Re: [luv-beginners] Computer security questions
n 19/12/19 10:48 am, Piers Rowan via luv-beginners wrote:
On 19/12/19 9:43 am, Piers Rowan wrote:
Very likely they are and have been.I have strong evidence of this such as the following -
- computer slow during startup,shutdown and general operation compared to just after a fresh install
,I can tell because the fastest computer I normally use is a dual core and have found these run quicker than hacked
quad and 6 core computers for many /most applications when dual core not hacked.
How old it the computer? If you have dust in CPU fan then it will overheat and throttle the CPU so it doesn't overheat. (I just re-lifed a PC yesterdau for this reason).
My computers are 10-20 years old and not overheating except for maybe 1 or 2 out of 20-30 computers.
- After visiting dodgy websites that create dozens of connections to residential computers with Firefox,
Multiple connections are standard fare for advert laden sites.
software updates no longer work and a change of password stops linux Mint from starting up at all.
That is strange.
A check shows almost every file has had its permissions changed.
- When apparently hacked ,some of my data (such as old important looking photos) has mysteriously gone missing.
- Firefox stops working with many websites when apparently hacked and slows down dramatically.
- excessive hard drive activity after I visit some websites,like a search is going on.
- Once I found the "find" command running on one of my computers using the command htop.It was taking a large chunk of CPU usage.I never started the "find" command and it was running constantly.
OK I'm guessing the HDD could be the issue - bad sectors would cause this behavior.
Is it an old disk or a new SSD?
I'm getting mostly the same thing on multiple computers (more than 10),they do have old hard (disk) drives.(5-15 years old) The above trouble has 90% gone after using my custom software to "stop the hacking".It's an interesting suggestion and although I very much doubt it is the cause, I can't definitively say that it's not.So I'll make a point of checking my hard drives.
Thanks.
Thanks
_______________________________________________ luv-beginners mailing list luv-beginners@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-beginners
On Thu, 19 Dec 2019 at 11:24, Peter Wolf via luv-beginners < luv-beginners@luv.asn.au> wrote:
My computers are 10-20 years old and not overheating except for maybe 1 or 2 out of 20-30 computers.
- After visiting dodgy websites that create dozens of connections to residential computers with Firefox,
I'm getting mostly the same thing on multiple computers (more than 10),they do have old hard (disk) drives.(5-15 years old) The above trouble has 90% gone after using my custom software to "stop the hacking".It's an interesting suggestion and although I very much doubt it is the cause, I can't definitively say that it's not.So I'll make a point of checking my hard drives.
These are the most telling statements. 10 to 20 year old computers are likely to struggle to efficiently run the latest version of Mint with its v4+ (?) kernel. 5 - 15 year old disks will be well used by now and very likely to be carrying bad sectors. It is likely that the OS has detected this and is starting in a read-only mode explaining things like the permission issues you are seeing and the apparent data loss i.e. it's not getting stored in the first place. This would also contribute to performance issues. Now to ease your concern about Mint's default security, I installed a fresh version into a virtual machine, did the base level updates, then installed nmap (a network port scanning tool) and scanned the local host thus... --------------------------------------------------- tfeccles@mint-mate-vm:~$ sudo nmap -sS localhost Starting Nmap 7.60 ( https://nmap.org ) at 2019-12-19 12:16 AEDT Nmap scan report for localhost (127.0.0.1) Host is up (0.0000060s latency). Not shown: 999 closed ports PORT STATE SERVICE 631/tcp open ipp Nmap done: 1 IP address (1 host up) scanned in 1.62 seconds -------------------------------------------------- As you can see, the only port open is the CUPS printer port. I enabled the firewall via the control centre, activating the Home profile, re-scanned and got the same results. Unless you've tinkered in some way to weaken the OS and browsers, I'd say, with a close up hands-on look, most of your issues are hardware related. -- Colin Fee tfeccles@gmail.com
On 19/12/19 12:56 pm, Colin Fee via luv-beginners wrote:
On Thu, 19 Dec 2019 at 11:24, Peter Wolf via luv-beginners <luv-beginners@luv.asn.au <mailto:luv-beginners@luv.asn.au>> wrote:
My computers are 10-20 years old and not overheating except for maybe 1 or 2 out of 20-30 computers.
- After visiting dodgy websites that create dozens of connections to residential computers with Firefox,
I'm getting mostly the same thing on multiple computers (more than 10),they do have old hard (disk) drives.(5-15 years old) The above trouble has 90% gone after using my custom software to "stop the hacking".It's an interesting suggestion and although I very much doubt it is the cause, I can't definitively say that it's not.So I'll make a point of checking my hard drives.
These are the most telling statements.
10 to 20 year old computers are likely to struggle to efficiently run the latest version of Mint with its v4+ (?) kernel.
5 - 15 year old disks will be well used by now and very likely to be carrying bad sectors. It is likely that the OS has detected this and is starting in a read-only mode explaining things like the permission issues you are seeing and the apparent data loss i.e. it's not getting stored in the first place. This would also contribute to performance issues.
Now to ease your concern about Mint's default security, I installed a fresh version into a virtual machine, did the base level updates, then installed nmap (a network port scanning tool) and scanned the local host thus...
--------------------------------------------------- tfeccles@mint-mate-vm:~$ sudo nmap -sS localhost
Starting Nmap 7.60 ( https://nmap.org ) at 2019-12-19 12:16 AEDT Nmap scan report for localhost (127.0.0.1) Host is up (0.0000060s latency). Not shown: 999 closed ports PORT STATE SERVICE 631/tcp open ipp
Nmap done: 1 IP address (1 host up) scanned in 1.62 seconds --------------------------------------------------
As you can see, the only port open is the CUPS printer port.
