Weird, Concerning Experience!

Post your general questions or comments about GhostBSD here!
mdiemer
Posts: 23
Joined: Sun Jan 20, 2019 4:55 pm
Has thanked: 1 time
Been thanked: 2 times

Re: Weird, Concerning Experience!

Post by mdiemer » Thu Jan 31, 2019 12:29 am

The new commands worked. Here's their output:


# ee /var/log/auth.log
^[ (escape) menu ^y search prompt ^k delete line ^p prev li ^g prev page
^o ascii code ^x search ^l undelete line ^n next li ^v next page
^u end of file ^a begin of line ^w delete word ^b back 1 char ^z next word
^t top of text ^e end of line ^r restore word ^f forward char
^c command ^d delete char ^j undelete char ESC-Enter: exit
=====line 1 col 0 lines from top 1 ============================================
Jan 20 23:03:19 newsyslog[11409]: logfile first created
Jan 20 23:03:25 polkitd[93954]: Loading rules from directory /usr/local/etc/pol
Jan 20 23:03:25 polkitd[93954]: Loading rules from directory /usr/local/share/p
Jan 20 23:03:25 polkitd[93954]: Finished loading, compiling and executing 3 rul
Jan 20 23:03:25 polkitd[93954]: Acquired the name org.freedesktop.PolicyKit1 on
Jan 20 23:04:20 gnome-keyring-daemon[95065]: The Secret Service was already ini
Jan 20 23:04:21 gnome-keyring-daemon[95065]: The PKCS#11 component was already
Jan 20 23:04:21 gnome-keyring-daemon[95065]: The SSH agent was already initiali
Jan 20 23:04:21 polkitd[93954]: Registered Authentication Agent for unix-sessio
Jan 20 23:04:25 doas[12287]: michael ran command mkdir -p /var/db/update-statio
Jan 20 23:04:25 doas[12679]: michael ran command chmod -R 665 /var/db/update-st
Jan 20 23:04:25 doas[12881]: michael ran command netcardmgr as root from /usr/h
Jan 20 23:04:27 doas[14533]: root ran command service network stop as root from
Jan 20 23:04:30 doas[70264]: root ran command service network start as root fro
Jan 20 23:04:34 doas[7559]: root ran command service dhcpcd.msk0 restart as roo
Jan 20 23:14:06 doas[70216]: michael ran command fbsdpkgupdate check as root fr
Jan 20 23:14:19 sudo[74905]: michael : TTY=unknown ; PWD=/usr/home/michael ; U

^[ (escape) menu ^y search prompt ^k delete line ^p prev li ^g prev page
^o ascii code ^x search ^l undelete line ^n next li ^v next page
^u end of file ^a begin of line ^w delete word ^b back 1 char ^z next word
^t top of text ^e end of line ^r restore word ^f forward char
^c command ^d delete char ^j undelete char ESC-Enter: exit


