After checking logs on my router I’ve confirmed a hack. Many root ssh sign-ons over many many months. The user was LAN because of my building type. There were strange quantity uploads that don’t match up for my browsing habits.
I know who the hacker is, and they are aware I am qubes user.
I need help with auditing my system. I’m not expert qubes user. Maybe power user. But not coder.
How can I start to audit Dom 0 and its dependencies? I don’t know where to start with auditing Dom 0. I don’t know how or what I can do to cross-reference a clean dom 0 state. However, I’ve never touched dom 0 myself so that’s probably a good start.
In a panic I reflashed the router. However I completely backed up qubes from the moment of hack detection.
It’s my hope they only got the router. But the uploads don’t make sense. I’m scared.
Please help. I cannot work until I audit this system.
Long time qubes user. Love it. Thank you for qubes.