I enabled the firewall via the control centre, activating the Home profile, re-scanned and got the same results.
Unless you've tinkered in some way to weaken the OS and browsers, I'd say, with a close up hands-on look, most of your issues are hardware related.
Thanks for that, If you or anyone else wants to test what I have been writing about ,do the following. - Install Linux Mint 19 with default settings on your modern computer. - Use firefox to visit the following website - https://www.idnes.cz/ (It's in google), and click a few of the links.Spend about 30 minutes on there.I know I wrote hacking occurs in a few minutes but lets give them a very good chance. - Repeat a few times. - Then check if the next software update works. - If there are no symptoms of hacking then I'll consider myself totally wrong. Thanks and good luck. regards Peter
-- Colin Fee tfeccles@gmail.com <mailto:tfeccles@gmail.com>
_______________________________________________ luv-beginners mailing list luv-beginners@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-beginners
Hi Peter Thanks for that, If you or anyone else wants to test what I have been writing about ,do the following. - Install Linux Mint 19 with default settings on your modern computer. - Use firefox to visit the following website - https://www.idnes.cz/ (It's in google), and click a few of the links.Spend about 30 minutes on there.I know I wrote hacking occurs in a few minutes but lets give them a very good chance. - Repeat a few times. - Then check if the next software update works. - If there are no symptoms of hacking then I'll consider myself totally wrong. Thanks and good luck. regards Peter It may also be worth installing the "noscript" addon into Firefox. It makes websites a bit more fiddly to work with, but can keep a lot of the bad stuff at arms length. You get to choose what "features" <cough!> of the plethora of analytics, tracking and other addware site and affiliates that infest the majority of websites are alowed to run. Unfortunately if the site makes use of javascript, popups and popunders can still be launched. (Just because I'm paranoid, it doesn't mean they are not out to get me!) Regards, Morrie.
Morrie Wyatt via luv-beginners wrote:
It may also be worth installing the "noscript" addon into Firefox. It makes websites a bit more fiddly to work with, but can keep a lot of the bad stuff at arms length.
I recommend *all* of these: $ aptitude search '?installed ?name(webext)' i webext-https-everywhere - Extension to force the use of HTTPS on many sites i webext-noscript - permissions manager for Firefox i webext-privacy-badger - Privacy Badger automatically learns to block invisible trackers i webext-ublock-origin - general-purpose lightweight ads, malware, trackers blocker (Web Extens i webext-umatrix - browser plugin to block requests and reduce data leakage I also agree with Colin Fee's post that the problem is not "I got hacked", it's "I'm trying to run Firefox on a 15-year-old computer". All mainstream browsers are shit and won't work properly on systems with (for example) <4GB RAM. Sorry, that's just how the world is. You can build a brand-new system from $300[*], and cheaper second-hand. If that's still too much, try https://www.computerbank.org.au/ [*] For example, A$210 GIGABYTEGB-BLCE-4105R (case, mainboard, cpu, psu) A$50 8GB DDR4 2400MHz SO-DIMM (RAM) A$33 128GB WDS120G2G0B (disk) If your computer monitor is 15 years old, it might only have DVI (no HDMI or DP), so let's throw in an adapter for A$3. A$296 TOTAL
On 2019-12-19 16:03, Morrie Wyatt via luv-beginners wrote:
Hi Peter
Thanks for that,
If you or anyone else wants to test what I have been writing about ,do the following.
- Install Linux Mint 19 with default settings on your modern computer.
- Use firefox to visit the following website - https://www.idnes.cz/ (It's in google), and click a few of the links.Spend about 30 minutes on there.I know I wrote hacking occurs in a few minutes but lets give them a very good chance.
- Repeat a few times.
- Then check if the next software update works.
- If there are no symptoms of hacking then I'll consider myself totally wrong.
Thanks and good luck.
regards Peter
It may also be worth installing the "noscript" addon into Firefox. It makes websites a bit more fiddly to work with, but can keep a lot of the bad stuff at arms length.
You get to choose what "features" <cough!> of the plethora of analytics, tracking and other addware site and affiliates that infest the majority of websites are alowed to run.
Unfortunately if the site makes use of javascript, popups and popunders can still be launched.
(Just because I'm paranoid, it doesn't mean they are not out to get me!)
Regards,
Morrie. _______________________________________________ luv-beginners mailing list luv-beginners@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-beginners
Hi I went to the site with a fresh 18.04.3 xubuntu install (don't have mint laying around). IMHO xubuntu probably better suited to older machines. Used firefox clicked on links followed mainly dakar hockey and mma links - no pop ups no hacking. Still have site open while I type this. Have attempted updates and they work fine. stayed on site for over 30 min. How do you connect to the internet ? Are you behind NAT ? Are you passing any ports through your internet router to your machine / other machines on network ? Do you have a static / dynamic IP address ? Did you get the install media - from reliable source with checksum ? How many machines on your network ? If more than one have you checked them all for root kits / virus ? Also try with a live CD made from your install media - does it have the same problem ? Try downloading (on a clean machine) media that you trust and can checksum - run this as live CD and see if it has the same problem. What DNS do you use (possible DNS poisoning) ? (try using firefox dns over https) Are you setting good passwords ? As people have stated it may be dodgy hardware, using a live CD to test the site would bypass a dodgy hdd. I understand that this can be frustrating but in general linux is pretty secure out of the box, hacks usually occur due to opening of ports followed by bad passwords. Stephen
participants (5)
-
Colin Fee -
Morrie Wyatt -
Peter Wolf -
stephen_luv@alienconcept.com.au -
Trent W. Buck