Eleven sure signs you're under attack. Mass hacking of mailboxes: how to avoid getting into the hackers' password database Frequent appearance of pop-ups

Today hacker attacks It’s on everyone’s lips and everyone is worried about the security of their data. To prevent theft of passwords and other important information, you should pay attention to any changes in your computer.

We suggest checking the checklist of signs that your computer has been hacked. And if your fears are confirmed, we will tell you what to do.

1. Antivirus is disabled

If you have not disabled your antivirus program yourself, but notice that it is turned off, this is a sure sign that your computer has been hacked. It cannot turn off on its own. The first thing hackers do is get rid of your antivirus to make it easier to access your files.

2. Passwords don't work

If you haven't changed your passwords, but they suddenly stop working and you can't log into your accounts, it's time to be wary - most likely, your computer has been hacked.

3. The number of friends has increased sharply

4. New icons on the toolbar

When you open your browser and notice new icons in the toolbar, this may indicate that malicious code has infiltrated.

5. The cursor moves on its own

If you notice the mouse cursor moving on its own and highlighting something, this is a sure sign of a hack.

6. Unusual printer behavior

Signs of hacking affect not only the computer itself, but can also appear when working with the printer. For example, when it refuses to print or prints files that you did not send for printing.

7. Redirection to other sites

If your browser keeps redirecting you to other sites, it's time to be wary. The same thing happens if you enter a search query and no results appear. Google search or Yandex, and other pages. The frequent appearance of pop-up windows also indicates hacking.

8. Files were deleted without your participation

If you notice that some programs and files have been moved to the trash bin or deleted completely, but you did not do this, there is no doubt that your computer has been hacked.

9. There is your personal information on the Internet that you have not disclosed.

Check this with a search engine: look for information about yourself that you definitely haven’t disclosed online. If you were able to find it, it means your computer was hacked to steal information.

10. Fake antivirus messages

If windows pop up on your computer warning of a virus infection, but they look different than usual, this is a sign of hacking. You should also be wary if a new antivirus.

11. Unusual webcam behavior

Check your webcam: if its indicator light is blinking on its own, restart your computer and see if it continues to blink after 10 minutes. If the indicator light continues to blink, then your computer has been hacked.

12. The computer is very slow

If your computer takes too long to perform the simplest operations, and your Internet connection noticeably slows down, this may also be a sign of hacking.

What to do:

  • Warn your friends and recipients Email that you have been hacked. Tell them not to open messages from you or click on any links in them.
  • Notify your bank about a possible breach of your personal data. Find out from them how to protect your funds.
  • Remove all programs that are unfamiliar to you, as well as those that will not start.
  • Install a reliable antivirus and scan your system. Some companies release free versions.
  • Change passwords on all your accounts.
  • If you think the problem is not solved, contact a specialist

Unfortunately, hacking of pages on social networks is not uncommon. Moreover, attackers do not always change passwords and deprive you of access. Often they simply perform various actions on your behalf from time to time, for example, sending spam, and in some cases they simply monitor your correspondence, which is also not good. Therefore, it is extremely important to detect vulnerabilities in time and take action. Let's talk about this.

Browsing history

Large social networks have long created special sections for their members in which they store basic information about the devices from which you access the site. I recommend that you periodically review this data so that if anything happens you can take action.

What to look for?

First of all, on IP addresses and entry points.

Example. You have been in Tver all month, and another city, for example, London, has appeared among the connection points.

What actions should you take?

  1. Check the host file and machine for viruses.
  2. Change your passwords to more complex ones
  3. Notify the social network administration about the suspicious entry point.

Well, now I’ll tell you how to find your browsing history on different sites.

Classmates

To get into your browsing history in Odnoklassniki, you need to click on “ change settings"under the main photo of the page, then select " Browsing history».

I also advise you to pay attention to the link “ Logging out from other devices" Clicking on it is possible only when you opened Odnoklassniki on several computers, phones or tablets and at the same time forgot to correctly exit the social network (simply closed the browser window instead of clicking on the link “ Exit").

