Debian User Forums

...except http(s)

They can change my user password from outside (incoming) with maybe they retrieved by CCTV camera's, or have hacked it with password crackers (but then they cracked a 20 characters strong password within a couple of hours)

what ?

pawRoot wrote:what ?

what do you not understand?

Isn't a rootkit a more likely source for your problem?

Or not enough blue pills...

Head_on_a_Stick wrote:Isn't a rootkit a more likely source for your problem?

Or not enough blue pills...

OK! they could have retrieved the password that way (key logger going out) maybe, but then again how can they come in, and change this password, when all incoming is blocked (except http and https)??? or is a rootkit in the BIOS some kind of back door for the firewall???

Define "they."
Explain how you know they did all the things you claim they "can" do.
Or is this another paranoia thread, like your first -- and only other -- thread on this forum?
http://forums.debian.net/viewtopic.php? ... 6&p=603025

Don't know that I can take this seriously, Who are "they" ? , There are some experts, that can actually access your PC even when it is shut down, not running, via you Intel ME, and the micro kernel it has, using the minix 3 server embedded in it.
I need to know, who "they" are , so I can tell them to stop messing with your passwords, that is not nice.

From "them": ( do some search foo for details).

MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings.

And, for even more fun, it "can implement self-modifying code that can persist across power cycles". So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.

How? MINIX can do all this because it runs at a fundamentally lower level.

====================
More Minix screen shots

There is probably malware on your computer, of the remote access type. If I am right, then the question is "How did it get on there?"

Are you using pure Debian or a derivative?
Are you installing software from other places besides the official Debian repositories?

Phil

xenon wrote:...except http(s)

... Which may well be a security hole one can drive a bus through, depending on how the server listening on those ports is configured.

If you have a legitimate security concern, provide some details - starting with iptables rules and listening services.
Have you done any investigation into how this box was compromised, or is this "WARNING" thread simply an attempt to scare people?

The "they" you speak of certainly cannot pass what does not exist, so either this "UFW" thing isn't doing what you think it is, or you have some poorly protected webserver running.
Or you have a rootkit. 'man netstat', 'man rkhunter' and 'man debsums' would be valid places to start.