^[ (escape) menu ^y search prompt ^k delete line ^p prev li ^g prev page
^o ascii code ^x search ^l undelete line ^n next li ^v next page
^u end of file ^a begin of line ^w delete word ^b back 1 char ^z next word
^t top of text ^e end of line ^r restore word ^f forward char
^c command ^d delete char ^j undelete char ESC-Enter: exit
=====line 1 col 0 lines from top 1 ============================================
Jan 20 23:03:19 newsyslog[11409]: logfile first created
Jan 20 23:03:25 polkitd[93954]: Loading rules from directory /usr/local/etc/polkit-1/rules.d
Jan 20 23:03:25 polkitd[93954]: Loading rules from directory /usr/local/share/polkit-1/rules.d
Jan 20 23:03:25 polkitd[93954]: Finished loading, compiling and executing 3 rules
Jan 20 23:03:25 polkitd[93954]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Jan 20 23:04:20 gnome-keyring-daemon[95065]: The Secret Service was already initialized
Jan 20 23:04:21 gnome-keyring-daemon[95065]: The PKCS#11 component was already initialized
Jan 20 23:04:21 gnome-keyring-daemon[95065]: The SSH agent was already initialized
Jan 20 23:04:21 polkitd[93954]: Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.18 [<unknown>], object path /org/mate/PolicyKit1/Au
Jan 20 23:04:25 doas[12287]: michael ran command mkdir -p /var/db/update-station/ as root from /usr/home/michael
Jan 20 23:04:25 doas[12679]: michael ran command chmod -R 665 /var/db/update-station/ as root from /usr/home/michael
Jan 20 23:04:25 doas[12881]: michael ran command netcardmgr as root from /usr/home/michael
Jan 20 23:04:27 doas[14533]: root ran command service network stop as root from /usr/home/michael
Jan 20 23:04:30 doas[70264]: root ran command service network start as root from /usr/home/michael
Jan 20 23:04:34 doas[7559]: root ran command service dhcpcd.msk0 restart as root from /usr/home/michael
Jan 20 23:14:06 doas[70216]: michael ran command fbsdpkgupdate check as root from /usr/home/michael
Jan 20 23:14:19 sudo[74905]: michael : TTY=unknown ; PWD=/usr/home/michael ; USER=root ; COMMAND=/usr/local/bin/software-station
Jan 20 23:15:06 sudo[89237]: michael : TTY=unknown ; PWD=/usr/home/michael ; USER=root ; COMMAND=/usr/local/bin/software-station
Jan 20 23:19:07 su[84792]: michael to root on /dev/pts/2
Jan 20 23:23:11 polkitd[93954]: Unregistered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.18, object path /org/mate/PolicyKit1/Authenticati
Jan 20 23:23:13 shutdown[44447]: reboot by root:
Jan 20 23:23:14 polkitd[93954]: Lost the name org.freedesktop.PolicyKit1 - exiting
Jan 20 23:24:38 polkitd[41398]: Loading rules from directory /usr/local/etc/polkit-1/rules.d
Jan 20 23:24:38 polkitd[41398]: Loading rules from directory /usr/local/share/polkit-1/rules.d
Jan 20 23:24:38 polkitd[41398]: Finished loading, compiling and executing 3 rules
Jan 20 23:24:38 polkitd[41398]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Jan 20 23:25:02 gnome-keyring-daemon[35991]: The Secret Service was already initialized
Jan 20 23:25:03 gnome-keyring-daemon[35991]: The PKCS#11 component was already initialized
Jan 20 23:25:03 gnome-keyring-daemon[35991]: The SSH agent was already initialized
Jan 20 23:25:03 polkitd[41398]: Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.19 [<unknown>], object path /org/mate/PolicyKit1/Au
Jan 20 23:45:08 doas[47083]: michael ran command fbsdpkgupdate check as root from /usr/home/michael
Jan 20 23:49:45 sudo[13049]: michael : TTY=unknown ; PWD=/usr/home/michael ; USER=root ; COMMAND=/usr/local/bin/software-station
Jan 20 23:49:57 sudo[16897]: michael : TTY=unknown ; PWD=/usr/home/michael ; USER=root ; COMMAND=/usr/local/bin/software-station
Jan 21 00:05:16 michael doas[72631]: michael ran command fbsdpkgupdate check as root from /usr/home/michael
Jan 21 00:11:18 michael su[70113]: michael to root on /dev/pts/2
Jan 21 00:12:30 michael sudo[5490]: michael : TTY=unknown ; PWD=/usr/home/michael ; USER=root ; COMMAND=/usr/local/bin/software-station
Jan 21 00:16:18 michael su[63125]: michael to root on /dev/pts/3


