Skip to main content

Timeline for I was hacked? (am I a slave?)

Current License: CC BY-SA 4.0

6 events
when toggle format what by license comment
Jun 14, 2019 at 23:40 comment added Doug Smythies For the other log entries, we can not tell because the lines are chopped. My guess is that they are O.k. as well. Note you will observe this stuff constantly on any external (WAN) facing device. Also UFW is extremely annoying because it uses one generic "UFW BLOCK" log prefix for all of its blocks. It should use a unique log prefix for every log entry so that the users knows the log branch it took from the resulting iptables rule set.
Jun 14, 2019 at 23:03 comment added Byte Commander Those cron entries would appear on a normal machine too, so they are not an indicator neither for nor against any external intrusions. Don't know about the pihole.
Jun 14, 2019 at 22:33 comment added eq3wv1rk Thanks. I have pihole configured as my DNS, could it cause all the remaining log entries? also, I locked my computer now for an hour to see what happens, and I have noticed the following log entries (which have been logged after I locked the computer): pam_unix(cron:session): session opened for user root by (uid=0), pam_unix(cron:session): session closed for user root, are there any suspicious?
Jun 14, 2019 at 21:30 comment added Byte Commander Most likely, your current system (after your recent reinstall) is fine. Your points 2 and 3 are completely normal and would not have any connection to malicious activity, because these things you investigated there are absolutely unrelated. About the firewall logs, those with DST=224.0.0.251 are not suspicious either, that looks like just your router sending multicast DNS probes. Can't say anything about the remaining log entries though.
Jun 14, 2019 at 21:19 history edited guntbert CC BY-SA 4.0
formatting
Jun 14, 2019 at 21:12 history asked eq3wv1rk CC BY-SA 4.0