PHWinfo - Afficher un message - Urgent!!! My computer seems to be hacked, pls HELP!!!

13/09/2006, 17h38

Todd H. wrote:
> "Jenny" <ahajenny@gmail.com> writes:
> > Dear groups,
> >
> > My computer was told that it sent unusual packets from port 60609 to
> > some computer with IP 61.50.138.237 port 22. (more than 20 flows per
> > second!!!)
> >
> > I am running Fedora Core 5 plus "OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct
> > 2005", I use netstat to check services I open, only mysql, samba,
> > vsftp, ssh, http.
> >
> > I check /var/log, message and security. I can't find any successful
> > logging from others. But I do find many many attacks from 61.50.138.*
> > (not including the one 61.50.138.237 which my computer attacked!!!),
> > and none of them successes.
> >
> > I have some questions to ask all of you, please me!!!
> >
> > 1. is my computer hacked? if no, then why my computer sends packets
> > from port 60609 to some computer port 22 ?
>
> If neither you nor any authorized user to your knowledge is using the
> machine then this ssh connection to an IP in china is very likely a
> compromise.
>

do you mean that my computer is hacked???
well, is it possible that the computer is not hacked, but itself sends
packets to some other computer automatically?

sorry, i think i am asking stupid question, but this really confuses
me!

> > 2. if my computer is hacked, then what can I do? reinstalling the
> > system is the only way???
>
> Yup. It's the only way to get back to a known state. Wiping and
> reinstalling from original media.
>
> --
> Todd H.
> http://www.toddh.net/

13/09/2006, 17h38	#3
Jenny Messages: n/a Hébergeur:	Re: Urgent!!! My computer seems to be hacked, pls !!! Todd H. wrote: > "Jenny" <ahajenny@gmail.com> writes: > > Dear groups, > > > > My computer was told that it sent unusual packets from port 60609 to > > some computer with IP 61.50.138.237 port 22. (more than 20 flows per > > second!!!) > > > > I am running Fedora Core 5 plus "OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct > > 2005", I use netstat to check services I open, only mysql, samba, > > vsftp, ssh, http. > > > > I check /var/log, message and security. I can't find any successful > > logging from others. But I do find many many attacks from 61.50.138.* > > (not including the one 61.50.138.237 which my computer attacked!!!), > > and none of them successes. > > > > I have some questions to ask all of you, please me!!! > > > > 1. is my computer hacked? if no, then why my computer sends packets > > from port 60609 to some computer port 22 ? > > If neither you nor any authorized user to your knowledge is using the > machine then this ssh connection to an IP in china is very likely a > compromise. > do you mean that my computer is hacked??? well, is it possible that the computer is not hacked, but itself sends packets to some other computer automatically? sorry, i think i am asking stupid question, but this really confuses me! > > 2. if my computer is hacked, then what can I do? reinstalling the > > system is the only way??? > > Yup. It's the only way to get back to a known state. Wiping and > reinstalling from original media. > > -- > Todd H. > http://www.toddh.net/