# ee /var/log/userlog
^[ (escape) menu ^y search prompt ^k delete line ^p prev li ^g prev page
^o ascii code ^x search ^l undelete line ^n next li ^v next page
^u end of file ^a begin of line ^w delete word ^b back 1 char ^z next word
^t top of text ^e end of line ^r restore word ^f forward char
^c command ^d delete char ^j undelete char ESC-Enter: exit
=====line 1 col 0 lines from top 1 ============================================
2018-12-21 19:42:45 [root:groupadd] _tss(601)
2018-12-21 19:42:45 [root:useradd] _tss(601):_tss(601):TrouSerS user:/var/empty:
2018-12-21 19:42:48 [root:groupadd] messagebus(556)
2018-12-21 19:42:48 [root:useradd] messagebus(556):messagebus(556):D-BUS Daemon
2018-12-21 19:43:02 [root:groupadd] polkitd(565)
2018-12-21 19:43:02 [root:useradd] polkitd(565):polkitd(565):Polkit Daemon User:
2018-12-21 19:43:04 [root:groupadd] avahi(558)
2018-12-21 19:43:04 [root:useradd] avahi(558):avahi(558):Avahi Daemon User:/none
2018-12-21 19:43:05 [root:groupadd] cups(193)
2018-12-21 19:43:05 [root:useradd] cups(193):cups(193):Cups Owner:/nonexistent:/
2018-12-21 19:43:07 [root:groupadd] colord(970)
2018-12-21 19:43:07 [root:useradd] colord(970):colord(970):colord color manageme
2018-12-21 19:43:11 [root:groupadd] polkit(562)
2018-12-21 19:43:11 [root:useradd] polkit(562):polkit(562):PolicyKit User:/nonex
2018-12-21 19:43:18 [root:groupadd] haldaemon(560)
2018-12-21 19:43:18 [root:useradd] haldaemon(560):haldaemon(560):HAL Daemon User
2018-12-21 19:44:01 [root:groupadd] webcamd(145)
file "/var/log/userlog", 43 lines

^[ (escape) menu ^y search prompt ^k delete line ^p prev li ^g prev page
^o ascii code ^x search ^l undelete line ^n next li ^v next page
^u end of file ^a begin of line ^w delete word ^b back 1 char ^z next word
^t top of text ^e end of line ^r restore word ^f forward char
^c command ^d delete char ^j undelete char ESC-Enter: exit
=====line 43 col 0 lines from top 43 ==========================================
2018-12-21 19:47:47 [root:usermod] ghostbsd(1001):wheel(0):GhostBSD Live User:/usr/home/ghostbsd:/bin/csh
2018-12-21 19:47:47 [root:groupadd] autologin(1001)
2018-12-21 19:47:47 [root:groupmod] autologin(1001)
2019-01-20 23:00:20 [root:useradd] michael(1002):wheel(0):michael:/home/michael:/usr/local/bin/fish
2019-01-20 23:00:20 [root:useradd] michael(1002) home /home/michael made
2019-01-20 23:00:21 [root:usermod] root(0):wheel(0):Charlie &:/root:/bin/csh
2019-01-20 23:00:23 [root:userdel] ghostbsd(1001) account removed
2019-01-20 23:59:34 [root:groupadd] mysql(88)
2019-01-20 23:59:34 [root:useradd] mysql(88):mysql(88):MySQL Daemon:/var/db/mysql:/usr/sbin/nologin
2019-01-21 00:00:10 [root:groupadd] cyrus(60)
2019-01-21 00:00:10 [root:useradd] cyrus(60):cyrus(60):the cyrus mail server:/nonexistent:/usr/sbin/nologin
2019-01-21 00:15:43 [root:groupadd] mpd(137)
2019-01-21 00:15:44 [root:useradd] mpd(137):mpd(137):MusicPD pseudo-user:/var/mpd:/usr/sbin/nologin
2019-01-22 22:35:39 [root:groupadd] saned(194)
2019-01-22 22:35:39 [root:useradd] saned(194):saned(194):SANE Scanner Daemon:/nonexistent:/bin/sh
2019-01-22 23:58:18 [michael:groupadd] _tor(256)
2019-01-22 23:58:18 [michael:useradd] _tor(256):_tor(256):Tor anonymizing router:/var/db/tor:/usr/sbin/nologin

I did not do any of these commands!

NevilleGoddard
Developer
Posts: 475
Joined: Thu Dec 22, 2016 10:30 pm
Location: Japan
Has thanked: 9 times
Been thanked: 10 times

Re: Weird, Concerning Experience!

Post by NevilleGoddard » Thu Jan 31, 2019 1:02 am

Thanks very much!!

NevilleGoddard
Developer
Posts: 475
Joined: Thu Dec 22, 2016 10:30 pm
Location: Japan
Has thanked: 9 times
Been thanked: 10 times

Re: Weird, Concerning Experience!

