Someone just remotely entered my computer and start googling for things. How?
up vote
6
down vote
favorite
The intruder started opening windows and in firefox opened the search prompt and start typing in some commands I didn't capture.
Then he opened Google and searched for:
&fs:ik &del ik &svcnost.exe &exit
What is this command?
How did someone get into my machine? In Windows this has never happened and this feels like a huge breach of security of my personal PC.
I've already went ahead and disabled remote desktop, but when it was enabled it clearly mentioned:
So does this mean that ANYBODY could have entered and messed with the machine? I set the option to notify me when someone entered otherwise I wouldn't have been the wiser.
11.04 remote-desktop
edited May 28 '13 at 20:08
Mateo
7,24584871
asked May 9 '11 at 15:39
Only Bolivian Here
3,27771627
add a comment |
up vote
6
down vote
favorite
The intruder started opening windows and in firefox opened the search prompt and start typing in some commands I didn't capture.
Then he opened Google and searched for:
&fs:ik &del ik &svcnost.exe &exit
What is this command?
How did someone get into my machine? In Windows this has never happened and this feels like a huge breach of security of my personal PC.
I've already went ahead and disabled remote desktop, but when it was enabled it clearly mentioned:
So does this mean that ANYBODY could have entered and messed with the machine? I set the option to notify me when someone entered otherwise I wouldn't have been the wiser.
11.04 remote-desktop
edited May 28 '13 at 20:08
Mateo
7,24584871
asked May 9 '11 at 15:39
Only Bolivian Here
3,27771627
Check your wireless settings and if you do not have any security enabled for it then set it to WPA2
– scouser73
May 9 '11 at 16:18
2
Why would you allow other users to control your desktop anyway, it's basically begging for trouble.
– scouser73
May 9 '11 at 16:20
@scouser73 Being on a well-secured wireless network doesn't protect you from others on the network (who you don't necessarily want to allow to remotely administer your computer just because you're on the same WLAN as them!). And being on an open wireless network does not expose you to this problem unless Remote Desktop is configured very insecurely, as is the case here. Changing wireless settings is often not a good solution, but your second comment (about how it's a bad idea to configure Remote Desktop like this) is spot-on.
– Eliah Kagan
Sep 1 '12 at 12:19
add a comment |
up vote
6
down vote
favorite
up vote
6
down vote
favorite
The intruder started opening windows and in firefox opened the search prompt and start typing in some commands I didn't capture.
Then he opened Google and searched for:
&fs:ik &del ik &svcnost.exe &exit
What is this command?
How did someone get into my machine? In Windows this has never happened and this feels like a huge breach of security of my personal PC.
I've already went ahead and disabled remote desktop, but when it was enabled it clearly mentioned:
So does this mean that ANYBODY could have entered and messed with the machine? I set the option to notify me when someone entered otherwise I wouldn't have been the wiser.
11.04 remote-desktop
edited May 28 '13 at 20:08
Mateo
7,24584871
asked May 9 '11 at 15:39
Only Bolivian Here
3,27771627
The intruder started opening windows and in firefox opened the search prompt and start typing in some commands I didn't capture.
Then he opened Google and searched for:
&fs:ik &del ik &svcnost.exe &exit
What is this command?
How did someone get into my machine? In Windows this has never happened and this feels like a huge breach of security of my personal PC.
I've already went ahead and disabled remote desktop, but when it was enabled it clearly mentioned:
So does this mean that ANYBODY could have entered and messed with the machine? I set the option to notify me when someone entered otherwise I wouldn't have been the wiser.