In contact with.

The history of visits on VKontakte is hidden in the “ Settings" Go to it and select the section “ Safety" Click on the link " Show activity history" This is where the information you are looking for is hidden. Please note that on the " Safety", you can also end all sessions (exit VKontakte) from all computers, tablets and phones with one click.

Facebook.

Click on the gears in the right corner and select “ Settings" Now on the left side menu you must select " Security" The information of interest is located after the heading “ Active sessions»

Google+

(as well as (Gmail) and other services from Google)

Yandex Mail.

Scroll the page to the end. Approximately in the middle there is a link “ Last entrance" This is the story.

09.01.2014

The article lists 11 clear signs that your system has been hacked and provides recommendations for necessary actions in such a situation. Since a compromised computer does not deserve complete trust

Roger A. Grimes. 11 Sure Signs You've Been Hacked, www.infoworld.com

Forwarding search queries on the Internet, programs installed on the computer that appeared from nowhere, strange behavior of the mouse: what to do if you are under surveillance?

In today's world of threats, antivirus software doesn't leave much room for choice. On practice antivirus scanners they make mistakes quite often, especially when it comes to exploits that appeared less than a day ago. After all, hackers and malware They can change tactics at any time. It is enough to rearrange a couple of bytes, and a previously well-detected malicious program instantly ceases to be recognized.

In order to combat proliferating mutants, many antivirus programs monitor the behavior of software(the corresponding functions are often called heuristic), thus catching unrecognized malware. It also uses virtual environments, system health monitoring, network traffic analysis, and all of the above at the same time, which helps improve the accuracy of the results. And yet, antiviruses regularly make mistakes.

In this article, we will list 11 clear signs that your system has been hacked and tell you what to do in such a situation. Please note that to fully restore the system in all cases, you must follow recommendation number one. Once upon a time this meant reformatting hard drive computer, reinstalling all programs and then restoring data. Today, in some operating environments, you just need to click the Restore button. Be that as it may, you can no longer fully trust a compromised computer. Each point contains recommendations that you need to follow if you do not want to undergo a full recovery procedure. But it should still be emphasized that the best option, eliminating any risks, is a complete system recovery.

1. Fake message antivirus program

Today, a fake antivirus message has become a sure sign that your system is compromised. What most people don't realize is that by the time they receive this warning from their antivirus, the damage may be irreparable. Clicking “No” or “Cancel” to prevent a fraudulent antivirus scan of your system is no longer enough. Too late. Malware exploited vulnerabilities of unpatched software(most often we are talking about the Java Runtime Environment or Adobe products) and put the system completely under their control.

Why do malware issue such an “antivirus warning”? Yes, because a falsified scan that will reveal tons of “viruses” is a good incentive to buy products distributed by attackers. Clicking on the link provided will take the user to a professionally designed website, full of numerous recommendations. You will be asked for your credit card number and other account information. You might be surprised how many people fall for this scam and provide their financial information. Attackers gain complete control over your system, and in addition also information about credit card and banking information. This is what burglars are most interested in.

What to do. As soon as you spot a fake antivirus warning message (and to do this, you need to know what a real antivirus warning looks like), turn off your computer. If you need to save some information and the system allows you to do so, save it. After that, finish it. Boot your computer into safe mode without using a network and try to uninstall recently installed software (often it will uninstall in the same way as legitimate programs). In any case, try to restore your system and bring it to previous state. If you succeed, test your computer as normal and make sure that the fake antivirus warnings no longer appear. Then run a full antivirus scan of your system. Often, the antivirus also detects other malicious programs that have escaped your attention.

2. Unwanted browser toolbars

This is perhaps the second most common sign that your system has been hacked. There are a lot of new toolbars appearing in the browser, the names of which indicate that they are designed to help you. But if you are not sure that the toolbar is offered by a reliable supplier, it makes sense to get rid of it.


