Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, April 4, 2019 2:23 PM, Solene Rapenne <[email protected]> wrote:
> On Thu, Apr 04, 2019 at 11:42:15AM +0000, Cord wrote:
>
> > Sent with ProtonMail Secure Email.
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > On Thursday, April 4, 2019 12:27 PM, Normen Wohner [email protected] wrote:
> >
> >
> > I started to search a rootkit and I found
> > signs of hacking in ssh connection of my vps. I mean, a tor exit node
> > was connected to the ssh vps with my ssh key.
>
> How did you figure out this? Could you paste the commands you used to
> find someone did connect to the VPS with your SSH key, and how you
> figured out it was using a tor node?
>
netstat -naf inet
whois ip
grep ip /var/log/authlog
> > Then, because my key was
> > been exfiltrated then my desktop was been hacked
>
> What make you think your desktop has been hacked?
> Do you run sshd on it, allowing the ssh key which is said stolen?
>
Sorry, but the following what's menas for you:
> > because my key was
> > been exfiltrated then my desktop was been hacked
> > But I repeat the
> > problem is not the server (vps). The problem is the desktop and how
> > the key was been exfiltrated. Then I deleted everything (also the vps)
> > and I reinstalled openbsd on my desktop, I changed vpn provider and I
> > started to use chrome+unveil, again private message seem known from
> > other... I search again and I found webmail session opened but I am
> > sure I have logout everytime.
>
> On which computer did you find the webmail session opened, on your desktop?
> That would be a really weird hack, to use your webmail locally with a
> tab opened on display :1
oh you want a tutorial, this is very good:
https://www.tech-recipes.com/rx/22511/gmail-check-recent-logins-and-sign-out-of-all-sessions/