11.04 remote-desktop
11.04 remote-desktop
edited May 28 '13 at 20:08
Mateo
7,24584871
asked May 9 '11 at 15:39
Only Bolivian Here
3,27771627
edited May 28 '13 at 20:08
Mateo
7,24584871
asked May 9 '11 at 15:39
Only Bolivian Here
3,27771627
edited May 28 '13 at 20:08
Mateo
7,24584871
edited May 28 '13 at 20:08
Mateo
7,24584871
edited May 28 '13 at 20:08
Mateo
7,24584871
7,24584871
asked May 9 '11 at 15:39
Only Bolivian Here
3,27771627
asked May 9 '11 at 15:39
Only Bolivian Here
3,27771627
asked May 9 '11 at 15:39
Only Bolivian Here
3,27771627
3,27771627
Check your wireless settings and if you do not have any security enabled for it then set it to WPA2
– scouser73
May 9 '11 at 16:18
2
Why would you allow other users to control your desktop anyway, it's basically begging for trouble.
– scouser73
May 9 '11 at 16:20
@scouser73 Being on a well-secured wireless network doesn't protect you from others on the network (who you don't necessarily want to allow to remotely administer your computer just because you're on the same WLAN as them!). And being on an open wireless network does not expose you to this problem unless Remote Desktop is configured very insecurely, as is the case here. Changing wireless settings is often not a good solution, but your second comment (about how it's a bad idea to configure Remote Desktop like this) is spot-on.
– Eliah Kagan
Sep 1 '12 at 12:19
add a comment |
Check your wireless settings and if you do not have any security enabled for it then set it to WPA2
– scouser73
May 9 '11 at 16:18
2
Why would you allow other users to control your desktop anyway, it's basically begging for trouble.
– scouser73
May 9 '11 at 16:20
@scouser73 Being on a well-secured wireless network doesn't protect you from others on the network (who you don't necessarily want to allow to remotely administer your computer just because you're on the same WLAN as them!). And being on an open wireless network does not expose you to this problem unless Remote Desktop is configured very insecurely, as is the case here. Changing wireless settings is often not a good solution, but your second comment (about how it's a bad idea to configure Remote Desktop like this) is spot-on.
– Eliah Kagan
Sep 1 '12 at 12:19
Check your wireless settings and if you do not have any security enabled for it then set it to WPA2
– scouser73
May 9 '11 at 16:18
Check your wireless settings and if you do not have any security enabled for it then set it to WPA2
– scouser73
May 9 '11 at 16:18
2
2
Why would you allow other users to control your desktop anyway, it's basically begging for trouble.
– scouser73
May 9 '11 at 16:20
Why would you allow other users to control your desktop anyway, it's basically begging for trouble.
– scouser73
May 9 '11 at 16:20
@scouser73 Being on a well-secured wireless network doesn't protect you from others on the network (who you don't necessarily want to allow to remotely administer your computer just because you're on the same WLAN as them!). And being on an open wireless network does not expose you to this problem unless Remote Desktop is configured very insecurely, as is the case here. Changing wireless settings is often not a good solution, but your second comment (about how it's a bad idea to configure Remote Desktop like this) is spot-on.
– Eliah Kagan
Sep 1 '12 at 12:19
@scouser73 Being on a well-secured wireless network doesn't protect you from others on the network (who you don't necessarily want to allow to remotely administer your computer just because you're on the same WLAN as them!). And being on an open wireless network does not expose you to this problem unless Remote Desktop is configured very insecurely, as is the case here. Changing wireless settings is often not a good solution, but your second comment (about how it's a bad idea to configure Remote Desktop like this) is spot-on.
– Eliah Kagan
Sep 1 '12 at 12:19
add a comment |
2 Answers
2
active
oldest
votes
up vote
14
down vote
accepted
They got access because you had Remote Desktop enabled for some reason. You could do similar under Windows.
For security, no matter what OS you are running, do not allow incoming connections unless you know how to secure them, and then only allowing unprivileged usage limited to only those functions you need remote users to have.
svchost.exe is associated with a number of threats so your intruder may have been looking at popping it onto your machine. Of course it is a Windows executable so that wouldn't have impacted you on this Ubuntu box.
answered May 9 '11 at 16:27
Rory Alsop
2,4732031
What will happen If he already installed wine ?
