I think I've been hacked, what can I do? [closed]
I have recently installed Ubuntu 15.xx and I belive my machine has been hacked.
My computer's name has been changed to imatransvestite
, and although I can still change passwords, I cannot use sudo
without this error: sudo: unable to resolve host imatransvestite
What can I do to fix tis, and what should I do?
If you have been hacked, or even think you have been hacked, then there is no easy way to determine what all has been done to your system.
In your case, we know that, at the very least, your system's hostname has been changed. However, a backdoor for the hacker could have been installed. Malware could have been installed. Your system could be configured to use poisoned DNS. You could have malware that's downloading very very NSFW illegal things to your computer. There is literally an unending list of things your computer could be doing as a result of being hacked..
Your best solution is to "Nuke It From Orbit"TM, or in laymans terms, "Completely reinstall from scratch".
In addition to reinstalling your system from scratch, take the following steps:
- Change all your passwords on websites you use. It's possible your passwords are now in the hands of the hacker, so time to use different ones.
-
Set up a firewall. After you have a cleanly installed system, run the following commands, to make sure that a firewall is installed and enabled. This will help secure your system:
sudo apt-get install ufw sudo ufw enable
- Only use networks and websites which you trust to not be malicious. Unsecured wireless networks are a hacker's paradise, and untrusted sites can have malware or other privacy-violating things on them that can lead to you being hacked.
- Use different passwords for every login, and use a password manager to manage/remember them. Make sure a password manager's password doesn't match another password you use, and make sure all your passwords are different. This applies for your user account too going forward. This is one of the most effective methods, but it's a little more difficult.
If you've been hacked, then your number one priority should be to determine the attack vector -- otherwise it will just end up happening again. Before wiping the system and reinstalling everything, back up any relevant logs and review them. If your attacker did not wipe the logs, then you should have a pretty fair idea of how they got in and what your first steps should be when you do reinstall your system.