Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
spyware cleaner
spyware cleaner
hi!
Need tips on how to search for spyware on my Debian.
Any nice application for that?
Need tips on how to search for spyware on my Debian.
Any nice application for that?
Many Thanks for your tips!
I manage to install chkrootkit.
Run chkrootkit and found nothing. (that's good)
Try to:
apt-get install rkhunter
No luck (that's not good)
What kind of spyware ..
I don't know. It's difficult to know what spy’s are doing..
Some days ago, I have a lot off SYN_RCVD in my firewall log. Coming . from IP 61.58.41.89. And a lot off CONNECT to port 25 in my Apache log. I blocked out thus nice Taiwan boys (or maybe “dejlige” girls). Then I looked at my machine I asked myself –have they installed something? Hard to answer that question!
Maybe try to find something to check it -or am I only very paranoid…
I manage to install chkrootkit.
Run chkrootkit and found nothing. (that's good)
Try to:
apt-get install rkhunter
No luck (that's not good)
What kind of spyware ..
I don't know. It's difficult to know what spy’s are doing..
Some days ago, I have a lot off SYN_RCVD in my firewall log. Coming . from IP 61.58.41.89. And a lot off CONNECT to port 25 in my Apache log. I blocked out thus nice Taiwan boys (or maybe “dejlige” girls). Then I looked at my machine I asked myself –have they installed something? Hard to answer that question!
Maybe try to find something to check it -or am I only very paranoid…
- kink
- Debian Developer, Site Admin
- Posts: 248
- Joined: 2006-01-02 16:47
- Location: Utrecht, The Netherlands
- Been thanked: 1 time
A tool like chkrootkit is not really a solution, just an extra helper to detect problems with "dumb" hackers (because anyone with root can easily manipulate chkrootkit itself). With good system security, you need not to worry about "spyware". Only installing packages from the official Debian archive is a good start, and update your system regularly from the security archives.
There's a number of documents telling you how to further secure your system, google around for it.
There's a number of documents telling you how to further secure your system, google around for it.
I agree with you kink, but they do offer some peace of mind in a moment of panic if you feel your system is behaving strangely. And chkrootkit also states that fact in it's description. And unless you are a 'dumb user' it's the 'dumb hackers' that, by sheer numbers, are the largets threat... People doing shot-gun attacks (can you say that in english?) on a random list of ip adresses hoping to get some lucky hits with brute force attempts with ssh logins etc.
A determined hacker is a whole different story though, but rarely something the 'average user' will have to fear...
But as always; the best security is acheved mostly by using your head.
Tina
A determined hacker is a whole different story though, but rarely something the 'average user' will have to fear...
But as always; the best security is acheved mostly by using your head.
Tina
-
- Posts: 889
- Joined: 2005-02-05 06:11
- Location: Orlando, FL
It's not really "spyware" in the Windows meaning of the word. It's more malichious software known as root-kits. That is, someone manages to place some software with root priviliges. It's really not a big problem if you manage your system in a sound way. Like never installing software you don't know the origin of, never share your passwords etc. Plain common sense really...Carloswill wrote:I never knew it was even possible to get spyware on a Linux system. Is this a known issue?
But traditional spyware like dataminers etc known from Windows is not a Linux problem.
Tina
-
- Posts: 889
- Joined: 2005-02-05 06:11
- Location: Orlando, FL
Interesting...
I have, so fare, only Debian code on my machine (and update/upgrade regularly).
And my root password is pretty safe:
r-o-o-t-S866@&%%%FgtrYjkpl7g%mnHyt
I can’t find rkhunter - Debian version.
And maybe it doesn’t matter…
Think I also: apt-get remove chkrootkit
And go back to my normal life…
Something to do is maybe to take away things I don’t need
ex: mail, ssh, …
I have, so fare, only Debian code on my machine (and update/upgrade regularly).
And my root password is pretty safe:
r-o-o-t-S866@&%%%FgtrYjkpl7g%mnHyt
I can’t find rkhunter - Debian version.
And maybe it doesn’t matter…
Think I also: apt-get remove chkrootkit
And go back to my normal life…
Something to do is maybe to take away things I don’t need
ex: mail, ssh, …
- saunatonttu
- Posts: 50
- Joined: 2006-02-28 19:01
- Location: Finland
I'm not too much worried about my server being insecure, at least at the moment when it's still behind a firewall router, but I installed chkrootkit and it found:
eth0: PACKET SNIFFER(/usr/bin/dhcpd[1234])
eth1:0: PACKET SNIFFER(/sbin/dhclient[2345])
eth1: PACKET SNIFFER(/sbin/dhclient[2345])
A false alarm?
eth0: PACKET SNIFFER(/usr/bin/dhcpd[1234])
eth1:0: PACKET SNIFFER(/sbin/dhclient[2345])
eth1: PACKET SNIFFER(/sbin/dhclient[2345])
A false alarm?
- saunatonttu
- Posts: 50
- Joined: 2006-02-28 19:01
- Location: Finland