– Tachyons
Apr 25 '12 at 8:05
Isn't it called scvhost? i never heard about svcnost. as I know svchost.exe is a service layer script and can connect with any type of network without informing the user(that's why I use Comodo firewall, It can identify those actions) normally, windows have a single SVChost.exe running always. Please let me know if I am wrong
– Prasad RD
Apr 25 '12 at 10:42
add a comment |
up vote
12
down vote
As you can see from your screenshot, you have explicitly allowed unconfirmed, passwordless login. All desktop sharing is disabled by default, and if you enable it, you must confirm each connection. As you unmarked the confirmation box, you granted access for all.
Security measures only works when they are enabled. The same would have happened if you granted access for all on a Windows box.
answered May 9 '11 at 16:28
Egil
10.5k23346
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
14
down vote
accepted
They got access because you had Remote Desktop enabled for some reason. You could do similar under Windows.
For security, no matter what OS you are running, do not allow incoming connections unless you know how to secure them, and then only allowing unprivileged usage limited to only those functions you need remote users to have.
svchost.exe is associated with a number of threats so your intruder may have been looking at popping it onto your machine. Of course it is a Windows executable so that wouldn't have impacted you on this Ubuntu box.
answered May 9 '11 at 16:27
Rory Alsop
2,4732031
What will happen If he already installed wine ?
– Tachyons
Apr 25 '12 at 8:05
Isn't it called scvhost? i never heard about svcnost. as I know svchost.exe is a service layer script and can connect with any type of network without informing the user(that's why I use Comodo firewall, It can identify those actions) normally, windows have a single SVChost.exe running always. Please let me know if I am wrong
– Prasad RD
Apr 25 '12 at 10:42
add a comment |
up vote
14
down vote
accepted
They got access because you had Remote Desktop enabled for some reason. You could do similar under Windows.
For security, no matter what OS you are running, do not allow incoming connections unless you know how to secure them, and then only allowing unprivileged usage limited to only those functions you need remote users to have.
svchost.exe is associated with a number of threats so your intruder may have been looking at popping it onto your machine. Of course it is a Windows executable so that wouldn't have impacted you on this Ubuntu box.
answered May 9 '11 at 16:27
Rory Alsop
2,4732031
What will happen If he already installed wine ?
– Tachyons
Apr 25 '12 at 8:05
Isn't it called scvhost? i never heard about svcnost. as I know svchost.exe is a service layer script and can connect with any type of network without informing the user(that's why I use Comodo firewall, It can identify those actions) normally, windows have a single SVChost.exe running always. Please let me know if I am wrong
– Prasad RD
Apr 25 '12 at 10:42
add a comment |
up vote
14
down vote
accepted
up vote
14
down vote
accepted
They got access because you had Remote Desktop enabled for some reason. You could do similar under Windows.
For security, no matter what OS you are running, do not allow incoming connections unless you know how to secure them, and then only allowing unprivileged usage limited to only those functions you need remote users to have.
svchost.exe is associated with a number of threats so your intruder may have been looking at popping it onto your machine. Of course it is a Windows executable so that wouldn't have impacted you on this Ubuntu box.
answered May 9 '11 at 16:27
Rory Alsop
2,4732031
They got access because you had Remote Desktop enabled for some reason. You could do similar under Windows.
For security, no matter what OS you are running, do not allow incoming connections unless you know how to secure them, and then only allowing unprivileged usage limited to only those functions you need remote users to have.
svchost.exe is associated with a number of threats so your intruder may have been looking at popping it onto your machine. Of course it is a Windows executable so that wouldn't have impacted you on this Ubuntu box.
answered May 9 '11 at 16:27
Rory Alsop
2,4732031
edited Nov 30 at 14:40
answered May 9 '11 at 16:27
Rory Alsop
2,4732031
answered May 9 '11 at 16:27
Rory Alsop
2,4732031
answered May 9 '11 at 16:27
Rory Alsop
2,4732031
2,4732031
What will happen If he already installed wine ?
– Tachyons
Apr 25 '12 at 8:05
Isn't it called scvhost? i never heard about svcnost. as I know svchost.exe is a service layer script and can connect with any type of network without informing the user(that's why I use Comodo firewall, It can identify those actions) normally, windows have a single SVChost.exe running always. Please let me know if I am wrong
– Prasad RD
Apr 25 '12 at 10:42
add a comment |
What will happen If he already installed wine ?