What to do. Most browsers allow you to view a list of installed and active toolbars. Remove those that you absolutely do not need. If in any doubt, remove the panel. If the unwanted toolbar is not displayed in the list, or remove it in simple ways fails, your browser may support the ability to return to default settings. If this doesn't work, try the same steps as when you see fake antivirus messages. You can usually avoid unwanted toolbars if you have all software updates installed and no free programs who install these same panels. Tip: Read the license agreements. Information about installing toolbars is most often found in license agreements, which most users do not pay any attention to.

3. Forwarding Internet Search Queries

Many hackers solve their problems by redirecting your browser to something other than where you want it to go. Hackers get paid by redirecting users to certain websites. Typically, the owners of these resources do not even suspect that the corresponding redirection is carried out by introducing malicious programs onto users' computers.

Often this type of malware can be identified by typing a few related common words into an Internet search engine (for example, “puppy” or “goldfish”) and checking to see if the same sites appear in the results - almost never directly related to the specified words. Unfortunately, today many forwarded requests are well hidden from the user's eyes through the use of additional proxy servers, and the user is never returned worthless results that could alert him. Essentially, if you have a toolbar that appears out of nowhere, it means you have also been redirected somewhere. Tech-savvy users who want to verify the accuracy of their results can examine their browser's information flow and network traffic. The traffic sent and received is always noticeably different between compromised and non-compromised computers.

What to do. Follow the instructions given above. Usually, removing unwanted toolbars and programs is enough to get rid of malicious redirects.

4. Frequent pop-ups

In addition to being signs that your system has been hacked, pop-up windows are also very annoying. If your browser suddenly starts displaying pop-ups that never appeared before, your system is compromised. The fight against browser blocking pop-up windows is reminiscent of the fight against spam, only in an even more exaggerated version.

What to do. Perhaps the next recommendation will cause you to associate it with a broken record, but we can only state once again that the appearance of random pop-up windows is due to one of the reasons already described. Therefore, if you do not want to see pop-ups, the first thing you need to do is get rid of unwanted toolbars and other programs.

5. Your friends get fake ones emails from your mailing address

This is one of those scenarios where you personally might be fine. The situation in which our friends receive malicious emails from us is quite common. Ten years ago, when email-attached viruses became commonplace, malware scanned your address book and sent fake letters to all recipients who were present in it.

Today, malicious email typically only arrives at some of the addresses in your contacts. In this case, the computer is most likely not compromised (at least not by malware that hunts for email addresses). And in fake emails, your address does not appear as the sender's address (although this does not always happen either). Your name may be there, but your correct email address may not be there.

What to do. If one of your friends reports receiving a fake email purporting to be from your name, run a full anti-virus scan on your computer and look for programs and toolbars installed without your knowledge. Quite often there is nothing to worry about here, but nevertheless, an extra check will not hurt.

6. Your online passwords suddenly changed

If one or more passwords suddenly changes, your system has most likely been hacked (or your Internet service has been hacked). Most often, the reason for this is the user’s response to a phishing email that allegedly came from the service on which he is registered. The result is a password change without your knowledge. The attacker obtains the account information he is interested in, registers on the service on behalf of the user who owns the stolen confidential information, changes the password (as well as other information to make it difficult to recover) and uses the service to steal money from the user or his friends (posing as him ).

What to do. If the attackers' activity has become serious and they have managed to reach many of your friends, immediately notify your friends that your account has been compromised. This must be done in order to minimize the damage caused to others due to your mistake. Secondly, notify the service about your compromised account. Most services are already accustomed to this kind of interference and promptly return account under your control. You will receive a new password within a few minutes. For some services, the corresponding procedure is completely automated. And some even have a “My friend was hacked” button, with which your trusted person can initiate the necessary actions. This is quite useful because often your friends find out that you have been hacked even before you do.

If compromised accounting information are used on other sites, change your passwords immediately. And next time, be more careful. Sites never send emails asking you to provide your account information. If in any doubt, visit the site directly (rather than following the link provided in the email) and compare the information with what appears on your computer screen when using the precautions. Call the service by phone or write an email, notifying the service provider that you have received phishing email. Consider switching to services with two-factor authentication. This will make it much more difficult for someone to steal your account information.