Post by NevilleGoddard » Thu Jan 31, 2019 8:21 am

mdiemer, sorry to bother you but, could you try one more command please?

sudo find / -ctime +7 ! -ctime +11 | xargs ls -la {} > /tmp/list.txt

however, those ctime values need to be adjusted based on the date you run that command. so that the first would be the number of days betwen now and Jan 23rd and the last would be the number of days between now and Jan 19th
Then please upload that file.

Also could you please tell us the version of GhostBSD (i.e. the number on the downloaded ISO) that you are using.

Members of the GhostBSD team are very interested in having a look at the hard drive. Would you be interested in sending it to us? There could potentially be very valuable information on the hard drive that could help us out a lot.

We would of course be willing to compensate you financially for your lost hard drive.

Sincerely, Neville

mdiemer
Posts: 23
Joined: Sun Jan 20, 2019 4:55 pm
Has thanked: 1 time
Been thanked: 2 times

Re: Weird, Concerning Experience!

Post by mdiemer » Thu Jan 31, 2019 2:40 pm

I'll run the commands. I'm assuming that if I do it today, the numbers you used would be correct (7 and 11), since you apparently based them on Jan 31, which is still the date for me as well.

As far as sending the hard drive, I would like to help. I'm a bit concerned,however. Right now all that is on it is Ghost BSD and maybe a document or two, plus a few mp3's. However, I have heard that it is possible to recover everything from a hard drive that has ever been on it. It has had various operating systems on it, both windows and linux. Further, my wife used that hard drive when we first got the computer, so potentially her info could be at risk.

I know the forum is just trying to help. But what if it fell into the wrong hands? I have nothing to hide, but could access to this physical drive open me up to potentially harmful activity?

mdiemer
Posts: 23
Joined: Sun Jan 20, 2019 4:55 pm
Has thanked: 1 time
Been thanked: 2 times

Re: Weird, Concerning Experience!

Post by mdiemer » Thu Jan 31, 2019 3:32 pm

New Output you requested:

Note: It takes me awhile to do this, as I run the command with Ghost BSD drive off line, then d/c that drive, connect a different one and proceed to copy the info to the forum. I use a thumb drive to go back and forth. So it takes a while.

Edit: My version of Ghost is 18.12, and I did do the recent large update before the incident occurred.

