system getting hacked after install of boinc

log in

Advanced search

Message boards : Questions and problems : system getting hacked after install of boinc

Author Message
NATE1
Avatar
Send message
Joined: 12 Jun 11
Posts: 145
Message 38359 - Posted: 12 Jun 2011, 12:20:26 UTC

problem:
installed boinc, now system getting hacked.
only happens after good run, lots of credits.
running linux, ubuntu 11.04
firewall up and running.
....
since may 5 2011, i have had 3 days that I have gotten a large number of credits,
mostly after system does large prim wu.
next morning, system hacked.
stuff moved around, files open, work units aborted.

anybody got any help for this problem?
does this sound like someone not happy about someone doing good running boinc?
and causing problems?

got any help??
sure could use it. BTW new to linux and boinc.

right now am formating drive and reinstalling. hopeing it may fix the problem

all i can do is ask,

thanks..

____________

Pepo
Avatar
Send message
Joined: 3 Apr 06
Posts: 547
Message 38367 - Posted: 12 Jun 2011, 16:09:46 UTC - in response to Message 38359.

problem:
installed boinc, next morning, system hacked.
stuff moved around, files open, work units aborted.
mostly after system does large prim wu.

anybody got any help for this problem?
got any help??
sure could use it.

If you would describe, what actually happened to your computer (or what does "system hacked, stuff moved around, files open, work units aborted" means, then someone might try to guess, what it was, and then help...

Peter

NATE1
Avatar
Send message
Joined: 12 Jun 11
Posts: 145
Message 38368 - Posted: 12 Jun 2011, 16:59:45 UTC - in response to Message 38367.

ok,I'll try.
since the 5th of May 2011 there have been 3 day that I have been able to get 16k plus credits on projects. the following morning, I check the computers every morning.
on 1 of them and only one, it is as if someone was setting at the computer and creating folder. opening folders. killing bonic project work units.
this morning, had a good day yesterday on credit. when I checked the computer that this is going on with. the applications places system widget, in the left top conner of ubuntu 11.04 was missing. 4 new folder were created on top of the desk top, the theme had been changed to a grass field, bonic process had been killed, a number of other text files had been opened, as if, i say again, someone had been setting at the computer and doing this overnight. also on the theme part, it look like they tried to change the theme 15 time or more. lots of little tabs down on the task bar at the bottom.
Now I am running ubuntu 11.04 classic no effect. nothing installed on this system but ubuntu, bonic, and firewall. and I live by my self.
plus i have 3 other system same make, model, configuration. and they are not doing this. so ether this computer is hunted, or someone is comming through the p2p(?) of bonic.
just my thoughts.
anyway I reformated the hardrive did a fresh install of ubuntu 11.04, reinstalled bonic and firewall..
but it is very strange, this this only happens when I get 16K+ credits in one 24 hour recording period via bonicstats web site.
so yes I could use some help on this one.
I'm hopeing the format/reinstall will take care of in case something got in/pass the fire wall. but i can olny hope...
I've had people tell me about computers doing strange things before.
but the only time I've seen something like this, is when someone take remote control.

thanks for reading..

NATE1
Avatar
Send message
Joined: 12 Jun 11
Posts: 145
Message 38375 - Posted: 12 Jun 2011, 19:56:54 UTC - in response to Message 38371.

ok, I looked at some sites for information, I'm new to linux, so, 2 things keep comming up, programs really.

rkhunter and chkrootkit

chkrootkit found nothing

rkhunter found folling

[14:54:15] Checking /dev for suspicious file types [ Warning ]
[14:54:16] Warning: Suspicious file types found in /dev:
[14:54:16] /dev/shm/pulse-shm-1682885663: data
[14:54:16] /dev/shm/pulse-shm-3052681592: data
[14:54:16] /dev/shm/pulse-shm-2731106536: data
[14:54:16] /dev/shm/pulse-shm-2082049075: AmigaOS bitmap font
[14:54:16] /dev/shm/pulse-shm-141965193: data
[14:54:16] /dev/shm/pulse-shm-2506651935: data
[14:54:17] Checking for hidden files and directories [ Warning ]
[14:54:17] Warning: Hidden directory found: /etc/.java
[14:54:17] Warning: Hidden directory found: /dev/.udev
[14:54:17] Warning: Hidden directory found: /dev/.initramfs


but the above was on all system. google search shows /dev/shm/pulse-shm number:data is ubuntu's way of sharing data between programs.
and amigaOS bitmap font is what it states it is.

the hidden directorys are on all 6 systems. even the newly installed one.

so nothing found.

wish i knew about rootkit before format/reinstall. i might have been able to find something. maybe.

so according to rkhunter and chkrootkit network is clean.

maybe it's gone for good, the problems on that one. don't really know where system may have picked up that, never been used for anything but bonic.

thanks for all your help, if it happends again i'll let you know

thanks......

Richard Haselgrove
Send message
Joined: 5 Oct 06
Posts: 1230
Message 38382 - Posted: 13 Jun 2011, 7:26:09 UTC - in response to Message 38377.

2. Windows users should install BOINC in Protected Application Execution (PAE) mode which I believe is the default installation mode in the BOINC installer for Windows. Installing in PAE mode severely restricts project executables in what they can do on your computer. (I hope this info about Windows is correct, someone please correct me if I'm wrong, it's been a while since I've run Windows)

That's correct. Unfortunately, the protection against malicious behaviour is so strong that project executables can't interact with graphics card drivers under PAE, and that rules out GPU computation. Participants who want to offer the use of GPUs to projects (increasingly common) are forced to opt for the insecure 'user' mode of operation.

whynot
Send message
Joined: 8 May 10
Posts: 65
Message 38543 - Posted: 18 Jun 2011, 16:26:12 UTC - in response to Message 38377.


1. On Linux systems avoid using the Berkeley installer to install BOINC. Instead you should install BOINC from your distro's repositories which installs BOINC in such a way that it and project executables run under an unprivileged user account named, for example, boinc-user. That user is severely restricted in what it can access and modify on your system so if you do get a malicious executable from a rogue or hacked BOINC project it won't be able to do much other than delete its own files.


And that really could be a way in. Since many distributions configure sudo(1) to allow the user that installed (UID=1000, you know) to get privileges without authentication (matter of darn friendliness) then such malicious application can do anything. Everything becomes that scary these days.

____________
I'm counting for science,
points just make me sick.

NATE1
Avatar
Send message
Joined: 12 Jun 11
Posts: 145
Message 38621 - Posted: 21 Jun 2011, 22:08:43 UTC

Hi, Just wanted to pop in and give an up date.
No problems so far. Found out I did get sort of hacked but not the way I was thinking.
Someone had dug up my cable line, and spliced in some kind of box.
In the box was a wireless router, a battery, and a camera flash unit and some other stuff.
Someone was using this box to steal internet service from me.
What is off the wall is that when the top was opened, it release a dead man switch, the flash unit went off and smoked the wireless router. The electronic tech. said it was still wrong but a nice bit of electronic work.
Thanks to everyone for all your help.

Message boards : Questions and problems : system getting hacked after install of boinc


BOINC home page · Log in · Create account

Copyright © 2014 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.