7. Appearance of programs installed without your knowledge

The unexpected and unwanted appearance of new programs on your computer is a clear sign that the system has been hacked. In the early days of malware, most of them fell into the category computer viruses who modified legitimate software. This was done for camouflage purposes. Today, most malware is distributed in the form of Trojans or worms, which are usually installed in the same way as legitimate programs. Perhaps this is because their creators are trying to balance on a fine line beyond which their prosecution begins. They try to pass themselves off as developers of completely legitimate software. Often, unwanted programs are installed by other programs in the traditional manner, so read the license agreements carefully. They clearly state the installation of one or more additional programs. Sometimes you can refuse to install these additional programs, sometimes not.

What to do. There are many free utilities, which show all programs installed on the computer and allow you to selectively uninstall them.

For example, the CCleaner utility does not provide information about all programs installed on the computer, but notifies about those that automatically launch when the PC boots. Most malware falls into this category. The hardest part is determining which programs are legitimate and which are not. If in doubt, disable the unrecognized program, restart your PC, and only run it when you need the features that have stopped working.

8. The mouse pointer moves between program windows without your participation, selecting certain elements

If your mouse cursor begins to move on its own, highlighting some elements, you have undoubtedly been hacked. It's quite common for mouse pointers to move randomly, usually when some hardware problem occurs. But if the mouse correctly selects interface elements and launches certain programs, the hand of the author of the malware can be felt in all this.

These types of attacks are not as common as some others, but it is still worth remembering that hackers can hack your computer, wait until the user stops showing signs of activity (for example, after midnight) and try to steal your money. Hackers obtain information about bank accounts and withdraw money from them, sell stocks you own, and do other things to lighten your wallet.

What to do. If your computer suddenly comes to life at night, wait a minute before turning it off and try to determine what the attackers are interested in. Don't let them rob you, but it will still be useful to see what they are hunting for. If you have it on hand cellular telephone, take several pictures to record the operations in progress. Sometimes it makes sense to turn off your computer. Unplug it (or turn off your router) and call a professional. This is exactly the case when you need the help of an expert.

Immediately change all your credentials and passwords using a different computer. Check your transaction history bank account, securities, etc. Connect services that will promptly inform you about any transactions with financial resources. If you are the victim of such an attack, you need to take it seriously. It makes sense to reinstall your computer software from scratch. If you have lost money, have law enforcement officials first make copies of all information stored on your computer. Promptly notify them of the incident and write a corresponding statement. If the outcome is favorable, computer data will help you get your money back.

9. Your antivirus software, task manager and registry editor are disabled and won't start

There is a high chance that your computer is infected with malware. If you find that your antivirus software is disabled and won't start, your system is likely compromised (especially if the task manager and registry editor also don't start, disappear immediately after starting, or start in limited functionality mode). Most likely the reason for this is malware.

What to do. Since it is unclear what exactly happened, you should perform a full system restore. If you want to try something less drastic first, there are many ways to restore lost functionality. various methods(any internet search engine will give you a ton of links). Restart your computer in safe mode and begin the difficult procedure. Be aware that it is unlikely that you will be able to solve all problems quickly. Typically, before you get to a method that works, several attempts will fail. To remove the malware, first try using the methods that have already been described earlier.

10. Money has disappeared from your bank account.

We are talking about a large amount of money. Attackers who trade on the Internet usually do not waste their money on small things. Most often, they transfer all or almost all of the funds to some foreign bank. It usually starts with your computer being hacked or your response to a fake letter from the bank. The attacker then visits the bank's website in your Personal Area, changes there contact information and transfers himself a large sum of money.

What to do. In most cases, financial institutions compensate for the damage caused (especially if they manage to stop the transaction in time). In such a situation, we can consider the client lucky. However, quite often the courts make a determination according to which the blame for the hack is placed on the client himself, and then the right to make the final decision is given to the financial institution itself.