Welcome to fish, the friendly interactive shell
michael@michael /u/h/michael>
sudo find / -ctime +7 ! -ctime +11 | xargs ls -la {} > /tmp/list.txt
Password:
ls: {}: No such file or directory
ls: /tmp/libgksu-U7ddkh/.Xauthority: Permission denied
ls: /tmp/libgksu-U7ddkh/.Xauthority.tmp: Permission denied
ls: /var/audit/dist: Permission denied
ls: /var/audit/remote: Permission denied
ls: /var/cache/cups/ppds.dat: Permission denied
ls: /var/cache/cups/rss: Permission denied
ls: /var/db/sudo/lectured/michael: Permission denied
ls: /var/lib/polkit-1/localauthority: Permission denied
ls: /var/lib/polkit-1/localauthority/10-vendor.d: Permission denied
ls: /var/lib/polkit-1/localauthority/20-org.d: Permission denied
ls: /var/lib/polkit-1/localauthority/30-site.d: Permission denied
ls: /var/lib/polkit-1/localauthority/50-local.d: Permission denied
ls: /var/lib/polkit-1/localauthority/90-mandatory.d: Permission denied
ls: /var/spool/cups/tmp: Permission denied
ls: /tmp/libgksu-U7ddkh: Permission denied
ls: /var/audit: Permission denied
ls: /var/authpf: Permission denied
ls: /var/cron/tabs: Permission denied
ls: /var/db/freebsd-update: Permission denied
ls: /var/db/hyperv: Permission denied
ls: /var/db/ipf: Permission denied
ls: /var/db/ldap: Permission denied
ls: /var/db/mysql_secure: Permission denied
ls: /var/db/mysql_tmpdir: Permission denied
ls: /var/db/ntp: Permission denied
ls: /var/db/sudo: Permission denied
ls: /var/db/sudo/lectured: Permission denied
ls: /var/db/tor: Permission denied
ls: .: Permission denied
ls: ..: Permission denied
ls: /var/heimdal: Permission denied
ls: /var/log/tor: Permission denied
ls: /var/run/ppp: Permission denied
ls: /var/run/sudo: Permission denied
ls: /var/run/tor: Permission denied
ls: /var/run/tpm: Permission denied
ls: /var/spool/cups: Permission denied
ls: /var/spool/dma: Permission denied
ls: /var/spool/opielocks: Permission denied
ls: {}: No such file or directory
ls: /etc/ntp/leap-seconds: Permission denied
ls: /etc/ntp: Permission denied
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: /usr/local/etc/cups/ssl/michael.ghostbsd-pc.home.crt: Permission denied
ls: /usr/local/etc/cups/ssl/michael.ghostbsd-pc.home.key: Permission denied
ls: /usr/local/etc/polkit-1/localauthority/10-vendor.d: Permission denied
ls: /usr/local/etc/polkit-1/localauthority/10-vendor.d/10-desktopbsd-gnome-installed-policy.pkla: Permission denied
ls: /usr/local/etc/polkit-1/localauthority/20-org.d: Permission denied
ls: /usr/local/etc/polkit-1/localauthority/30-site.d: Permission denied
ls: /usr/local/etc/polkit-1/localauthority/50-local.d: Permission denied
ls: /usr/local/etc/polkit-1/localauthority/50-local.d/org.freedesktop.consolekit.pkla: Permission denied
ls: /usr/local/etc/polkit-1/localauthority/90-mandatory.d: Permission denied
ls: /usr/local/etc/polkit-1/rules.d/05-shutdown.rules: Permission denied
ls: /usr/local/etc/polkit-1/rules.d/50-default.rules: Permission denied
ls: /usr/local/etc/cups/ssl: Permission denied
ls: /usr/local/etc/mysql/keyring: Permission denied
ls: /usr/local/etc/polkit-1/localauthority: Permission denied
ls: /usr/local/etc/polkit-1/rules.d: Permission denied
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: (dev).tmpl: No such file or directory
ls: {}: No such file or directory
ls: /usr/local/lib/python2.7/site-packages/setuptools/command/launcher: No such file or directory
ls: /usr/local/lib/python2.7/site-packages/setuptools/script: No such file or directory
ls: manifest.xml: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: (dev).tmpl: No such file or directory
ls: {}: No such file or directory
ls: /usr/local/lib/python3.6/site-packages/setuptools/command/launcher: No such file or directory
ls: /usr/local/lib/python3.6/site-packages/setuptools/script: No such file or directory
ls: manifest.xml: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: /usr/local/share/doc/lcms2/LittleCMS2.9: No such file or directory
ls: /usr/local/share/doc/lcms2/LittleCMS2.9: No such file or directory
ls: /usr/local/share/doc/lcms2/LittleCMS2.9: No such file or directory
ls: API.pdf: No such file or directory
ls: API.pdf: No such file or directory
ls: Plugin: No such file or directory
ls: tutorial.pdf: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: (copy).svg: No such file or directory
ls: {}: No such file or directory
ls: /usr/local/share/icons/Vivacious-Colors/apps/scalable/steam_icon_200900: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: /usr/local/share/polkit-1/rules.d/org.gtk.vfs.file-operations.rules: Permission denied
ls: /usr/local/share/polkit-1/rules.d: Permission denied
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: /usr/local/var/db/tpm: Permission denied
ls: /usr/local/var/lib/tpm: Permission denied
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: -: No such file or directory
ls: -: No such file or directory
ls: -: No such file or directory
ls: -: No such file or directory
ls: {}: No such file or directory
ls: /usr/home/michael/.cache/akonadi_ical_resource_0/Personal: No such file or directory
ls: /usr/home/michael/.cache/vlc/art/artistalbum/Michael: No such file or directory
