My fellow penguins,
I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory’s “Where Is My Mind” has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike’s Dad saying, “Ike, we are sick of you talking about ghosts!”
It’s getting old now.
I feel like these sounds should be grepable in some log somewhere, but I’m a neophyte to this. I’ve done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later.
Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold.
Thank you in advance. LOLseas
Update: post-reinstallation and monitoring incoming connections, I’m happy to say the sounds have not returned. This has given me the motivation to install a Netgate 1100 with pfSense ahead of the PC. Thank you all!


I’d have a look at what you’re port forwarding to your machine, then what services may be running on that port, and finally if your firewall rules allow those though.
If anything, it sounds like somebody was doing remote execution calls on your game server.
I did a ‘netstat --verbose’ and had these connections after a reboot, did not launch the browser.
Do a
netstat -anlp | grep LISTand post itWill do as soon as reinstall 3 is done. I’m reverting back to Debian 12 “Bookworm” as I don’t trust any newly downloaded iso’s aren’t getting tampered with. I noticed a mismatch on the hash for a newly downloaded Gentoo LiveUSB image and its .iso.sha256 file. I reset my router back to factory settings in the meantime. Fresh admin password, fresh SSID and keyphrase. Only wireless device on network is my phone, also reflected on router wireless page.
Did it help, have you managed to get rid of the sounds?
So far, so good. I’ll update the post. Thanks for your interest!