In order to avoid possible unpleasant consequences, activate the SMS notification service about transactions with funds in your bank account. Many financial institutions allow you to set a threshold for withdrawals, and if this threshold is exceeded or money is withdrawn abroad, you will receive a warning. Unfortunately, there are cases where attackers blocked the sending of such messages or changed contact information before stealing money. Therefore, make sure that your bank will in any case send warnings to the previous address or send a notification about changes in contact information.

11. Complaints are coming from stores regarding non-payment for previously shipped goods.

In this case, hackers hacked into one of your accounts and made a number of purchases using your shipping address. Often, attackers order a lot of things from different stores, each of which, after checking your balance, believes that you have enough funds in your account. But when the transaction is finalized, it turns out that the money has run out.

What to do. It's a sad situation. First of all, try to find out how your account was hacked. If you used one of the methods described above, follow the appropriate recommendations. Change your usernames and passwords (not just for the hacked account), contact law enforcement, initiate criminal proceedings, and closely monitor the status of your loans. It may take several months for the fraudulent transactions made in your name to be reversed, but most (or perhaps all) of the damage will be eliminated.

A few years ago, you would have had a negative credit history that would have lasted for decades. Today, credit reporting companies and agencies are accustomed to cybercrime and are striving to resolve such situations. In any case, be proactive and try to follow all recommendations from law enforcement agencies, lenders and credit rating agencies.

Three main ways to avoid the negative impact of malware

You should not hope for the emergence of an antivirus that would perfectly filter all malicious programs and block the actions of hackers. First, pay attention to the signs and symptoms (listed above) that indicate your system has been compromised. To eliminate risks, always reinstall all software on compromised computers. Once your computer is hacked, the attacker can do anything and hide anywhere. Therefore, it is better to start from scratch.

Most hacks have three main causes: unupdated software, running Trojan horses, and responding to fake phishing emails. Eliminate these three factors, and you'll have much less reliance on your antivirus software for accuracy. Good luck.

To begin with, I would like to say literally two words: why would an attacker hack your computer, mail or account of a particular service.

For the most part, a simple user's account does not contain anything interesting except personal data and a list of contacts. But it is the contact list that is the attacker’s main goal. For what??? - Spam. Send unnecessary advertising, offer goods and services.

It’s still much more “fun” with a computer - it usually has a lot of personal information, often working information, and in general, the ability to hack all your access to everything at once.

In addition, perhaps the most common nuisance on the Internet is viruses. They are also a kind of hacking. Only in most cases, viruses do not just steal your information, but even destroy it or make your computer inoperable.

The main signs that your system has been penetrated without your knowledge:

  • Passwords have changed. Changing passwords without your participation is the first and surest sign of your account being hacked.
  • New panels and buttons, bookmarks in favorites and unfamiliar sites in your browser.
  • Changing the default search page is also not a good sign.
  • New programs of unknown origin on your PC.
  • You end up on the wrong sites for which you specified the address.

For the most part, protecting yourself from such troubles is not difficult if you follow a few rules:

  • Actively use the service - social network, application, mailbox, etc.
  • Create a complex and long password. But, do not use passwords like “name of child, date of birth”, etc.
  • Don't tell your password to anyone!
  • Create a special mailbox where you can set up password recovery from different services. Or set up a password change with confirmation via SMS - the best protection without “special means”.
  • Do not forward password recovery to a non-existent or dead mailbox.
  • No need to mindlessly click the “Next” button every time you install the program you need. Nowadays, when installing many programs, they install “satellite” programs that you don’t even need. Who knows what they are doing?
  • Pay special attention to any attempts by the “system” to install a new antivirus or optimizer, video codec, etc. This is, most often, an attempt to “hook” you with a Trojan or virus.
  • It’s good if your service tracks from which IP address you visited it - this is also not an extra way to control.

And yet, what to do if you have already penetrated?

Remove all programs and everything that you 100% do not need. Check your network settings and how your antivirus works. But the best thing is to turn to professionals. Since in such cases there are many subtleties and nuances. It is not possible to describe them all and in each case they are often individual. Only a specialist can deal with the consequences of such hacks.

If you suspect that intruders have penetrated your computer or simply want to configure your computer so that it works productively and reliably - call us!