ls: /usr/home/michael/.cache/vlc/art/artistalbum/Michael: No such file or directory
ls: /usr/home/michael/.cache/vlc/art/artistalbum/Michael: No such file or directory
ls: /usr/home/michael/Music/1: No such file or directory
ls: /usr/home/michael/Music/2: No such file or directory
ls: /usr/home/michael/Music/3: No such file or directory
ls: /usr/home/michael/Music/4: No such file or directory
ls: /usr/home/michael/Music/Irony: No such file or directory
ls: /usr/home/michael/Music/Late: No such file or directory
ls: /usr/home/michael/Music/LRP: No such file or directory
ls: 1: No such file or directory
ls: 2: No such file or directory
ls: 3: No such file or directory
ls: 3: No such file or directory
ls: 4: No such file or directory
ls: A: No such file or directory
ls: A: No such file or directory
ls: A: No such file or directory
ls: A: No such file or directory
ls: Aphrodisian.mp3: No such file or directory
ls: Apollonian.mp3: No such file or directory
ls: Boughton: No such file or directory
ls: Boughton: No such file or directory
ls: Boughton: No such file or directory
ls: Boughton: No such file or directory
ls: Calendarrc: No such file or directory
ls: Dioemer: No such file or directory
ls: Dioemer/Two: No such file or directory
ls: Dioemer/Two: No such file or directory
ls: Dionysian.mp3: No such file or directory
ls: February.mp3: No such file or directory
ls: Folk: No such file or directory
ls: Folk: No such file or directory
ls: Folk: No such file or directory
ls: Folk: No such file or directory
ls: For: No such file or directory
ls: For: No such file or directory
ls: Greek: No such file or directory
ls: Greek: No such file or directory
ls: Greek: No such file or directory
ls: Greek: No such file or directory
ls: in: No such file or directory
ls: in: No such file or directory
ls: in: No such file or directory
ls: in: No such file or directory
ls: M.mp3: No such file or directory
ls: major: No such file or directory
ls: major: No such file or directory
ls: major: No such file or directory
ls: major: No such file or directory
ls: Moods: No such file or directory
ls: Moods: No such file or directory
ls: mp3.mp3: No such file or directory
ls: On: No such file or directory
ls: On: No such file or directory
ls: On: No such file or directory
ls: On: No such file or directory
ls: Orchestra: No such file or directory
ls: Orchestra/art: No such file or directory
ls: Quartet: No such file or directory
ls: Quartet: No such file or directory
ls: Quartet: No such file or directory
ls: Quartet: No such file or directory
ls: Sonar: No such file or directory
ls: String: No such file or directory
ls: String: No such file or directory
ls: String: No such file or directory
ls: String: No such file or directory
ls: Threnody.mp3: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
ls: {}: No such file or directory
find: /usr/home/michael/.gvfs: Operation not permitted
ls: .mpd_socket.sql: No such file or directory
ls: {}: No such file or directory
ls: /root/.config/gtk-2.0: Permission denied
ls: /root/.config/gtk-2.0/gtkfilechooser.ini: Permission denied
ls: /root/.dbus/session-bus: Permission denied
ls: /root/.gnome2/accels: Permission denied
ls: /root/.gnome2/accels/gnome-printer-view: Permission denied
ls: /usr/home/michael/.local/share/cantata/library/_usr_home_michael_: No such file or directory
ls: /usr/home/michael/.local/share/exaile/smart_playlists/Entire: No such file or directory
ls: /usr/home/michael/.local/share/exaile/smart_playlists/Random: No such file or directory
ls: /usr/home/michael/.local/share/exaile/smart_playlists/Random: No such file or directory
ls: /usr/home/michael/.local/share/exaile/smart_playlists/Random: No such file or directory
ls: /usr/home/michael/.local/share/exaile/smart_playlists/Rating: No such file or directory
ls: /usr/home/michael/.local/share/exaile/smart_playlists/Rating: No such file or directory
ls: /usr/home/michael/.thunderbird/n4opifaa.default/Mail/Local: No such file or directory
ls: /usr/home/michael/.thunderbird/n4opifaa.default/Mail/Local: No such file or directory
ls: /usr/home/michael/.thunderbird/n4opifaa.default/Mail/Local: No such file or directory
ls: /usr/home/michael/.thunderbird/n4opifaa.default/Mail/Local: No such file or directory
ls: /usr/home/michael/.thunderbird/n4opifaa.default/Mail/Local: No such file or directory
ls: %3e: No such file or directory
ls: %3e: No such file or directory
ls: 100.playlist: No such file or directory
ls: 3.playlist: No such file or directory
ls: 300.playlist: No such file or directory
ls: 4.playlist: No such file or directory
ls: 500.playlist: No such file or directory
ls: Folders: No such file or directory
ls: Folders/Trash: No such file or directory
ls: Folders/Trash.msf: No such file or directory
ls: Folders/Unsent: No such file or directory
ls: Folders/Unsent: No such file or directory
ls: Library.playlist: No such file or directory
ls: Messages: No such file or directory
ls: Messages.msf: No such file or directory
ls: /root/.cache: Permission denied
ls: /root/.config: Permission denied
ls: /root/.dbus: Permission denied
ls: /root/.gnome2: Permission denied
ls: /root/.gnome2_private: Permission denied
michael@michael /u/h/michael>

