My fellow penguins,

I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory’s “Where Is My Mind” has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike’s Dad saying, “Ike, we are sick of you talking about ghosts!”

It’s getting old now.

I feel like these sounds should be grepable in some log somewhere, but I’m a neophyte to this. I’ve done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later.

Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold.

Thank you in advance. LOLseas

Update: post-reinstallation and monitoring incoming connections, I’m happy to say the sounds have not returned. This has given me the motivation to install a Netgate 1100 with pfSense ahead of the PC. Thank you all!

      • CaptainBasculin@lemmy.bascul.in
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        from looking here, the thing that makes the most sense for me is pw-cli list-objects, could you try running pw-cli, then type list-objects and then play random sounds on an application? Could be anything, like a media player or web browser.

        When no command is given, pw-cli starts an interactive session with the default PipeWire instance pipewire-0.

        This would mean this should list any changes directly to the terminal, saving us from needing to log it externally

        It should report quite a lot of data considering it reports everything related to audio there, but it should let you know about any changes. If you can trace back from the sounds you made to the application you’ve run it from, it should work.

        • LOLseas@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          Thanks, I ran the above watch command with ‘pw-cli list-objects’ and will report back upon the next occurence. It’s been quiet these past few hours. Thanks for helping a fellow penguin! Much appreciated, all of you.

          • LOLseas@sh.itjust.worksOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 months ago

            I couldn’t wait for the next soundbyte, so I checked the running sound-inputs.log and noticed a few entries for Chromium. I don’t use it, nor have I ever installed it on this system. Did a ‘which chromium-browser’ and got no hits. Yet it’s mentioned a few times in the log. Thoughts?

            Edit: typo

            • CaptainBasculin@lemmy.bascul.in
              link
              fedilink
              arrow-up
              2
              ·
              2 months ago

              Different applications can use Chromium as their base and might not be configured to return their application name to PipeWire, which in that case, Chromium returns its name.

              If you’re using a web app like Discord/Vesktop that’s likely it.