How to avoid hacking under linux?

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read this

How to avoid hacking under linux?

Postby jesse.zwd on Fri Mar 29, 2013 3:22 am

Hi, there

Under Linux Mint, some strange things happened on some computer, some PDF, MP4 files are changed to picture files, which were deleted from the recycle box before. the changed MP4 or PDF files still have the same file name and MP4 or PDF extention, and when you open those files with a video player, it is just a picture.

Is it hacked or something?

How to monitor these kinds of things under Linux and to be alerted when hacking is going on?


Thanks a lot in advance!
jesse.zwd
Level 1
Level 1
 
Posts: 10
Joined: Thu Dec 20, 2012 12:07 am

Linux Mint is funded by ads and donations.
 

Re: How to avoid hacking under linux?

Postby catweazel on Fri Mar 29, 2013 4:25 am

It's more than likely disk corruption. Start a terminal and post the output of this command:
Code: Select all
$ df -HT
Mint Testing Team & Mint Donor #3606
KDE 4.12.0, custom preemptive kernel 3.12.5,
Intel i7 4770K @ 4.7GHz, 16GB 2666MHz XMP,
4 Samsung 840 PRO 512GB SSDs in RAID0,
6TB HW RAID10, dual 24" Acer X243H,
Gigabyte nVidia GTX 680 Super Overclock
User avatar
catweazel
Level 7
Level 7
 
Posts: 1656
Joined: Fri Oct 12, 2012 9:44 pm

Re: How to avoid hacking under linux?

Postby jesse.zwd on Sat Mar 30, 2013 1:58 am

Thanks a lot! it is a kind of release if just a disk corruption.

The system has been re-installed, the following is the output of df -HT after re-installation:

文件系统 类型 容量 已用 可用 已用% 挂载点
/dev/sda1 ext4 318G 91G 212G 31% /
udev devtmpfs 1.1G 4.1k 1.1G 1% /dev
tmpfs tmpfs 422M 1.1M 421M 1% /run
none tmpfs 5.3M 0 5.3M 0% /run/lock
none tmpfs 1.1G 1.1M 1.1G 1% /run/shm
/home/xxx/.Private ecryptfs 318G 91G 212G 31% /home/xxx


what causes a disk corruption? Is there some hardware damage?
jesse.zwd
Level 1
Level 1
 
Posts: 10
Joined: Thu Dec 20, 2012 12:07 am

Re: How to avoid hacking under linux?

Postby catweazel on Sat Mar 30, 2013 4:19 am

jesse.zwd wrote:文件系统 类型 容量 已用 可用 已用% 挂载点

Is that normal on your system?

The rest looks fine.
what causes a disk corruption?

It could be caused by almost anything from power spikes to cosmic rays blasting down from the heavens through to the hard drive simply dying of old age.
Is there some hardware damage?

To the hard disk, perhaps. I'd recommend installing smartmon tools and learning how to use them.

Cheers.
Mint Testing Team & Mint Donor #3606
KDE 4.12.0, custom preemptive kernel 3.12.5,
Intel i7 4770K @ 4.7GHz, 16GB 2666MHz XMP,
4 Samsung 840 PRO 512GB SSDs in RAID0,
6TB HW RAID10, dual 24" Acer X243H,
Gigabyte nVidia GTX 680 Super Overclock
User avatar
catweazel
Level 7
Level 7
 
Posts: 1656
Joined: Fri Oct 12, 2012 9:44 pm

Re: How to avoid hacking under linux?

Postby homerscousin on Sat Mar 30, 2013 5:38 pm

I'm not sure what is going on here. This is troubling: "some PDF, MP4 files are changed to picture files, which were deleted from the recycle box before". Are you saying you deleted these files or deleted and then tried to restore them? And now they don't work? Maybe the 'picture' you see is just the thumbnail that your file manager created for that file?

I think 0% chance of hacking, 1% chance of disk corruption and 99% chance it has something to do with deleting, restoring or moving files incorrectly. Please explain what you did in detail.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
homerscousin
Level 5
Level 5
 
Posts: 541
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Re: How to avoid hacking under linux?

Postby catweazel on Sat Mar 30, 2013 6:12 pm

homerscousin wrote:99% chance it has something to do with deleting, restoring or moving files incorrectly. Please explain what you did in detail.

Perhaps it's better if you first explain how files can be deleted, restored or moved incorrectly.
Mint Testing Team & Mint Donor #3606
KDE 4.12.0, custom preemptive kernel 3.12.5,
Intel i7 4770K @ 4.7GHz, 16GB 2666MHz XMP,
4 Samsung 840 PRO 512GB SSDs in RAID0,
6TB HW RAID10, dual 24" Acer X243H,
Gigabyte nVidia GTX 680 Super Overclock
User avatar
catweazel
Level 7
Level 7
 
Posts: 1656
Joined: Fri Oct 12, 2012 9:44 pm

Re: How to avoid hacking under linux?

Postby jesse.zwd on Sun Mar 31, 2013 2:16 am

It was very strange indeed, I just deleted and moved the pictures and I never tried to restore them, why are MP4 and PDF files changed to those pictures? these pictures are not good as those before, pixes are lower.

Any way, thanks a lot for your help.
jesse.zwd
Level 1
Level 1
 
Posts: 10
Joined: Thu Dec 20, 2012 12:07 am

Re: How to avoid hacking under linux?

Postby homerscousin on Tue Apr 02, 2013 6:02 pm

Perhaps it's better if you first explain how files can be deleted, restored or moved incorrectly.


Aw, give me a break. I'm not smart enough to know that.

I'll say this. When I first started running Mint 13 Cinnamon last year, my first Linux ever, I was cleaning my hdd one day. Deleting and moving files to new folder etc. In Windows xp I would always hold down the ctrl key, highlight multiple files, then delete or move a bunch at once. I did the same in whatever the Cinnamon file manager was. I got error messages similar to : the file already exists, do you want to overwrite? This was last year. I don't remember exactly. Maybe the ctrl key doesn't work exactly as in Windows. I quit highlighting multiple files and did one at a time. That worked.

EDIT: Now that I have had a minue to recall, here is what was happening. I was moving all the .pdf files from my downloads folder to a new pdf folder. If I saw 3 in a row I'd highlight those 3 then right click and move to new folder. That was OK. Scroll down a bit and see 5 in a row. Highlight those 5 and do the same. That's when I got the error. The last of the 3 files moved prior was not purged and was included in the new 5, hence the do I want to overwrite it.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
homerscousin
Level 5
Level 5
 
Posts: 541
Joined: Fri May 25, 2012 2:43 pm
Location: Somewhere on planet Earth (mostly)

Linux Mint is funded by ads and donations.
 

Return to Other topics

Who is online

Users browsing this forum: textillis and 5 guests