Company “ProfITs”, setup and maintenance of computers and local networks. Phone -057 751 09 07

What are the signs that my computer has been hacked via the network?

More signs of computer hacking.
You can notice it by indirect signs, such as an increase in traffic, HDD activity, processor load, etc. For ordinary users, there is a danger: a script embedded in an attacker’s website or a site hacked by him can, using the same vulnerability, download a Trojan to the computer and launch it. The goal, as a rule, is to add a computer to the botnet. Prevention measures: do not sit under an admin account, do not climb dubious sites, regularly update your browser and system, keep your anti-virus monitor turned on. A radical remedy is to disable scripts, for example using a browser plugin (add-on) - noscript. I use it when I follow dubious links, although ideally I should set up a white list of sites in it and block all scripts on the rest.

Signs of a break-in computer system.

As a rule, a network attack or signs of hacking of a computer system can be detected with the naked eye. Events occurring on your computer will subtly warn you about this.

The appearance of various kinds of error messages can be found in event logs or in the operating system logs. One should be especially wary of unexpected changes in various system files or even their absence. It is also important to look at the state of various services that are running on the computer, as well as the logs of these services themselves.

Changing various system files and the registry. Here you need to first of all pay attention to the presence of suspicious processes running on the computer.

Unusual behavior of a computer system - unusual system overloads and even shutdowns, such actions are typical when a cracker has made changes to the system and is trying to make them take effect.

State file system- review carefully HDD for the presence of new files and folders, especially in system folders (Windows), this usually indicates the installation of Trojan programs, remote administration programs...

Changing user accounts - the appearance of new users in the system or the assignment of special rights to users with administrative rights. You should also pay attention to your inability to register in the system.

Can my home computer be hacked?

Unfortunately, this is quite possible and quite simple. Every time you join a provider, you take a risk. In the previous question you can find out how this happens. Naturally, the risk is higher if the connection is permanent (for example, a cable modem), and lower when the connections are short-lived (as usually happens with a modem connection).

The real danger comes from an uninvited guest if he can log in using any account he can pick up (or find out) - and gain “root” rights. This is usually possible if you're really a newbie administrator and/or your machine isn't really security oriented (you're at home, right - why worry about security!).

To protect yourself, you should not allow strangers to break into your computer. Use long and complex passwords for ALL accounts on your computer. Change your passwords regularly. To force the correct password policy on all users on your computer, run (as “root”, for example in RH6.0) linuxconf and under “password and account policies” change the minimum password length to 6 or more characters, the minimum number of non-alphabetic characters to 1 or 2, the number of days after which the password must be changed to something like 90 or less, and set the password aging warning to 7 days before aging. For other information about passwords, see here (FAQ2.htm#pass_security). Absolutely NEVER create accounts without a password or with weak passwords. Don't run your computer as “root” - if you run a program with security holes as “root”, someone may find an opportunity to hack your computer. Older Linux distributions had known security holes, so use newer versions, especially if your computer could be used by untrustworthy people, or if your computer performs server functions (such as an ftp or http server).

It's also a good idea to regularly review all the files that record all user logins: /var/log/secure (most recent log) /var/log/secure.1 (older) /var/log/secure .2 (even older), etc. Also /var/log is useful. Check them from time to time. The most common “warnings” relate to port scanning on your computer - repeated attempts to log in from some IP address to your telnet, ftp, finger or other port. This means that someone wants to know more about your computer.

If you are not using a remote connection to your machine, it is a great idea to restrict the rights to use “server-side” network services (all network services are listed in the /etc/inetd.conf file) to your machines home network. Access is controlled by two files: /etc/hosts.allow and /etc/hosts.deny. These access control files work as follows. When someone from outside requests a connection, the /etc/host.allow file is scanned first and if one of the names contained in it and the name of the computer requesting the connection match, access is allowed (regardless of the contents of the /etc/host.deny file). Otherwise, the /etc/host.deny file is scanned, and if the name of the machine from which the connection is being requested matches one of the names in the file, the connection is closed. If no matches are found, permission is granted.

