I think I'm hacked

[mfaridi]

I install Aide from ports . yesterday and make databases , and run it yesterday , everything was good , but when I run this command

aide --check

I see this

AIDE found differences between database and filesystem!!
Start timestamp: 2010-04-19 12:44:50

Summary:
  Total number of files:	219299
  Added files:			0
  Removed files:		0
  Changed files:		5


---------------------------------------------------
Changed files:
---------------------------------------------------

changed: /root/.mc
changed: /root/.mc/panels.ini
changed: /root/.mc/ini
changed: /root/.mc/Tree
changed: /root/.mc/filepos

--------------------------------------------------
Detailed information about changes:
---------------------------------------------------


Directory: /root/.mc
  Mtime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  Ctime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11

File: /root/.mc/panels.ini
  Size     : 720                              , 716
  Mtime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  Ctime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  MD5      : HYzhaEL8wsk8vR5KpywfKg==         , 41HuxvS4fxZw+CBIkajktQ==

File: /root/.mc/ini
  Mtime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  Ctime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11

File: /root/.mc/Tree
  Mtime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11
  Ctime    : 2010-04-15 17:33:31              , 2010-04-19 12:44:11

File: /root/.mc/filepos
  Mtime    : 2010-04-11 18:16:01              , 2010-04-19 12:44:11
  Ctime    : 2010-04-11 18:16:01              , 2010-04-19 12:44:11
/var/db/aide #

Do I can understand I hacked ?
I do not have firewall , and I use

FreeBSD mfaridi.com 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Fri Oct  2 08:22:32 UTC 2009     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
na

my mc is modified , but I do not modify it .

 

[DutchDaemon]

The last thing a hacker would be interested in is hacking your .mc files. It was probably altered by mc itself because you changed an option or resized something. Some files change, you know ... please don't panic if /var/log/messages disappears and is replaced by a new one...

 

[Ruler2112]

I agree with DD on the results you posted - nothing there to suggest anything abnormal going on. It's normal system operation for files to change; the key to knowing what's bad is interpreting which ones have changed.

However, it's only a matter of time IMO if you don't get a firewall up. Putting a system on the internet with no firewall is asking for it. I recommend pf; relatively simple to set up, there's a lot of documentation, and it's very powerful.

 

[SirDice]

However, it's only a matter of time IMO if you don't get a firewall up. Putting a system on the internet with no firewall is asking for it.

Not really. If there are no services listening on the Internet faced interfaces there's nothing to connect to. If there's nothing to connect to there's nothing to hack.

I recommend pf; relatively simple to set up, there's a lot of documentation, and it's very powerful.

With this I agree :e

 

[prex4real]

Ok anybody here know a real hacker?

 

[DutchDaemon]

Ok anybody here know a real hacker?

State your purpose? The only type of 'hacking' the FreeBSD community supports is kernel/OS hacking, in the sense of 'enhancing its functionality/security'. If you're thinking blackhat-type hacking, you best be on your merry way.

 

[mk]

mustafa put next time small "am" right next to "I" so you can emphasis that you are hacked. instead i am reading this as you succeed in hacking a machine or something

 

[sk8harddiefast]

I am against blackhat-type hacking. I want to know that i have the knowledge to do it, but never do it!