicious activity, because these things you investigated there are absolutely unrelated. About the firewall logs, those with DST=224.0.0.251 are not suspicious either, that looks like just your router sending multicast DNS probes. Can't say anything about the remaining log entries though.
|
|
Jun 14, 2019 at 21:19 | history | edited | guntbert | CC BY-SA 4.0 |
formatting
|
Jun 14, 2019 at 21:12 | history | asked | eq3wv1rk | CC BY-SA 4.0 |