I think I've been hacked, what can I do? [closed]

networking

I have recently installed Ubuntu 15.xx and I belive my machine has been hacked.

My computer's name has been changed to imatransvestite, and although I can still change passwords, I cannot use sudo without this error: sudo: unable to resolve host imatransvestite

What can I do to fix tis, and what should I do?


If you have been hacked, or even think you have been hacked, then there is no easy way to determine what all has been done to your system.

In your case, we know that, at the very least, your system's hostname has been changed. However, a backdoor for the hacker could have been installed. Malware could have been installed. Your system could be configured to use poisoned DNS. You could have malware that's downloading very very NSFW illegal things to your computer. There is literally an unending list of things your computer could be doing as a result of being hacked..

Your best solution is to "Nuke It From Orbit"TM, or in laymans terms, "Completely reinstall from scratch".

In addition to reinstalling your system from scratch, take the following steps:

  1. Change all your passwords on websites you use. It's possible your passwords are now in the hands of the hacker, so time to use different ones.
  2. Set up a firewall. After you have a cleanly installed system, run the following commands, to make sure that a firewall is installed and enabled. This will help secure your system: 
    sudo apt-get install ufw
sudo ufw enable
  3. Only use networks and websites which you trust to not be malicious. Unsecured wireless networks are a hacker's paradise, and untrusted sites can have malware or other privacy-violating things on them that can lead to you being hacked.
  4. Use different passwords for every login, and use a password manager to manage/remember them. Make sure a password manager's password doesn't match another password you use, and make sure all your passwords are different. This applies for your user account too going forward. This is one of the most effective methods, but it's a little more difficult.

If you've been hacked, then your number one priority should be to determine the attack vector -- otherwise it will just end up happening again. Before wiping the system and reinstalling everything, back up any relevant logs and review them. If your attacker did not wipe the logs, then you should have a pretty fair idea of how they got in and what your first steps should be when you do reinstall your system.

Related

Why is this file name truncated in Nautilus?
How can I install the non-CD size 12.04 on a computer that can't boot from USB & can't read DVD-Rs?
Updates don't install because of "untrusted packages" [duplicate]
What does last dot in the file permission attribute mean?
Apt fails to remove partially installed kernel and can't install any other packages
Windows Update cannot currently check for updates, because the service is not running
Command Prompt: run scripts in background (equivalent of Linux's &/bg)
Excel: If statement with #N/A
How can I ring the audio bell within a bash script running under gnu screen?
Is a 7200rpm USB 3.0 drive going to have very similar performance to an internal 7200rpm drive or is it still going to be noticeably slower?
How to extract a .dmg file in Linux?
What is the difference between bash and sh?