Weird, Concerning Experience!

Post your general questions or comments about GhostBSD here!
NevilleGoddard
Developer
Posts: 475
Joined: Thu Dec 22, 2016 10:30 pm
Location: Japan
Has thanked: 9 times
Been thanked: 10 times

Re: Weird, Concerning Experience!

Post by NevilleGoddard » Wed Jan 30, 2019 8:28 am

hi, mdiemer
It would be a great help to us and you if you could mount the GhostBSD drive and send to this forum or to our Telegram channel the output from the following files:

/var/log/auth.log
/var/log/userlog

Also the output from the following commands:

last
history

If you provide your router IP and written permission, someone can run a suite of tests on your network.

Thank you!
Neville

User avatar
ericbsd
Developer
Posts: 1355
Joined: Mon Nov 19, 2012 7:54 pm
Has thanked: 34 times
Been thanked: 39 times

Re: Weird, Concerning Experience!

Post by ericbsd » Wed Jan 30, 2019 8:35 am

mdiemer wrote:
Wed Jan 30, 2019 12:55 am
I just realized, that forum uses Flash Player. Well known for vulnerabilities. I'm wondering if this is the culprit, the way they got in?
Flash Player is known for is vulnerabilities and I a still astonished that people still using it.

User avatar
ericbsd
Developer
Posts: 1355
Joined: Mon Nov 19, 2012 7:54 pm
Has thanked: 34 times
Been thanked: 39 times

Re: Weird, Concerning Experience!

Post by ericbsd » Wed Jan 30, 2019 8:37 am

have you installed Flash Player?

mdiemer
Posts: 23
Joined: Sun Jan 20, 2019 4:55 pm
Has thanked: 1 time
Been thanked: 2 times

Re: Weird, Concerning Experience!

Post by mdiemer » Wed Jan 30, 2019 1:49 pm

NevilleGoddard wrote:
Wed Jan 30, 2019 1:24 am
Flash is not installed in GhostBSD. Can you please give more details. Are you still running GhostBSD?
But the forum uses it.

mdiemer
Posts: 23
Joined: Sun Jan 20, 2019 4:55 pm
Has thanked: 1 time
Been thanked: 2 times

Re: Weird, Concerning Experience!

Post by mdiemer » Wed Jan 30, 2019 1:56 pm

I have disconnected the drive with Ghost. It freaked me out that someone was actually in my computer, making changes before my eyes. I have been afraid to reconnect it.

I don't believe I tried to install Flash, as I checked and found that it can't be installed on Ghost.

I plan to uninstall it on all my systems today. And hopefully talk my wife into letting me uninstall it on hers. I actually already had, since she runs way more videos than I do, but when she couldn't run something she got from a family member, she made me reinstall it. The only reason I used it is that the music forum's player uses it, but it's possible to present your music there in other ways.

At some point I will try to sens the info requested by Neville. I really like Ghost, and don't want to give up on it.

User avatar
ericbsd
Developer
Posts: 1355
Joined: Mon Nov 19, 2012 7:54 pm
Has thanked: 34 times
Been thanked: 39 times

Re: Weird, Concerning Experience!

Post by ericbsd » Wed Jan 30, 2019 3:09 pm

If you boot without internet plug there is nothing to be afraid. We need the file that NevilleGoddard and pkg info, rc-status and rc-update output will be useful also.

mdiemer
Posts: 23
Joined: Sun Jan 20, 2019 4:55 pm
Has thanked: 1 time
Been thanked: 2 times

Re: Weird, Concerning Experience!

Post by mdiemer » Wed Jan 30, 2019 6:04 pm

OK, here is the requested output. The first two commands came up "Permission Denied" (/var/log/auth.log
/var/log/userlog).


