this post was submitted on 04 Sep 2025
59 points (96.8% liked)

Linux

9310 readers
393 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
59
Hacked PC - random sounds playing (sh.itjust.works)
submitted 3 days ago by LOLseas@sh.itjust.works to c/linux@programming.dev
68 comments fedilink hide all child comments
 

My fellow penguins,

I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory's "Where Is My Mind" has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike's Dad saying, "Ike, we are sick of you talking about ghosts!"

It's getting old now.

I feel like these sounds should be grepable in some log somewhere, but I'm a neophyte to this. I've done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later.

Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold.

Thank you in advance. LOLseas

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Sickday@kbin.earth 4 points 3 days ago (1 children)

If you're confident that your system is compromised and it persists beyond re-installations, you can try to reduce the attack surface by switching up your setup a bit.

  1. Try installing something like OpenBSD or FreeBSD if your hardware is supported. Software made for Linux often doesn't even work on BSD flavors unless it's recompiled specifically for those Operating Systems. Another alternative would be Alpine Linux. Software that relies on glibc often doesn't work on Alpine thanks to musl.

  2. If your network has been compromised, consider looking into your router's settings. If you can, try to setup OPNSense so you have better control and visibility over network traffic. You can setup some pretty extensive firewall rules, and if you're savvy with pf you can really go all out. Alternatively, you can setup an app like Wireshark to take a look at what ingress and egress traffic looks like for your device.

None of this has to be permanent unless you're comfortable with a different setup. Hackers will eventually get bored and move on. You just need to outlast them with a setup they can't do much with.

[โ€“] LOLseas@sh.itjust.works 3 points 3 days ago

I am a networking neophyte. Though I bought a Netgate 1100 appliance (pfSense supported). I want to get it up and running, just want to solve the PC problem first.

I've done a few nMaps and saw lots of connections I didn't recognize. I had a large WireShark pcap I was ferreting around in, but like I said, I don't know enough to do it justice. I went downthre rabbit hole and before long I was considering Suricata as an IDS/IPS. I felt like I was reachjng a bit far, when up till now it's localized to the PC and maybe (idk) the ISP router.