Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

WARNING: they can pass UFW firewall incoming blocked...

Here you can discuss every aspect of Debian. Note: not for support requests!
Post Reply
Message
Author
xenon
Posts: 12
Joined: 2015-12-29 23:44

WARNING: they can pass UFW firewall incoming blocked...

#1 Post by xenon »

...except http(s)

They can change my user password from outside (incoming) with maybe they retrieved by CCTV camera's, or have hacked it with password crackers (but then they cracked a 20 characters strong password within a couple of hours)

User avatar
pawRoot
Posts: 603
Joined: 2016-12-28 18:26
Has thanked: 1 time
Been thanked: 1 time

Re: WARNING: they can pass UFW firewall incoming blocked...

#2 Post by pawRoot »

what ?

xenon
Posts: 12
Joined: 2015-12-29 23:44

Re: WARNING: they can pass UFW firewall incoming blocked...

#3 Post by xenon »

pawRoot wrote:what ?
what do you not understand?

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: WARNING: they can pass UFW firewall incoming blocked...

#4 Post by Head_on_a_Stick »

Isn't a rootkit a more likely source for your problem?

Or not enough blue pills... :mrgreen:
deadbang

xenon
Posts: 12
Joined: 2015-12-29 23:44

Re: WARNING: they can pass UFW firewall incoming blocked...

#5 Post by xenon »

Head_on_a_Stick wrote:Isn't a rootkit a more likely source for your problem?

Or not enough blue pills... :mrgreen:
OK! they could have retrieved the password that way (key logger going out) maybe, but then again how can they come in, and change this password, when all incoming is blocked (except http and https)??? or is a rootkit in the BIOS some kind of back door for the firewall???

n_hologram
Posts: 459
Joined: 2013-06-16 00:10

Re: WARNING: they can pass UFW firewall incoming blocked...

#6 Post by n_hologram »

Define "they."
Explain how you know they did all the things you claim they "can" do.
Or is this another paranoia thread, like your first -- and only other -- thread on this forum?
http://forums.debian.net/viewtopic.php? ... 6&p=603025
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
the crunkbong project: scripts, operating system, the list goes on...

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: WARNING: they can pass UFW firewall incoming blocked...

#7 Post by GarryRicketson »

Don't know that I can take this seriously, Who are "they" ? , There are some experts, that can actually access your PC even when it is shut down, not running, via you Intel ME, and the micro kernel it has, using the minix 3 server embedded in it.
I need to know, who "they" are , so I can tell them to stop messing with your passwords, that is not nice. :twisted: :mrgreen:

From "them": ( do some search foo for details).
MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings.

And, for even more fun, it "can implement self-modifying code that can persist across power cycles". So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.

How? MINIX can do all this because it runs at a fundamentally lower level.
Image
====================
More Minix screen shots

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: WARNING: they can pass UFW firewall incoming blocked...

#8 Post by pcalvert »

There is probably malware on your computer, of the remote access type. If I am right, then the question is "How did it get on there?"

Are you using pure Debian or a derivative?
Are you installing software from other places besides the official Debian repositories?

Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

steve_v
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1400
Joined: 2012-10-06 05:31
Location: /dev/chair
Has thanked: 79 times
Been thanked: 175 times

Re: WARNING: they can pass UFW firewall incoming blocked...

#9 Post by steve_v »

xenon wrote:...except http(s)
... Which may well be a security hole one can drive a bus through, depending on how the server listening on those ports is configured.

If you have a legitimate security concern, provide some details - starting with iptables rules and listening services.
Have you done any investigation into how this box was compromised, or is this "WARNING" thread simply an attempt to scare people?

The "they" you speak of certainly cannot pass what does not exist, so either this "UFW" thing isn't doing what you think it is, or you have some poorly protected webserver running.
Or you have a rootkit. 'man netstat', 'man rkhunter' and 'man debsums' would be valid places to start.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Post Reply