# last
michael unix:0.0 Wed Jan 30 16:36 still logged in
michael unix:0.0 Wed Jan 30 16:31 - 16:32 (00:00)
michael unix:0.0 Tue Jan 29 13:15 - 14:22 (01:07)
michael unix:0.0 Fri Jan 25 12:45 still logged in
michael unix:0.0 Thu Jan 24 20:53 still logged in
michael unix:0.0 Thu Jan 24 12:55 - 13:10 (00:14)
michael unix:0.0 Wed Jan 23 23:44 - 00:03 (00:19)
michael unix:0.0 Wed Jan 23 19:38 - 23:43 (04:04)
michael unix:0.0 Wed Jan 23 14:39 still logged in
michael unix:0.0 Wed Jan 23 14:33 - 14:37 (00:03)
michael unix:0.0 Wed Jan 23 12:43 - 14:31 (01:47)
michael unix:0.0 Tue Jan 22 23:33 - 00:06 (00:32)
michael unix:0.0 Tue Jan 22 18:22 - 23:31 (05:08)
michael unix:0.0 Tue Jan 22 16:59 still logged in
michael unix:0.0 Tue Jan 22 12:45 still logged in
michael unix:0.0 Mon Jan 21 22:02 - 22:45 (00:43)
michael unix:0.0 Mon Jan 21 15:21 - 16:18 (00:57)
michael unix:0.0 Mon Jan 21 15:09 still logged in
michael unix:0.0 Mon Jan 21 12:40 - 13:53 (01:12)
michael unix:0.0 Sun Jan 20 23:24 - 01:06 (01:41)
michael unix:0.0 Sun Jan 20 23:04 - 23:23 (00:18)

utx.log begins Sun Jan 20 23:04:14 EST 2019
# history
1 16:47 /var/log/auth.log
2 16:48 /var/log/userlog
3 16:48 sudo /var/log/auth.log
4 16:48 last
5 16:48 history
# \rc-status
Runlevel: default
dbus [ started 00:14:37 (0) ]
hald [ started ]
webcamd [ started ]
moused [ started ]
devfs [ started ]
netmount [ started ]
local [ started ]
cupsd [ started 00:14:36 (0) ]
xconfig [ crashed ]
slim [ started ]
Dynamic Runlevel: hotplugged
moused.ums0 [ started ]
moused.ums1 [ crashed ]
Dynamic Runlevel: needed/wanted
ldconfig [ started ]
var [ started ]
cleanvar [ started ]
tmp [ started ]
cleartmp [ started ]
Dynamic Runlevel: manual
# rc-update
abi | boot
adjkerntz | boot
bootmisc | boot
bridge | boot
cron | boot
cupsd | default
dbus | default
devd | boot
devfs | default
dmesg | boot
dumpon | boot
fsck | boot
hald | default
hostid | boot
hostname | boot
kldxref | boot
local | default nonetwork
localmount | boot
modules | boot
motd | boot
moused | default
netmount | default
network | boot
newsyslog | boot
root | boot
routing | boot
savecache | shutdown
savecore | boot
slim | default
staticroute | boot
swap | boot
syscons | boot
sysctl | boot
syslogd | boot
urandom | boot
webcamd | default
xconfig | default
zfs | boot
zvol | boot
These users thanked the author mdiemer for the post:
NevilleGoddard (Fri Feb 01, 2019 8:53 am)
Rating: 50%

NevilleGoddard
Developer
Posts: 475
Joined: Thu Dec 22, 2016 10:30 pm
Location: Japan
Has thanked: 9 times
Been thanked: 10 times

Re: Weird, Concerning Experience!

Post by NevilleGoddard » Wed Jan 30, 2019 11:24 pm

Thanks very much!

NevilleGoddard
Developer
Posts: 475
Joined: Thu Dec 22, 2016 10:30 pm
Location: Japan
Has thanked: 9 times
Been thanked: 10 times

Re: Weird, Concerning Experience!

Post by NevilleGoddard » Wed Jan 30, 2019 11:28 pm

Now for the rest of the information.
Run


ee /var/log/auth.log


ee /var/log/userlog

As root if necessary

And copy and paste the output to the forum

NevilleGoddard
Developer
Posts: 475
Joined: Thu Dec 22, 2016 10:30 pm
Location: Japan
Has thanked: 9 times
Been thanked: 10 times

Re: Weird, Concerning Experience!

Post by NevilleGoddard » Wed Jan 30, 2019 11:31 pm

By the way if you don't want the drive anymore someone is willing to pay for it. There will be no expense to you. We will analyse the drive to find out what happened..
Please consider this.
Thanks very much again.

Post Reply