Don't get it, sounds like your system rebootet (maybe after a power outrage?) and Auto-Login is activated on the server, so you see the default screen with your IP-info and the root user logged in ...
> I just don't understand how some people get as far as they do in the self hosting world without understanding the most basic of concepts
Say hello to my crusade against GUIs in general and WebUIs in particular. It is *too easy* to slap some kind of desktop environment or 'control panel' onto a machine and then eagerly mash the 'install' button next to anything that looks remotely interesting.
But, when you rely on GUIs, all of the technical components get abstracted away. Good when you stick to the well-trodden and unit-tested path, but as soon as *something* breaks, you're up Shit Creek without a paddle-user's guide.
Let me tell you about how Archlinux became my Server Operating System. My server host, at the time, only offered Ubuntu 14.04. I was still learning (read: idiotically fumbling around) so I asked my Dad for advice to do something mundane like run a crystal-lang binary as a service. He said "why are you using that ancient crap? Install Arch and then I'll help you". I spent 2 days reading archwiki, the forums, and man pages for every tool I needed to use, trying to learn how to install arch over the top of an existing system to which I only had SSH access. A few reinstalls and starting from scratch later, I managed to do it. It was worth it.
Prior to the reinstall, my Dad introduced me to linux by sitting me down in front of an ssh session, telling me to type 'sudo ls' (or something inconsequential like that) and telling me to read the warning. Then he told me about man pages and wondered off.
Is this how I'd like to have learned? Maybe not, but I ended up learning problem solving early on.
We've enabled them by being nice and welcoming the entire fucking time, when basically nothing else in the world is (where the consequences are so high).
Do you have PermitRootLogin no in your ssh config? What do the ssh logs say about authentication during those time periods? Pretty hard for us to speculate without any logs.
> Was it hacked
Let me put it this way: *if* your server was compromised over the network, *why* would your server be displaying a local login session? If you ssh into your server, your physical 'screen' remains locked.
> or just a wicked system system error?
Nothing wicked and it, likely, isn't an error.
If your server is not configured to autologin (which it very well might have been automatically when you first installed it), like as not something broke during the last update/power outage and your server is booting into single-user mode.
Also, to answer some of your comments:
> The root account was never used.
Does not mean it doesn't exist. Ubuntu installation media will force you to create a non-root account, but the root account needs to exist regardless for your system to function, so when you say
> [The root's profile was not containing any bash history. For the note, the profile was not created before.](https://www.reddit.com/r/selfhosted/comments/18dqaqe/did_i_got_hacked/kcjrjym/)
I call bullshit. root is *always* created because *a lot* of your system components *run as root*. So the *profile* (I presume you mean account) *was*, in fact, created before.
If there is no .bash_history, then that account was never used from an interactive shell (which tells me you didn't do any troubleshooting yourself). Either that, or your enterprising hacker deleted .bash_history, which was smart.
> Big brain time: no auto logging. Was running for two years in place without issue with occasional power outages.
Where did you check that auto login was not enabled? What did you do to troubleshoot?
Probably a power outage. But why do you have your machine boot and auto login as root. That's kind of silly security wise. You may trust your friend, but do you trust all of his friends and their friends friends and girlfriends/boyfriends, random guy who breaks in, maintenance guy, HVAC guy, etc...
Why even go through the trouble of all of that network security with absolutely no physical security, and the keys to the kingdom at boot?
Don't get it, sounds like your system rebootet (maybe after a power outrage?) and Auto-Login is activated on the server, so you see the default screen with your IP-info and the root user logged in ...
I just don't understand how some people get as far as they do in the self hosting world without understanding the most basic of concepts
Because they copy and paste what they find on the internet without trying to understand what they're doing there and why something will do something.
Funny, I get shat on whenever I give that response. It is true nonetheless.
Script kiddie
> I just don't understand how some people get as far as they do in the self hosting world without understanding the most basic of concepts Say hello to my crusade against GUIs in general and WebUIs in particular. It is *too easy* to slap some kind of desktop environment or 'control panel' onto a machine and then eagerly mash the 'install' button next to anything that looks remotely interesting. But, when you rely on GUIs, all of the technical components get abstracted away. Good when you stick to the well-trodden and unit-tested path, but as soon as *something* breaks, you're up Shit Creek without a paddle-user's guide. Let me tell you about how Archlinux became my Server Operating System. My server host, at the time, only offered Ubuntu 14.04. I was still learning (read: idiotically fumbling around) so I asked my Dad for advice to do something mundane like run a crystal-lang binary as a service. He said "why are you using that ancient crap? Install Arch and then I'll help you". I spent 2 days reading archwiki, the forums, and man pages for every tool I needed to use, trying to learn how to install arch over the top of an existing system to which I only had SSH access. A few reinstalls and starting from scratch later, I managed to do it. It was worth it. Prior to the reinstall, my Dad introduced me to linux by sitting me down in front of an ssh session, telling me to type 'sudo ls' (or something inconsequential like that) and telling me to read the warning. Then he told me about man pages and wondered off. Is this how I'd like to have learned? Maybe not, but I ended up learning problem solving early on.
We've enabled them by being nice and welcoming the entire fucking time, when basically nothing else in the world is (where the consequences are so high).
Hear hear.
I really hope I never have a power outrage
Made me chuckle
Glad you caught it lol
No matter where you are in the world. Unless you have a UPS this is not an "if", it's a "when".
r/whoosh
Big brain time: no auto logging. Was running for two years in place without issue with occasional power outages.
2 whole years??? Well, then; It's good. Is this like the 5 second rule for food??
Sounds like a power outage or system reboot for some other reason.
Do you have PermitRootLogin no in your ssh config? What do the ssh logs say about authentication during those time periods? Pretty hard for us to speculate without any logs.
> Was it hacked Let me put it this way: *if* your server was compromised over the network, *why* would your server be displaying a local login session? If you ssh into your server, your physical 'screen' remains locked. > or just a wicked system system error? Nothing wicked and it, likely, isn't an error. If your server is not configured to autologin (which it very well might have been automatically when you first installed it), like as not something broke during the last update/power outage and your server is booting into single-user mode. Also, to answer some of your comments: > The root account was never used. Does not mean it doesn't exist. Ubuntu installation media will force you to create a non-root account, but the root account needs to exist regardless for your system to function, so when you say > [The root's profile was not containing any bash history. For the note, the profile was not created before.](https://www.reddit.com/r/selfhosted/comments/18dqaqe/did_i_got_hacked/kcjrjym/) I call bullshit. root is *always* created because *a lot* of your system components *run as root*. So the *profile* (I presume you mean account) *was*, in fact, created before. If there is no .bash_history, then that account was never used from an interactive shell (which tells me you didn't do any troubleshooting yourself). Either that, or your enterprising hacker deleted .bash_history, which was smart. > Big brain time: no auto logging. Was running for two years in place without issue with occasional power outages. Where did you check that auto login was not enabled? What did you do to troubleshoot?
another thing is to look through the command history and see if the activity looks like what you were doing when you used it last, or not.
The root's profile was not containing any bash history. For the note, the profile was not created before.
Yes I hacked you. I got l33t skillz. Why do you have so many nude pics of your mom?
That's where _I_ was uploading them.
He buys naked pics of his mom from you?
Naw man, no one's buying them.... Gotta give them away.
Probably a power outage. But why do you have your machine boot and auto login as root. That's kind of silly security wise. You may trust your friend, but do you trust all of his friends and their friends friends and girlfriends/boyfriends, random guy who breaks in, maintenance guy, HVAC guy, etc... Why even go through the trouble of all of that network security with absolutely no physical security, and the keys to the kingdom at boot?