guest-kpjg0a:x:999:999:Guest:/tmp/guest-kpjg0a:/bin/bash
I have checked /etc/passwd, then here it is. Am I hacked? Yes, I am hacked.
Asked
Active
Viewed 227 times
0
-
I first thought of this question, but the entry you show does not seem to have been generated by the guest session feature. – Gunnar Hjalmarsson Mar 02 '18 at 16:00
-
I normally auto-login by my account. Several days ago all of sudden Ubuntu started to ask password for logging in. Then I restarted the system to auto-login cause I was worried to type password that was not expected. Somebody says /bin/bash is generated when I login. I have once accidentally clicked login as a guest user. I don't know why the guest user is appeared to be there. There has been no guest user normally. – Smile Mar 02 '18 at 16:16
-
Please disregard my first comment. I just entered a guest session on my 16.04, and the entries look like that nowadays. (It was the user id which confused me.) So it's most certainly a trace from when you entered a guest session yourself. Just follow the advice in the accepted answer of the duplicate question and move on. :) – Gunnar Hjalmarsson Mar 02 '18 at 16:37
-
I have been thinking about it. The conclusion is that I was hacked. I don't think the guest account is generated automatically and stay there every time I log in and disturbing me auto-login. Around that time, there was my router update. It is not clue normally, but there was many update after one another. Finally, my windows' password program has one more id and password for my router that I found out. I think hackers have the tool for manipulating the router driver itself. We try to protect password and ip, but this hacker has the ability to hack the driver itself. – Smile Mar 04 '18 at 01:47
-
I have the experience being hacked. I'm not expertise on ubuntu system and computer world, but I know what it is when I attacked. When you are attacked by some organization with bad purpose, you get a little things that is not normal, but you might ignore. But, there are those things a lot. First time, you don't know what it is. Next time you will know it is the same feeling and happenings. And, some people come to you saying "It is not hacking, those things can happen.". – Smile Mar 04 '18 at 01:51
2 Answers
0
There's probably nothing to worry about, this looks like a temporary guest account. They are normally removed upon logging out. Malware is unlikely in my opinion, but can't be ruled out without more information.
shaggyrogers
- 34
0
If you are concerned, you can check out your logs to see what that user has been up to (/var/log/auth.log, etc...) as well as verify the groups/permissions it has (id ).
Finally I was verify any network weirdness like outbound connections (netstat -nap)
Anything amiss and I would blow it away.