# I think I'm hacked



## mfaridi (Apr 19, 2010)

I install Aide from ports . yesterday and make databases , and run it yesterday , everything was good , but when I run this command 

```
aide --check
```
I see this 

```
AIDE found differences between database and filesystem!!
Start timestamp: 2010-04-19 12:44:50

Summary:
  Total number of files:	219299
  Added files:			0
  Removed files:		0
  Changed files:		5


---------------------------------------------------
Changed files:
---------------------------------------------------

changed: /root/.mc
changed: /root/.mc/panels.ini
changed: /root/.mc/ini
changed: /root/.mc/Tree
changed: /root/.mc/filepos

--------------------------------------------------
Detailed information about changes:
---------------------------------------------------


Directory: /root/.mc
  Mtime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  Ctime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11

File: /root/.mc/panels.ini
  Size     : 720                              , 716
  Mtime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  Ctime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  MD5      : HYzhaEL8wsk8vR5KpywfKg==         , 41HuxvS4fxZw+CBIkajktQ==

File: /root/.mc/ini
  Mtime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  Ctime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11

File: /root/.mc/Tree
  Mtime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  Ctime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11

File: /root/.mc/filepos
  Mtime    : 2010-04-11 18:16:01              , 2010-04-19 12:44:11
  Ctime    : 2010-04-11 18:16:01              , 2010-04-19 12:44:11
/var/db/aide #
```

Do I can understand I hacked ?
I do not have firewall , and I use

```
FreeBSD mfaridi.com 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Fri Oct  2 08:22:32 UTC 2009     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
na
```

my mc is modified  , but I do not modify it .


----------



## DutchDaemon (Apr 19, 2010)

The last thing a hacker would be interested in is hacking your .mc files. It was probably altered by mc itself because you changed  an option or resized something. Some files change, you know ... please don't panic if /var/log/messages disappears and is replaced by a new one...


----------



## Ruler2112 (Apr 19, 2010)

I agree with DD on the results you posted - nothing there to suggest anything abnormal going on.  It's normal system operation for files to change; the key to knowing what's bad is interpreting which ones have changed.

However, it's only a matter of time IMO if you don't get a firewall up.  Putting a system on the internet with no firewall is asking for it.  I recommend pf; relatively simple to set up, there's a lot of documentation, and it's very powerful.


----------



## SirDice (Apr 19, 2010)

Ruler2112 said:
			
		

> However, it's only a matter of time IMO if you don't get a firewall up.  Putting a system on the internet with no firewall is asking for it.


Not really. If there are no services listening on the Internet faced interfaces there's nothing to connect to. If there's nothing to connect to there's nothing to hack.



> I recommend pf; relatively simple to set up, there's a lot of documentation, and it's very powerful.



With this I agree :e


----------



## prex4real (Jul 14, 2010)

Ok anybody here know a real hacker?


----------



## DutchDaemon (Jul 14, 2010)

prex4real said:
			
		

> Ok anybody here know a real hacker?



State your purpose? The only type of 'hacking' the FreeBSD community supports is kernel/OS hacking, in the sense of 'enhancing its functionality/security'. If you're thinking blackhat-type hacking, you best be on your merry way.


----------



## mk (Jul 14, 2010)

mustafa put next time small "am" right next to "I" so you can emphasis that you are hacked. instead i am reading this as you succeed in hacking a machine or something


----------



## sk8harddiefast (Jul 15, 2010)

I am against blackhat-type hacking. I want to know that i have the knowledge to do it, but *never* do it!


----------