NevilleGoddard
Developer
Posts: 475
Joined: Thu Dec 22, 2016 10:30 pm
Location: Japan
Has thanked: 9 times
Been thanked: 10 times

Re: Weird, Concerning Experience!

Post by NevilleGoddard » Thu Jan 31, 2019 11:00 pm

Dear mdiemer
Thanks very much for the information.


About giving up the drive. I understand. Unfortunately we cannot help you much without the drive. If it happens again please record it with your phone so we can see what is going on.

Thanks very much again.

Neville

mdiemer
Posts: 23
Joined: Sun Jan 20, 2019 4:55 pm
Has thanked: 1 time
Been thanked: 2 times

Re: Weird, Concerning Experience!

Post by mdiemer » Thu Jan 31, 2019 11:05 pm

Thanks Neville, I appreciate the help. Do you think I should install the image I made of Ghost, which was before this all happened? I don't feel it's safe to use as it is, since the hacker may have compromised my system.

NevilleGoddard
Developer
Posts: 475
Joined: Thu Dec 22, 2016 10:30 pm
Location: Japan
Has thanked: 9 times
Been thanked: 10 times

Re: Weird, Concerning Experience!

Post by NevilleGoddard » Fri Feb 01, 2019 8:49 am

Definitely I would say your system has been compromised. I would definitely reinstall GhostBSD on that drive. If you're feeling adventurous you may want to try to reproduce what happened and record it this time if it's not too much trouble. :D
Reinstalling GhostBSD should fix the problem completely. If you really want to be safe, there is free software available called Darik's Boot and Nuke. You can find out about it here https://dban.org/ .
This software will pretty safely wipe your hard drive of all data. I've used it and it works well but it can be slow depending on what wipe options you choose.
Your best option would be talking to someone who knows more about this kind of thing than me. If you know someone personally that could check your drive and find out what happened that would be great.
You asked before if you thought it may have been flash causing the problem. If you want to find out if flash is installed on GhostBSD. type this command as normal user

pkg info flashplayer

if it's installed, you'll get output something like this:

flashplayer-32.0_1
Name : flashplayer
Version : 32.0_1
Installed on : Fri Jan 25 20:32:59 2019 JST
Origin : www/flashplayer
Architecture : FreeBSD:12:*
Prefix : /usr/local
Categories : multimedia www
Licenses :
Maintainer : emulation@FreeBSD.org
WWW : https://www.adobe.com/
Comment : Native wrapper around Linux Flash Player
Annotations :
repo_type : binary
repository : GhostBSD-ports
Flat size : 0.00B
Description :
Wrapper around Linux Flash Player that allows native browsers to display
Flash content.

WWW: https://www.adobe.com/


if it's not installed you'll get:
pkg: No package(s) matching flashplayer

If you decide to reinstall GhostBSD, please let us know what you think on the forums here or the Telegram channel

All the best

mdiemer
Posts: 23
Joined: Sun Jan 20, 2019 4:55 pm
Has thanked: 1 time
Been thanked: 2 times

Re: Weird, Concerning Experience!

Post by mdiemer » Fri Feb 01, 2019 1:39 pm

Thank you again Neville. I'll check to see if Flash was installed. I can't remember if if I tried to or not. But it is used on the forum in question, so that it may be possible for someone to exploit its vulnerabilities to gain access to someone's system. And I was on the forum when it happened. although I really don't know enough about this sort of thing to be certain. In any case, I have upgraded my router security and changed the network password.

Post Reply