B. Staehle (Linux Modem Guru) advised me not to install network services at all. “If your network services are not installed correctly, your computer can be hijacked by any script writer. Beginners _SHOULD NOT_ allow services (ftp, telnet, www) to the outside world. If you "must" install them, make sure you only allow access from machines you can control.

The /etc/hosts.deny file should contain
ALL: ALL
and /etc/hosts.allow should contain
ALL: 127.0.0.1
to allow login only from this computer. Do not use names (only IP addresses)!“.

Indeed, my /etc/host.deny, as advised, contains (ALL: ALL), but my /etc/hosts.allow contains two more computers having full access, and another one for logging in via telent and ftp: (IP addresses are fictitious):
ALL: 127.0.0.1, 100.200.0.255, 100.200.69.1
in.telnetd, in.ftpd: 100.200.0.2

In the above examples, “ALL: ALL” means “ALL services, ALL computers,” that is, “a connection from all computers to all network services” coming from “any computer.”

For more information, see the excellent “Linux Network Administrator Guide,” which, of course, comes with your distribution. For example, I even printed out this book.

To check which network services on your computer are accessible from the outside world, you can use special WEB tools.

For security reasons, it would be a good idea not to advertise operating system and the version you are using. I changed the contents of the /etc/issue and /etc/issue.net files, which on my computer looked like this:
Red Hat Linux release 6.2 (Zoot)
Kernel 2.2.14-5.0 on an i586

To something like:
WARNING: THIS IS A PRIVATE NETWORK
UNAUTHORIZED USE IS PROHIBITED AND ALL ACTIVITIES ARE LOGGED
IBM S/390 LINUX

This joke may slightly (slightly) increase (I hope) the security of my system.

I change the contents of the /etc/issue and /etc/issue.net files on every boot (when /etc/rc.local is executed). To make the changes permanent, I can make these files read-only for all users by running (as “root”):
chmod a=r /etc/issue*

Instead of the last command, I could edit (as “root”) the /etc/rc.d/rc.local batch file and comment out the 5 lines using ### so that the significant part contains:
# This rewrites /etc/issue on every boot. Making a few changes
# necessary so as not to lose /etc/issue on reboot
### echo “” > /etc/issue
### echo “$R” >> /etc/issue
### echo “Kernel $(uname -r) on $a $SMP$(uname -m)” >> /etc/issue
### cp -f /etc/issue /etc/issue.net
### echo >> /etc/issue

Another good security measure is to turn off ping. Ping is a system that responds to a request sent from another computer. It is quite useful when setting up and debugging network connections to verify that your machine is accessible over the network. It can also be used to probe and/or attack it with overloading ping requests (“ping of death”). To block ping requests from the network, I use IP masquerading. I have taken, slightly modified, the following commands, along with explanations from

Ipchains -A input -p icmp -icmp-type echo-request -i ppp0 -j REJECT -l
(1) (2) (3) (4) (5) (6) (7)

Explanation of ipchains flags: 1. Add a new rule.
2. Specify the scope of the rule; in this case, the rule will be applied to incoming packets.
3. The protocol to which the rule will apply. In this case - icmp.
4. ICMP type, in this case the icmp echo response to the request will be blocked. “Echo reply (ICMP echo)” means ping.
5. Interface name. In this case it is the first telephone connection, ppp0.
6. The purpose is what we will do with the request packets.
7. Mark all packages according to some criteria in the system log file.

IP masquerade is described in more detail in the Masquerading chapter of this guide.

Other precautions. I check from time to time to make sure that someone hasn't installed a “root kit” on my system. I use “chkrootkit” (very small, 25k, downloaded from ).

After downloading:
su
cd /usr/local
tar xvzf /home/my_name/chkrootkit.tar.gz
cd /usr/local/chkro
make
./chrootkit

The last command is to search for “root kit” on my system. “Rootkit” are programs that leave a backdoor for anyone who has once acquired “root” rights, installed for the purposes of listening, browsing, protecting their access, etc.