Did I get hacked?



  • Well, I'm surfing along and when all of a sudden my cdrom drive pops open.  Is it possible that someone hacked in to my pfsense?  I freaked out and pulled everything and shutdown the server.  Before doing that, I looked at my snort, it was still running.  The only ports open are  openvpn related.  I would like to go back to using pfsense if I can get piece of mind.  Thanks.



  • I think it's more likely that you clicked some bad link or downloaded some shit than someone hacking PFsense and then hacking your computer through PFsense. Although it sounds strange that someone or something would get into your computer just to open the CD-ROM Tray. Maybe it was just some bug in the OS.



  • haha  If that wasn't some application gone nuts and actually was indicative of some kind of "hack"/malware/virus, it certainly wouldn't have come via a compromise of your firewall. The entire point of virtually all malware today is to stay hidden, not be stupid and open your CD-ROM, as they want to either record your keystrokes and steal your account logins, or use your machine as a DDoS bot or spam relay or similar, etc. Hence I very seriously doubt if that was malware.



  • The intriguing part of this is that I didn't have any computers on except a few Android phones and one iphone.  None of which were rooted. I have rules that the only access is the firewall is via my laptop; all other computers are limited to dns request.  I did click a news article from my Android phone when the tray opened so I have to lean toward matumbo's explanation but I do agree with cmb as for the major of malware.  I do find it strange too.  So the conclusion is that it may not be malware and may be some bug.

    It's nice to keep me grounded and not think the whole world is against me.  I just a guy trying to keep the family safe.  Thanks for your replies.


  • Netgate Administrator

    I think I misunderstood this first time round. So the tray opened on your pfSense machine?

    I agree with what's already been said, no hacker or malware wants to draw attention to themselves, opening the CD tray would be a stupid move. In fact last time I checked the command to open the tray, cdcontrol, wasn't included in pfSense anyway.

    Steve



  • I have the same problem.  It doesn't appear to be a hack, but rather an intermittent issue with hardware or bug in pfSense.

    I have a Dell OptiPlex GX150 SFF that keeps popping open the laptop-style tray at random intervals.  I had this issue in pfSense 2.0 RC3 something or other and it went away after I powered down to replace a bad CPU fan.  Since then, everything was fine until after a reboot for the 2.0.2 update.  Now the tray pops open at random intervals again.

    I'm not planning on powering down pfSense to fix a stupid issue like this, but I'll keep an eye on things next time I have to bring it down.



  • Did you web search?  Seems like I heard or read something about drives opening inadvertently but don't recall for sure.  Don't think it was anything to worry about though.


  • Rebel Alliance Developer Netgate

    Anyone else remember COKEGIFT.EXE?  ;D



  • @jimp:

    Anyone else remember COKEGIFT.EXE?  ;D

    Yes, in fact I do.  Unfortunately, it's caught by many AV programs these days.


  • Rebel Alliance Developer Netgate

    Sadly, AV companies can't take a joke…  :P


Log in to reply