On Thu, Apr 04, 2019 at 11:42:15AM +0000, Cord wrote: > > > > Sent with ProtonMail Secure Email. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Thursday, April 4, 2019 12:27 PM, Normen Wohner <nor...@wohner.eu> wrote: > > > Seeing that OpenBSD comes secure out of the Box the most likely > > thing is that you yourself compromised your System through 3rd > > party software. If it even is the case. I think the best course of > > action would be to go for a forensic approach. Google how to log ssh > > traffic and where to find the logs. Then confirm your remote access > > actually happens. If so you should determine what software exposed > > you. VPN, Some Web Service, Your own stupidity? If you really use > > ssh keys instead of password login then someone had to be able > > to access those, usually outside of transfer. So most likely your > > work device is compromised and your OpenBSD server is just a > > casualty. > > > > Maybe my description is not very clear. > I try to explain again.
Hi, I don't understand the whole story. > internet because I often use untrusted wifis. At this point, after 1 > month I have started to suspect a break in because private message > seem to be know from others. What are "private messages", mails? Who are the "others"? What makes you think the "others" know your messages? > I started to search a rootkit and I found > signs of hacking in ssh connection of my vps. I mean, a tor exit node > was connected to the ssh vps with my ssh key. How did you figure out this? Could you paste the commands you used to find someone did connect to the VPS with your SSH key, and how you figured out it was using a tor node? > Then, because my key was > been exfiltrated then my desktop was been hacked What make you think your desktop has been hacked? Do you run sshd on it, allowing the ssh key which is said stolen? > But I repeat the > problem is not the server (vps). The problem is the desktop and how > the key was been exfiltrated. Then I deleted everything (also the vps) > and I reinstalled openbsd on my desktop, I changed vpn provider and I > started to use chrome+unveil, again private message seem known from > other... I search again and I found webmail session opened but I am > sure I have logout everytime. On which computer did you find the webmail session opened, on your desktop? That would be a really weird hack, to use your webmail locally with a tab opened on display :1
