My fellow penguins,
I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory’s “Where Is My Mind” has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike’s Dad saying, “Ike, we are sick of you talking about ghosts!”
It’s getting old now.
I feel like these sounds should be grepable in some log somewhere, but I’m a neophyte to this. I’ve done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later.
Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold.
Thank you in advance. LOLseas
Guilty of reusing credentials. Strong password, but reused.
I use my ISP’s router and their built-in firewall is saying Enabled on the page.
Then I run UFW on my PC denying all incoming. It’s one of two rules (the other is port forwarding for CS:CZ server).
I thought running Mullvad VPN would be another good layer of obscurity, but whatever drive-by malware got through something somewhere. ClamAV reported no infections. No SSH and no RDP. I really am at a loss on how I got compromised.
Thanks for spitballing with me! I look forward to further insight.
I’d have a look at what you’re port forwarding to your machine, then what services may be running on that port, and finally if your firewall rules allow those though.
If anything, it sounds like somebody was doing remote execution calls on your game server.