Over 90% of all hacks are performed by unsophisticated hackers, who prey on weak victims. Their victims use weak or compromised passwords or are easy manipulated via social engineering methods. Once hackers obtain usernames and passwords by brute force, dictionary attacks, or via social engineering methods they login to servers or desktops/laptops and install backdoors, keyloggers, spyware, malware, etc. In this post we consider a simple way to check if a linux server/device was hacked by unsophisticated hackers.
Step 1. Check bash_history to see all installed software and all downloaded files/scripts.
Use this command to see all installed programs.
cat ~/.bash_history | awk '{if ($0~"install") print}'
Use this command to see all downloaded files with curl.
cat ~/.bash_history | awk '{if ($0~"curl") print}'
Use this command to see all downloaded files with wget.
cat ~/.bash_history | awk '{if ($0~"wget") print}'
If you find suspicious apps or files then you can remove or delete them.
If bash_history file was deleted or modified then this is a strong indicator of a hacker’s activity.
Step 2. Check all processes via which hackers can spy and control the linux server/device
Use this command to see all processes that are listening for network connections.
sudo lsof -l | awk '{if ($0~"LISTEN") print}'
If you find suspicious processes then you can investigate them with this command:
sudo lsof -p pID , where pID is the process ID.
To understand how processes are connected use this command:
It lists all running processes organized logically.
Step 3. Check if an unauthorized user is logged in
Use this command to list all logged-in users:
In the “From” column (the last) you will see IP addresses of the logged users. You can use this command to check IP addresses:
whois IP address.
Step 4. Check if some spyware or malware is running.
As a rule, spyware and malware of unsophisticated hackers consume a lot of resources in memory and/or processor. You can check usage of these resources with the following command:
Sophisticated hackers use more advanced tools and techniques, which hide their activities and all malicious code in natural server’s activities and processes. To discover these hidden processes and activities more advanced tools and techniques are needed, but you should not worry about sophisticated hackers until you have something that they are interested in.
The first line of defense against all types of hackers is formed by your passwords, therefore you should learn how to create and manage strong unique passwords for multiple accounts. The best tool from point of view of security and convenience and costs is a dynamical passwords generator (DPG). In contrast to traditional passwords managers, which save/store generated passwords in encrypted files, DPGs do not save/store them in any place. For this reason DPGs are more secure. See https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-create-unhackable-passwords-xeenglp
Passwordless technologies, promoted by big corporations are misleading. They use passwords, but humans are not aware of these passwords, which are used by devices and software and stored in encrypted files on devices. For the reason that such technologies authenticate devices, but not humans, they expose human users to significant risks, because any person or AI agent who has access to your devices will be able to access all your accounts associated with these devices. See https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-understand-risks-and-dangers-of-passkeys-and-xwvqven
References
