unauthorized access

unauthorized access

[Josh]

Hello,
I am having a problem.  Someone in my workplace downloaded many files,
some porn onto my user directory.  I was framed for it, and eventually
the matter was settled but it is still not known who committed this act. 
I want to find out who was able to bypass permissions and save these
files into my directory.  I am sorry to say that my workplace uses a
windows system, so it couldn't just be "root"!  Are there any recommended
log generators that I can use to discreetly monitor if my account is
being accessed and where from.  Somehow the perpetrator was able to make
it seem as if I had logged on as someone else, but saved the files into
my directory. I know you guys can solve it, after all we are linux users!

Thanks for the help,
Josh

-- 
http://www.fastmail.fm - IMAP accessible web-mail

unauthorized access

[Josh]

Hello,
I am having a problem.  Someone in my workplace downloaded many files,
some porn onto my user directory.  I was framed for it, and eventually
the matter was settled but it is still not known who committed this act. 
I want to find out who was able to bypass permissions and save these
files into my directory.  I am sorry to say that my workplace uses a
windows system, so it couldn't just be "root"!  Are there any recommended
log generators that I can use to discreetly monitor if my account is
being accessed and where from.  Somehow the perpetrator was able to make
it seem as if I had logged on as someone else, but saved the files into
my directory. I know you guys can solve it, after all we are linux users!

Thanks for the help,
Josh

-- 
http://www.fastmail.fm - Access all of your messages and folders
                          wherever you are

Re: unauthorized access

[Viliam Kocinsky]

If i understud it correctly, you are using Windows station in your work.
Propably in your work are many Windows workstations all connected to LAN
with firewall and proxy to the Internet.

What could happened?
1.) you forgot to log off when you left your computer and somebody
misused your account (5 min is enough to copy file from CD to your
directory)

2.) somebody cracked your password and now has free access to your
account 

3.) somebody cracked system administrator password

4.) you have set write permision for everybody for your directory  

5.) you share your directory with full access with samba (sharing of
files)

6.) extra-terrestrials has cracked your computer, becouse you are
standing in their way - you must contact MIB

What can be checked?
1.) proxy log files (if and when this files have been downloaded) -
administrator must do it. If there is no entry for this files in proxy
log files, that mean, that files has not been downloaded from Internet.

2.) last modification of files and directory to find out the time of
this act. But this can be easyly changed.

3.) log files to see when you have been logen on, but you have not been
in work at that time (i don't know names and location of this log files)

To be sure, contact also MIB.



On Tue, 2004-05-11 at 23:14, Josh wrote:
> Hello,
> I am having a problem.  Someone in my workplace downloaded many files,
> some porn onto my user directory.  I was framed for it, and eventually
> the matter was settled but it is still not known who committed this act. 
> I want to find out who was able to bypass permissions and save these
> files into my directory.  I am sorry to say that my workplace uses a
> windows system, so it couldn't just be "root"!  Are there any recommended
> log generators that I can use to discreetly monitor if my account is
> being accessed and where from.  Somehow the perpetrator was able to make
> it seem as if I had logged on as someone else, but saved the files into
> my directory. I know you guys can solve it, after all we are linux users!
> 
> Thanks for the help,
> Josh