SilverFox1405241541 0 Report post Posted May 13, 2007 Basic things to do when your PC is hacked Intro This is a 'basic' manual. That means it will probably be incomplete and not cover ever circumstance. So bare with me What to do Disconnect your PC from the internet physically (this leave the hacker powerless)You might want to *temporarily* delete important things and save them...but that's optionalScan your PC for viruses and spywarezI manually looked though my system files, that's just me though Check your firewall settings, close as many ports as you don't needReconncet your RouterMake sure your Router pass is extra hard, like long...mine's like 40 charsThe order you do things does matter but I couldn't decide on a good order. This will work with most 'Script Kiddies' but sometimes things are more nasty. Cheers, SilverFox Share this post Link to post Share on other sites
HellFire121 0 Report post Posted May 14, 2007 Best way to fix something like this is to reformat, bad thing is you lose your data but it does have more positives over negatives in my opinion.Positives in this situation would be definately getting rid of the hack tool or virus the hacker used if you do a full format, also it comes with the added bonus of cleaning out your pc and making it faster.Negatives include the pain of reinstalling everything and restoring backups etc.If you do decide to reformat remember, never make a full system backup always backup individual files. It is less likely you copy the virus this way.Some other tips you can include are:Change passwords to frequently used sites and services (ISP password and paid services, as well as your router as you've suggested)If you don't want to reformat you can turn off system restore to flush out any copies of the virus.Scan your computer with multiple antivirus/antispyware and hack tool scanners. Remove everything they find.Boot your computer in to safe mode and scan again, also you can take note of what is running in windows that isn't in safe mode. (Safe mode only runs the required programs to get your computer running)Hope it helps anyone in trouble -HellFire Share this post Link to post Share on other sites
Moon Child 0 Report post Posted May 14, 2007 Funny I happen to run into this right now, since I just got done reformatting my computer. It's always best to take all these precautions, what with the scanning and all, but I found out if you were able to back up your files a fresh formatting works best. I've yet to get a worm/virus/hacked, but I'll make sure to take these precautions later on in the day when I'm done setting things up. Share this post Link to post Share on other sites
Jeigh1405241495 0 Report post Posted May 14, 2007 Is it common for random people to get hacked? I mean, I know it happens obviously haha I'm just wondering if you guys have been hacked by people you don't know (say, someone you pissed off). I just know that while I always tell my friends to get anti spyware and run it every week or two, anti virus, take all the above mentioned precautions, etc, I never do. Until a year or two ago I didn't run anti virus, only do a spyware check every couple months, etc and have never had any troubles. I'm just kind of curious if it's just been luck of the draw that I hadn't had any major issues when my computer was an open book basically (now it's secure as hell, but just because I got on a kick a few months back to figure out how to make it secure because a friend wanted to know haha).All great tips though, and obviously if you know you're being hacked at that exact moment, the unplugging the computer from the network or power step is the most important first step Share this post Link to post Share on other sites
ethergeek 0 Report post Posted May 14, 2007 (edited) Make sure your Router pass is extra hard, like long...mine's like 40 charsThere should never be any circumstance where anyone but the admin should even have access to the router's configuration. Don't enable remote admin access to your router; that's just stupid. If you have untrusted people on the LAN side, separate off one of the physical ports on the router into a different VLAN and only enable access to the admin stuff from that VLAN. This is pretty basic common-sense stuff...I don't know why config access to routers is allowed from the wireless adapter in the first place; it's really stupid. Under no circumstance should anyone without a physical ethernet connection to the router be allowed to talk to the unit's internal webserver that hosts the config pages. Edited May 14, 2007 by ethergeek (see edit history) Share this post Link to post Share on other sites
Jeigh1405241495 0 Report post Posted May 14, 2007 ethergeek... unless I'm mistaken the point of buying a wireless router is to be, you know, wireless B)Now to us it seems logical to have a router with a wired connection to a desktop system since it would be pointless to not have it wired if like, 2 feet from the router and it never moves. But picture an apartment with a couple people that are not overly into technology that buy a wireless router for their laptops. Why would they ever want to have to hard wire into the router? The whole point is to be free with their movements heh.I understand what you're saying, just seems impractical based on the angle that wireless routers are promoted. Share this post Link to post Share on other sites
