Am I being hacked?
If you think you are being hacked, there are several quick things you can do to stop remote access:
Run
vino-preferences
and see if it is activated. If it is, uncheck all options and if you need it then change the password.Change your user password. That would make it tough to access via ssh with that user.
Verify that there is no other user account. From terminal you can do something like this:
cat /etc/passwd|grep '/bin/bash'
but there are other GUI and terminal ways.Disable the SSH server if you happen to have it install. Type
sudo apt-get purge openssh-server
. If you don't have nothing will happen. If you do have it, it will ask you for removal.
Up to now you have just blocked the VNC and SSH services from being accessed remotely.
Now check if you have some script running when the PC starts. For example something that is being send to somebody outside. This implies having to check a lot of places. For example:
- Check all /etc/rc* folders. For example /etc/rc0.d, /etc/rc1.d....
- Check /etc/init.d from a weird service that is not supposed to be there.
- Check that cron is not running something. Example:
crontab -e
will show what cron runs for your user. - Check that
ufw
is enabled and does not have some port forward. Also check iptables for this. If a port is forward it might look like he is trying to have direct access to the PC. - Any other place that might be used for automatic running something.
There are many other ways but this are the quick and basic.
192.168.1.1 is the IP address of your router, it's not a third party website. What you have done is opened up either SSH, or VNC, access to your machine by forwarding that port out. If you repeat the steps but instead of entering the values remove the values you should be able to severe access. It's odd that it would show a user logged in from 2007, after removing the port forward restart your machine to log any connected sessions off.