Was my pc hacked? (am I a slave?)
by 0loxw0qk from LinuxQuestions.org on (#4H7CW)
Hi there,
I'm new to Ubuntu and using Ubuntu 18.04 on my PC.
Few days back, I noticed a text file named "pwn3d.txt" on my home folder. The text inside the file was : "You are (fully) pwn3d due to a homobraphic error on your software dependencies"
I didn't notice any unusual activity and my accounts weren't hacked. Also, I don't remember installing any suspicious soft wares or running any unauthorized scripts.
But still, I got panicked and reinstalled my Ubuntu (I still have windows installed) Today I tried to dug into the logs to see if I can find any suspicious behavior, and I think I found few:
My firewall (UFW) is blocking tons of stuff:
https://i.stack.imgur.com/zLs4M.png - screen shot for few examples
I have --slave commands, few examples from alternative.logs:
update-alternatives 2019-02-10 00:12:25: run with --quiet --install /usr/bin/awk awk /usr/bin/mawk 5 --slave /usr/share/man/man1/awk.1.gz awk.1.gz /usr/share/man/man1/mawk.1.gz --slave /usr/bin/nawk nawk /usr/bin/mawk --slave /usr/share/man/man1/nawk.1.gz nawk.1.gz /usr/share/man/man1/mawk.1.gz
update-alternatives 2019-06-14 10:38:23: run with --install /usr/bin/c++ c++ /usr/bin/g++ 20 --slave /usr/share/man/man1/c++.1.gz c++.1.gz /usr/share/man/man1/g++.1.gz
update-alternatives 2019-06-09 13:34:33: run with --quiet --install /usr/bin/c99 c99 /usr/bin/c99-gcc 20 --slave /usr/share/man/man1/c99.1.gz c99.1.gz /usr/share/man/man1/c99-gcc.1.gz
when i ran the following command: cat /etc/passwd|grep '/bin/bash' I got the following result alongside with my own username:
root:x:0:0:root:/root:/bin/bash
Any suggestions? am I under attack? should I format my computer? Is there any danger for other devices on my network (laptops, router, streamers)?
Please help me.
I'm new to Ubuntu and using Ubuntu 18.04 on my PC.
Few days back, I noticed a text file named "pwn3d.txt" on my home folder. The text inside the file was : "You are (fully) pwn3d due to a homobraphic error on your software dependencies"
I didn't notice any unusual activity and my accounts weren't hacked. Also, I don't remember installing any suspicious soft wares or running any unauthorized scripts.
But still, I got panicked and reinstalled my Ubuntu (I still have windows installed) Today I tried to dug into the logs to see if I can find any suspicious behavior, and I think I found few:
My firewall (UFW) is blocking tons of stuff:
https://i.stack.imgur.com/zLs4M.png - screen shot for few examples
I have --slave commands, few examples from alternative.logs:
update-alternatives 2019-02-10 00:12:25: run with --quiet --install /usr/bin/awk awk /usr/bin/mawk 5 --slave /usr/share/man/man1/awk.1.gz awk.1.gz /usr/share/man/man1/mawk.1.gz --slave /usr/bin/nawk nawk /usr/bin/mawk --slave /usr/share/man/man1/nawk.1.gz nawk.1.gz /usr/share/man/man1/mawk.1.gz
update-alternatives 2019-06-14 10:38:23: run with --install /usr/bin/c++ c++ /usr/bin/g++ 20 --slave /usr/share/man/man1/c++.1.gz c++.1.gz /usr/share/man/man1/g++.1.gz
update-alternatives 2019-06-09 13:34:33: run with --quiet --install /usr/bin/c99 c99 /usr/bin/c99-gcc 20 --slave /usr/share/man/man1/c99.1.gz c99.1.gz /usr/share/man/man1/c99-gcc.1.gz
when i ran the following command: cat /etc/passwd|grep '/bin/bash' I got the following result alongside with my own username:
root:x:0:0:root:/root:/bin/bash
Any suggestions? am I under attack? should I format my computer? Is there any danger for other devices on my network (laptops, router, streamers)?
Please help me.