Hi all,
Hacked.jpg
Hi all,
It appears that somehow I've been hacked, despite my precautions on all systems
Here's my setup: Sophos UTM Home on a HP DL360 G5 server, Latest version of Ubuntu running as a file/media server on a HOP ML350 G5, and also running Apache; a Hackintosh, An iMac, and a Windows 8 PC.
Last night I noticed that my pings were unusually high while playing a round of COD with friends (I'm 47...). I rebooted and that did not correct the issue. My wife, on her iMac, said that she had nothing running, but while she rebooted, my pings were normal. Just a correlation thus far, no causation proved.
Looking at the morning report from my Sophos UTM, I see four odd entries (see attached image). The users should all be 192.168.x.*** addresses. Two of them are puck82x.startdedicated.com. Actually clicking on them gets this message
"It works!
This is the default web page for this server.
The web server software is running but no content has been added, yet"
and a geo-search on the IP says it's in Germany.
Note the last entry on the "Web Usage" column: 146.185.239.100. A search says that this is in Russia.
Lastly, under the "Top 10 Users By Traffic". I see "Webserver" as an entry.
Any thoughts or suggestions are sincerely appreciated.
This thread was automatically locked due to age.