ethergeek 0 Report post Posted May 14, 2007 ethergeek... unless I'm mistaken the point of buying a wireless router is to be, you know, wireless Now to us it seems logical to have a router with a wired connection to a desktop system since it would be pointless to not have it wired if like, 2 feet from the router and it never moves. But picture an apartment with a couple people that are not overly into technology that buy a wireless router for their laptops. Why would they ever want to have to hard wire into the router? The whole point is to be free with their movements heh.I understand what you're saying, just seems impractical based on the angle that wireless routers are promoted. Wireless access does indeed provide extreme convenience, however, it should never sacrifice security for convenience. Take for example Linksys' recommendation that you do not upgrade firmware wirelessly. It makes sense, since if you start getting interference, you may brick your router. Why is the same logic not applied to security of the network the router is designed to safeguard? Even in an apartment full of computer-illiterates, is it really that hard to connect a laptop to a port on the back of the router to set it up? Especially given that you need to wire into it to set it up securely anyway once you remove it from the box? Share this post Link to post Share on other sites
SilverFox1405241541 0 Report post Posted May 14, 2007 Well Jeigh I haven't been randomly hacked/virused in like...7 years but on slavehack someone who didn't like me decided to hack me.Lots of good suggestions/advice posted here, thanks B)Also system restore has helped me when I have been virused from like downloading a bad torrent or something. Share this post Link to post Share on other sites
bluefish1405241537 0 Report post Posted May 14, 2007 Well, as for connecting to the wireless router, my router is personally not connected to any computer. It's on the first floor, where no computer is, so that the computers in the basement and on the second floor all have clear reception. I do have a laptop, but if someone did only have desktops, none of which were connected to the router, it would be very inconvenient to need a wired connection. Share this post Link to post Share on other sites
develCuy 0 Report post Posted May 15, 2007 (edited) My question is: how to know when you are hacked?? WARNING! I don't necessary agree with the following concepts. Read with caution --> First I will share to you an ancient hacker philosophy. "You are not talking about to be infected by a trojan or worm. Hacking is about open ports and capturing of services. A hacker don't want to delete your files or kill your HD, that is another kind of attack. The original purpose of a hacker is "to hack your system". Find security holes and then break the security, but nobody must know. Only after the "attack". People commonly think about hackers like criminals that want to kick Buss *bottom* and get access to the White House cameras and avoid terrorist be detected when they put an antrax bomb. Criminals are criminals, hackers are people that help in security. Now, if some hacker 'makes sin' then must be named a sucker..." This kind of philosophy is named "subtility", Christians think that a subtility is an strategy used by the evil. A mix of true and lie, then, an absolute lie. Make some kind of invasion to private content, system or service is not a good action, this means "sin" and then "die". Christians know what kind of die. <-- WARNING END SECURITY ON YOUR DESKTOP A Desktop Computer is the most vulnerable kind of system, . The principal virus, is normally the user. Is like the Earth. Our planet is destroyed by humans. The security of a system depends of the user. In Windows Systems, You ONLY need a good antivirus(avast!, antivir, etc...), also a firewall, an anti-spyware, install Windows Security Updates.... You know the history. Internet does not mean: download & install me. Is like the real world, be careful, something bad will happen if you visit warez sites, or open files containing attachments with the extension: .src, .com, .pif. You must also use this logic: "You read the manual for your TV, for your Cellphone, then use your computer's manual". Drive with care in the signals. SECURITY ON SERVERS Securing a server means be in control of everything, have an up to date system and take fast actions in the crisis. By example, for a common LAMP server, you have to configure the firewall, allow connections only via HTTP, HTTPS, FTP, SMTP, POP3 and SSH. Everyone of these services have a common port. If a hacker knows your Apache and OS version, then he will look at bug reports to find some hole and then take control of your Web server. To avoid vulnerability you have to keep an update kernel and apache server. The same for the other services, by example: Postfix, tftp, OpenSSH. You have to be in control of your system, what users, what services, what hostnames/IPs, what ports, what schedules, what kind of rights for every service.... and more in low level: what size of TCP/IP packages, what amount of packages, what amount of lost packages and their frequency. Some kind of variation, something that makes you think: "this looks strange", must be enough to start your security test routine. TURN OFF YOUR COMPUTER IS NOT ENOUGH Hackers are intelligent people, they know: "He will turn-off the computer, just what I need!! I will put my trojan in the boot tasks". Please!!! Just pray, unplug your Internet connection, copy your important files, pray again, turn of your computer and call 911, the police office and FBI. Maybe your hacker is a terrorist spy using your as bridge to hack the Federal Bank. In the real life, a normal user will never know that was hacked, and how many times. Are you waiting for Fire games on your computer, and a Windows Message: "WARNING Your computer is being hacked!!!". ARE YOU FILLING INSECURE? Please, I don't want to start the red alert in your mind. Only be sure to have your system up to date. Let the security experts think in their servers and don't do thinks that your mother will not. Blessings! Edited May 16, 2007 by develCuy (see edit history) Share this post Link to post Share on other sites
