Hacked? Or just being paranoid..

Ask questions regarding Gentoox, Gentoo and Linux in general in these forums and we'll do our best to help you!
Post Reply
zlasher
Adept
Posts: 63
Joined: Mon Jan 30, 2006 10:38 am
Location: Norway
Contact:

Hacked? Or just being paranoid..

Post by zlasher »

Hi guys..

I woke up this morning to a noisy xbox.. :cry:

It was running at 100% cpu..

As i connected to it, it noticed nothing "really bad" happening.. There was a whole bunch of sshd instances - but noone else but me was connected. I checked the syslog - and only thing that has happened is some fool connecting to my ftp (proftpd) just before midnight..

Nov 26 23:57:44 xbox proftpd[4916]: xbox (70.246.185.78[70.246.185.78]) - FTP session opened.
Nov 26 23:57:47 xbox proftpd[4916]: xbox (70.246.185.78[70.246.185.78]) - FTP session closed.

After that there isn't anything more in my syslog until I rebooted the server at 0800.

I've stopped proftpd, and changed the root password, but the strange thing is that it seems (at least in mrtg) that the high CPU started just before I got up (and checked the box). (http://xboxlinux.mine.nu/mrtg) (the high CPU and network traffic last night is MY "fault").

I'm running a virus scan as we speak, but as the server is still running Pro 3.0, I'm going to upgrade instead of all this worrying..

Thank god all my data is located elswhere :lol:

Anyone ever seen anything like this? - Anything to worry about (when reinstalling)..?

Steinar T
Xbox v1.1, Xtender, Xecuter 3CE
Gentoox Pro 4.1 native
http://xboxlinux.mine.nu
ShALLaX
Site Admin
Posts: 1973
Joined: Sun Aug 10, 2003 9:25 pm
Location: England
Contact:

Post by ShALLaX »

Those entries in syslog could be the result of someone portscanning you.
The original Xbox adaptation of Gentoo
zlasher
Adept
Posts: 63
Joined: Mon Jan 30, 2006 10:38 am
Location: Norway
Contact:

Post by zlasher »

I've calmed down a bit since this morning :lol:
And sort of realised I will upgrade to Pro 4.1 before turning paranoid again..

The xbox has been acting as it should since this "incident" and I can't spot anything else in the logs.

I'm behind a firewall, and "someone" accessing my ftp ports (through portscan, or just "blond luck" isn't really unexpected). I'm keeping my eye on other services (not available from the web).

But just to stay on the safe side, I'll be upgrading to Pro 4.1 soon!

Steinar T
Xbox v1.1, Xtender, Xecuter 3CE
Gentoox Pro 4.1 native
http://xboxlinux.mine.nu
Post Reply