– Tachyons
Apr 25 '12 at 8:05
Isn't it called scvhost? i never heard about svcnost. as I know svchost.exe is a service layer script and can connect with any type of network without informing the user(that's why I use Comodo firewall, It can identify those actions) normally, windows have a single SVChost.exe running always. Please let me know if I am wrong
– Prasad RD
Apr 25 '12 at 10:42
What will happen If he already installed wine ?
– Tachyons
Apr 25 '12 at 8:05
What will happen If he already installed wine ?
– Tachyons
Apr 25 '12 at 8:05
Isn't it called scvhost? i never heard about svcnost. as I know svchost.exe is a service layer script and can connect with any type of network without informing the user(that's why I use Comodo firewall, It can identify those actions) normally, windows have a single SVChost.exe running always. Please let me know if I am wrong
– Prasad RD
Apr 25 '12 at 10:42
Isn't it called scvhost? i never heard about svcnost. as I know svchost.exe is a service layer script and can connect with any type of network without informing the user(that's why I use Comodo firewall, It can identify those actions) normally, windows have a single SVChost.exe running always. Please let me know if I am wrong
– Prasad RD
Apr 25 '12 at 10:42
add a comment |
up vote
12
down vote
As you can see from your screenshot, you have explicitly allowed unconfirmed, passwordless login. All desktop sharing is disabled by default, and if you enable it, you must confirm each connection. As you unmarked the confirmation box, you granted access for all.
Security measures only works when they are enabled. The same would have happened if you granted access for all on a Windows box.
answered May 9 '11 at 16:28
Egil
10.5k23346
add a comment |
up vote
12
down vote
As you can see from your screenshot, you have explicitly allowed unconfirmed, passwordless login. All desktop sharing is disabled by default, and if you enable it, you must confirm each connection. As you unmarked the confirmation box, you granted access for all.
Security measures only works when they are enabled. The same would have happened if you granted access for all on a Windows box.
answered May 9 '11 at 16:28
Egil
10.5k23346
add a comment |
up vote
12
down vote
up vote
12
down vote
As you can see from your screenshot, you have explicitly allowed unconfirmed, passwordless login. All desktop sharing is disabled by default, and if you enable it, you must confirm each connection. As you unmarked the confirmation box, you granted access for all.
Security measures only works when they are enabled. The same would have happened if you granted access for all on a Windows box.
answered May 9 '11 at 16:28
Egil
10.5k23346
As you can see from your screenshot, you have explicitly allowed unconfirmed, passwordless login. All desktop sharing is disabled by default, and if you enable it, you must confirm each connection. As you unmarked the confirmation box, you granted access for all.
Security measures only works when they are enabled. The same would have happened if you granted access for all on a Windows box.
answered May 9 '11 at 16:28
Egil
10.5k23346
answered May 9 '11 at 16:28
Egil
10.5k23346
answered May 9 '11 at 16:28
Egil
10.5k23346
answered May 9 '11 at 16:28
Egil
10.5k23346
10.5k23346
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f41537%2fsomeone-just-remotely-entered-my-computer-and-start-googling-for-things-how%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Check your wireless settings and if you do not have any security enabled for it then set it to WPA2
– scouser73
May 9 '11 at 16:18
2
Why would you allow other users to control your desktop anyway, it's basically begging for trouble.
– scouser73
May 9 '11 at 16:20
@scouser73 Being on a well-secured wireless network doesn't protect you from others on the network (who you don't necessarily want to allow to remotely administer your computer just because you're on the same WLAN as them!). And being on an open wireless network does not expose you to this problem unless Remote Desktop is configured very insecurely, as is the case here. Changing wireless settings is often not a good solution, but your second comment (about how it's a bad idea to configure Remote Desktop like this) is spot-on.
– Eliah Kagan
Sep 1 '12 at 12:19