On 4/18/23 06:43, Jesper Dybdal wrote:
On 2023-04-16 14:19, I wrote:
...
And there in the bash history were 4 lines that I had not written :-(
To summarize:
* Greg has convincingly argued that there is no way for the running
shell to get those lines into its history, other than by issuing them
over the ssh connection.
* We can therefore assume that the problem originated at the Windows
machine (the ssh client).
* It seems that an intruder has had control over the Windows machine,
including the ssh session, and thus, at least in principle, could
have done harm also to the Linux machine.
* There is, however, no sign of an infection of the Linux machine.
And the 4 lines do not suggest that whoever issued them knows what
he's doing.
* So I am going to assume that the Linux machine is ok.
* The Windows machine could be infected with something that allows
remote control.
* So I should probably reinstall the Windows machine from scratch -
or perhaps restore a really old backup (I have one from July 2022,
one from 2020, and one taken shortly after the original install in
2016).
Many thanks to everybody who answered!
Jesper
I do not believe the analysis is complete -- I never saw an answer to
the following question (?); it is important:
On 4/17/23 21:42, David Wright wrote:
> OK, you wrote that you "pressed up-arrow a few times. And there in the
> bash history were 4 lines …". If those 4 lines were not the first
> things to appear when you pressed up-arrow, then I would assume that
> the commands you typed/just/ before you went out with the dog were
> the first lines to appear, and then your 4 lines after more up-arrows.
>