I'm not sure what happened, but about a week after upgrading to r5f27 and getting everything working, I came home to find that all my recordings complained 'can't find file'. On closer examination, I found the only thing left in my /myth directory was the music directory, and it only had 5 albums in it where it used to have over 100gb.

I'm wondering if I got hacked since I set up an NFS share on the whole /myth directory and there was virtually no security on it besides the firewall in my router.

More importantly, though, how do I rebuild my /myth directory structure? Any help would be very appreciated.

Jon

_________________
- -
Jon Hoyt
Eugene, OR

HI,

In my humble opinion, if there is a possibility of a hack and there isn't really any thing left, do a reinstall. apt-get install firestarter gives an instant firewall also which very handy for a stand alone system and easy to change if needed.

Mike

Perhaps you had a filesystem mounted into /myth which is no longer mounted? What does mount yield?

On an auto install /dev/[h,s]da3 is typically mounted into /myth...

Jon[/quote]Perhaps you had a filesystem mounted into /myth which is no longer mounted? What does mount yield?

On an auto install /dev/[h,s]da3 is typically mounted into /myth...[/quote]

I ran mount and this is the result:

/dev/hda1 on / type ext3 (rw,errors=remount-ro)
/dev/hda4 on /myth type ext3 (rw)
usbfs on /proc/bus/usb type usbfs (rw,devmode=0666)
tmpfs on /dev/shm type tmpfs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

I don't see any /dev/hda3 at all? Could this be the cause of my problem?

I tried mount /dev/hda3 but then when I ran df -h I got this:

Filesystem Size Used Avail Use% Mounted on
/dev/hda1 3.8G 3.3G 348M 91% /
/dev/hda4 170G 33M 170G 1% /myth
tmpfs 251M 4.0K 251M 1% /dev/shm
/dev/hda3 13G 24K 13G 1% /media/hda3

so it doesn't look like there's anything there. I have to admit I know very little about this, but is there a chance I could restore everything? If it's something I did to myself, how do I avoid it in the future?

Thanks so much,

Jon

_________________
- -
Jon Hoyt
Eugene, OR

OK, let's take a couple of steps back here.

How many hard drives do you have in this box? Of what size and type?
Did you originally perform an auto installation?
What is the contents of /etc/fstab?
Do you see any mount failures mentioned in dmesg | more?

I would be surprised if someone hacked into your system and removed everything from the /myth hierarchy except ~5 albums worth of music. That sounds to me like after the initial installation a few MP3s were copied into /myth/music as a test, then later another drive/filesystem was mounted into the /myth directory (or subdirectories within). Am I on the right track?

I have one hard drive, a 200gb PATA drive. I originally installed using auto installation, and recently auto upgraded all the way from R5A26 to R5F27.

/etc/fstab:


I don't see any mount failures mentioned in dmesg | more.





I'm sure you are on the right track, but I'm not too clear on what happened exactly. If another filesystem was mounted into /myth it would wipe out that filesystem and leave the music that was copied in? Is this fixable? How do I keep from doing it again?

Thanks so much for your help!

Jon

_________________
- -
Jon Hoyt
Eugene, OR

Hi,

Sorry, been busy but looking at some details you have provided may have shed some light.

If you upgraded from A26 then there would have been four partitions as cache was still being used then and would normal have been hda3 based on auto install.

Auto upgrade is going to look for /myth on hda3 typically.

From what I see, I would think your /etc/fstab should be similar to this list:

/dev/hda1 / #root .partition
/dev/hda2 swap
/dev/hda3 /mnt/hda3
/dev/hda4 /myth ext3 defaults,auto 0 2

After having seen more of the story it would make me not look toward being hacked either.

Mike

OK, so it looks like I wasn't hacked. That's kind of a relief even if it means I messed things up myself. I'm still not exactly clear on how I did it, though. After the upgrade, everything worked fine for about a week. I exported /myth with NFS and moved some stuff into /myth/videos, /myth/music, and /myth/pictures. I don't remember what I did just before everything disappeared, but what would cause some but not all of hda4 to be get wiped out? There doesn't seem to be any logic to the few albums that still remain. I haven't listened to any of them in a long time and I didn't use any of them for testing.

Most importantly, what's the easiest way to get everything back working again?

Jon

_________________
- -
Jon Hoyt
Eugene, OR

Hi,

In your changes you may have moved stuff somewhere that wasn't intended.

I notice that /dev/hda3 13G 24K 13G 1% /media/hda3 is about full. Have you looked in it to see if that is where the missing stuff is? Open an xterm and take a peek around.
$ ls -al /media/hda3 should show the contents. Also if you do the same for hda4
$ ls -al /myth should show who is home.

You can also do as root from the root directory
# cd /
# find / -name *.mp3 (or what youever you wish to search)

If things don't turn up then, may be best to do a new install and start clean and fresh just to be 100% safe.

Mike

/dev/hda3 only has 24K of data in it:





I've searched for some of the missing files, they don't seem to exist anywhere. I had very little free space left on the disc before, now I have 170 G. It seems like everything is just gone.



Can I do an auto upgrade again to preserve all my settings? If I do a backup where will the data be stored? How can I avoid having this problem again?

Thanks for all your help.

Jon

_________________
- -
Jon Hoyt
Eugene, OR

Yes, you can backup. The backup is stored in /myth/backup. Perhaps I missed it, but I don't see what the problem was... So cannot state how to avoid it in the future.

Hi,

As Cecil mentioned, you can do a backup and then auto update however if there is nothing left in /myth except a few music files then there may also be some missing directories. That would leave you in a mess starting out and would be not an easy thing to offer guidence to manually rebuild.

This would be a sample (it is from my R5C7 )
ls /myth
avimanager image_cache nuv2disc store tv
backup lost+found pre stream usb-frontend.html
gallery music pretty tmp usb-frontend_files
games mythburn saytime tools video

R5F27 looks a bit different.

If you have a few manual tweaks / scripts then simply save them off to a memory stick for safe keeping. Then go for a full install as you will pick up an extra 13 gig of media storage area in the process.

Just my opinion. Best wishes.
Mike