Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

spyware cleaner

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
Guest

spyware cleaner

#1 Post by Guest »

hi!

Need tips on how to search for spyware on my Debian.

Any nice application for that?
Top
anon

#2 Post by anon »

chkrootkit
(I was going to say something funny here)
Top
Lavene
Site admin
Site admin
Posts: 4958
Joined: 2006-01-04 04:26
Location: Oslo, Norway

#3 Post by Lavene »

For good measure; install rkhunter too...

What kind og "spyware" problem do you have by the way?

Tina
Top
Guest

#4 Post by Guest »

Many Thanks for your tips!

I manage to install chkrootkit.
Run chkrootkit and found nothing. (that's good)

Try to:
apt-get install rkhunter
No luck (that's not good)

What kind of spyware ..
I don't know. It's difficult to know what spy’s are doing..

Some days ago, I have a lot off SYN_RCVD in my firewall log. Coming . from IP 61.58.41.89. And a lot off CONNECT to port 25 in my Apache log. I blocked out thus nice Taiwan boys (or maybe “dejlige” girls). Then I looked at my machine I asked myself –have they installed something? Hard to answer that question!

Maybe try to find something to check it -or am I only very paranoid…
Top
Lavene
Site admin
Site admin
Posts: 4958
Joined: 2006-01-04 04:26
Location: Oslo, Norway

#5 Post by Lavene »

Anonymous wrote:Try to:
apt-get install rkhunter
No luck (that's not good)
That's strange:
# apt-cache search --names-only rkhunter
rkhunter - rootkit, backdoor, sniffer and exploit scanner
What branch of Debian are you using (stable, testing or unstable)? What error message do you get?

Tina :)
Top
User avatar
Mr_Goth
Posts: 37
Joined: 2005-11-07 15:17
Location: Bronx, New York

Great!!

#6 Post by Mr_Goth »

I'm loving these programs!! I feel much safer now scanning my system with these programs :) Thanks!!!
...."Have you mooed today?"...
Top
Guest

#7 Post by Guest »

What branch of Debian are you using (stable, testing or unstable)? What error message do you get?
I'm using stable

LinuS:~#
LinuS:~# apt-cache search --names-only rkhunter
LinuS:~#
LinuS:~#
no rkhunter hit for me..
Top
User avatar
kink
Debian Developer, Site Admin
Debian Developer, Site Admin
Posts: 248
Joined: 2006-01-02 16:47
Location: Utrecht, The Netherlands
Been thanked: 1 time

#8 Post by kink »

A tool like chkrootkit is not really a solution, just an extra helper to detect problems with "dumb" hackers (because anyone with root can easily manipulate chkrootkit itself). With good system security, you need not to worry about "spyware". Only installing packages from the official Debian archive is a good start, and update your system regularly from the security archives.

There's a number of documents telling you how to further secure your system, google around for it.
Top
Lavene
Site admin
Site admin
Posts: 4958
Joined: 2006-01-04 04:26
Location: Oslo, Norway

#9 Post by Lavene »

I agree with you kink, but they do offer some peace of mind in a moment of panic if you feel your system is behaving strangely. And chkrootkit also states that fact in it's description. And unless you are a 'dumb user' it's the 'dumb hackers' that, by sheer numbers, are the largets threat... People doing shot-gun attacks (can you say that in english?) on a random list of ip adresses hoping to get some lucky hits with brute force attempts with ssh logins etc.

A determined hacker is a whole different story though, but rarely something the 'average user' will have to fear...

But as always; the best security is acheved mostly by using your head.

Tina :)
Top
Carlosinfl
Posts: 889
Joined: 2005-02-05 06:11
Location: Orlando, FL

#10 Post by Carlosinfl »

I never knew it was even possible to get spyware on a Linux system. Is this a known issue?
Top
Lavene
Site admin
Site admin
Posts: 4958
Joined: 2006-01-04 04:26
Location: Oslo, Norway

#11 Post by Lavene »

Carloswill wrote:I never knew it was even possible to get spyware on a Linux system. Is this a known issue?
It's not really "spyware" in the Windows meaning of the word. It's more malichious software known as root-kits. That is, someone manages to place some software with root priviliges. It's really not a big problem if you manage your system in a sound way. Like never installing software you don't know the origin of, never share your passwords etc. Plain common sense really...

But traditional spyware like dataminers etc known from Windows is not a Linux problem.

Tina
Top
Carlosinfl
Posts: 889
Joined: 2005-02-05 06:11
Location: Orlando, FL

#12 Post by Carlosinfl »

^

Thanks for the clarification!
Top
Guest

#13 Post by Guest »

Interesting...
I have, so fare, only Debian code on my machine (and update/upgrade regularly).
And my root password is pretty safe:
r-o-o-t-S866@&%%%FgtrYjkpl7g%mnHyt

I can’t find rkhunter - Debian version.
And maybe it doesn’t matter…
Think I also: apt-get remove chkrootkit

And go back to my normal life…

Something to do is maybe to take away things I don’t need
ex: mail, ssh, …
Top
Guest

#14 Post by Guest »

rkhunter isn't in the stable repostitories, only in testing & unstable.
Top
User avatar
saunatonttu
Posts: 50
Joined: 2006-02-28 19:01
Location: Finland

#15 Post by saunatonttu »

I'm not too much worried about my server being insecure, at least at the moment when it's still behind a firewall router, but I installed chkrootkit and it found:

eth0: PACKET SNIFFER(/usr/bin/dhcpd[1234])
eth1:0: PACKET SNIFFER(/sbin/dhclient[2345])
eth1: PACKET SNIFFER(/sbin/dhclient[2345])

A false alarm?
Top
User avatar
saunatonttu
Posts: 50
Joined: 2006-02-28 19:01
Location: Finland

#16 Post by saunatonttu »

saunatonttu wrote:A false alarm?
Yep.
http://linux.derkeiler.com/Mailing-List ... /3413.html
Top
Post Reply

Return to “General Questions”