Announcement

Collapse
No announcement yet.

[SOLVED] KRDC Desktop Sharing Hacked??

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [SOLVED] KRDC Desktop Sharing Hacked??


    I am a bit new to Linux and installed Kubuntu a few days ago. In the process, I enabled Desktop Sharing. I opened the ports on my router to allow connections from the outside. However, I made sure to set a password (and it was a strong one). I set it to allow uninvited connections. I did this so I could access my PC remotely. This was only going to be temporary until I setup a more secure solution.

    Anyways, I woke up this morning and noticed the KRDC icon in my system tray was lit up (meaning someone was connected) and my system was running slower than normal. I hovered over the icon and it said there was a connection from an IP I did not know. I did a WHOIS search and discovered it belonged to an ISP in Korea. Obviously this wasn't anyone I knew. I have since disabled remote connections and am typing this from a different computer.

    My questions are:

    1. Does the KRDC icon light up if someone is TRYING to authenticate, or only when someone has SUCCESSFULLY connected?

    2. Seeing as how I had a presumably secure password (over 13 characters long with upper, lower, numbers, and symbols) how would this be circumvented?

    3. If someone did indeed succeed in infiltrating my system, what steps should I take next?

    Thank you in advance for any help and advice.

    #2
    Re: KRDC Desktop Sharing Hacked??

    You should look in your logs to see if they got in. I am not sure where this will be logged. If it were ssh or
    login it would show up in /var/log/syslog and /var/log/auth.log. You should definitely look there. Youcan use Applications-> System-> System Log Viewer or

    sudo less /var/log/auth.log

    You should also try

    sudo last

    If they got in you should reinstall. If they were good you will spend a long time learning enough to clean it up.

    Comment


      #3
      Re: KRDC Desktop Sharing Hacked??

      Thanks for the reply. I checked the logs and noticed nothing out of the ordinary. I will continue to look through /var/log to see if there is a KDRC log anywhere. I think I am going to reinstall. Do you know of a more secure alternative to KDRC for remote desktop viewing? Thanks.

      Comment


        #4
        Re: KRDC Desktop Sharing Hacked??

        OK, I just found out the solution and cause for this.

        There is a bug per se in KDRC that makes the icon light up even if someone isn't successfully authenticated.

        To test this out, I used my wife's laptop and installed VNC. I connected to my computer without putting in the password and the icon lit up saying that it had authenticated. However, when I put in a bad password and got an authentication failure, the icon remained lit. Even if I put in the correct password and connect, then disconnect the icon remains lit.

        A bug for sure, but I'd rather have a bug than a hacked computer. I will be changing the port and looking into more secure remote desktop options. Thanks again for the help!

        Comment


          #5
          Re: KRDC Desktop Sharing Hacked??

          You might want to look into ssh tunneling of VNC.

          Comment


            #6
            Re: KRDC Desktop Sharing Hacked??


            You could also try FreeNX. There's a good article about setting it up here:

            http://www.linux.com/feature/119446

            Comment


              #7
              Re: KRDC Desktop Sharing Hacked??

              Originally posted by marek_online

              You could also try FreeNX. There's a good article about setting it up here:

              http://www.linux.com/feature/119446
              That seems interesting. I'll check it out. Thanks for the link!

              Comment

              Working...
              X