Downlinker 0 Report post Posted June 30, 2007 My question is: how to know when you are hacked?? WARNING! I don't necessary agree with the following concepts. Read with caution --> First I will share to you an ancient hacker philosophy. "You are not talking about to be infected by a trojan or worm. Hacking is about open ports and capturing of services. A hacker don't want to delete your files or kill your HD, that is another kind of attack. The original purpose of a hacker is "to hack your system". Find security holes and then break the security, but nobody must know. Only after the "attack". People commonly think about hackers like criminals that want to kick Buss *bottom* and get access to the White House cameras and avoid terrorist be detected when they put an antrax bomb. Criminals are criminals, hackers are people that help in security. Now, if some hacker 'makes sin' then must be named a sucker..." This kind of philosophy is named "subtility", Christians think that a subtility is an strategy used by the evil. A mix of true and lie, then, an absolute lie. Make some kind of invasion to private content, system or service is not a good action, this means "sin" and then "die". Christians know what kind of die. <-- WARNING END SECURITY ON YOUR DESKTOP A Desktop Computer is the most vulnerable kind of system, . The principal virus, is normally the user. Is like the Earth. Our planet is destroyed by humans. The security of a system depends of the user. In Windows Systems, You ONLY need a good antivirus(avast!, antivir, etc...), also a firewall, an anti-spyware, install Windows Security Updates.... You know the history. Internet does not mean: download & install me. Is like the real world, be careful, something bad will happen if you visit warez sites, or open files containing attachments with the extension: .src, .com, .pif. You must also use this logic: "You read the manual for your TV, for your Cellphone, then use your computer's manual". Drive with care in the signals. SECURITY ON SERVERS Securing a server means be in control of everything, have an up to date system and take fast actions in the crisis. By example, for a common LAMP server, you have to configure the firewall, allow connections only via HTTP, HTTPS, FTP, SMTP, POP3 and SSH. Everyone of these services have a common port. If a hacker knows your Apache and OS version, then he will look at bug reports to find some hole and then take control of your Web server. To avoid vulnerability you have to keep an update kernel and apache server. The same for the other services, by example: Postfix, tftp, OpenSSH. You have to be in control of your system, what users, what services, what hostnames/IPs, what ports, what schedules, what kind of rights for every service.... and more in low level: what size of TCP/IP packages, what amount of packages, what amount of lost packages and their frequency. Some kind of variation, something that makes you think: "this looks strange", must be enough to start your security test routine. TURN OFF YOUR COMPUTER IS NOT ENOUGH Hackers are intelligent people, they know: "He will turn-off the computer, just what I need!! I will put my trojan in the boot tasks". Please!!! Just pray, unplug your Internet connection, copy your important files, pray again, turn of your computer and call 911, the police office and FBI. Maybe your hacker is a terrorist spy using your as bridge to hack the Federal Bank. In the real life, a normal user will never know that was hacked, and how many times. Are you waiting for Fire games on your computer, and a Windows Message: "WARNING Your computer is being hacked!!!". ARE YOU FILLING INSECURE? Please, I don't want to start the red alert in your mind. Only be sure to have your system up to date. Let the security experts think in their servers and don't do thinks that your mother will not. Blessings! hehe, i was thinking about the same, good question! Share this post Link to post Share on other sites
dserban 0 Report post Posted July 1, 2007 (edited) I would like to add to that:- If at all possible, and if you don't plan to advertise your services to the whole world, do not run them on well-known ports."Security by obscurity", so to speak.Configure your FTP server to listen to e.g. port 7777 instead of 21, give Apache a port number of 9595, etc.I was recently hacked by a random person through a string of bad decisions and negligence on my part.I had configured my desktop PC to work as the default DMZ server, in other words, the one host that by default receives all port forwarding requests for port numbers greater than 1024. I had done that a while ago and this detail had slipped my mind.Then one day I installed VMWare Player on my desktop and was playing around with a virtual live Knoppix environment.The VMX file I had downloaded from somewhere was configured to allow remote VNC access on port 5900 with no password.So far so good, but apparently there are hackers who port scan ranges of IP addresses just with port 5900, so I learned my lesson now and I treat 5900 as a well-known port.So anyway, I was typing away at the root shell in my virtual Knoppix environment when suddenly I start noticing some strange behavior: random characters being output in the shell window, obscure Knoppix configuration applets popping up for no apparent reason, etc.First I thought it must be a bug in the VMWare player, maybe because my PC was running low on memory, but then I saw something else: this person pasted into my root shell a very well conceived ftp script the purpose of which was to connect to a site with a user name and password and download a .exe file into the WINDOWS directory.The name of the file was honeypot.exe or pothon.exe or something along those lines.Obviously, the script failed miserably because the Knoppix ftp utility does not understand the same switches as its Windows couterpart, but I was curious whether or not the username and password for that site were a valid combination ... and they were!In the end, I got a good laugh out of it, because I imagine this must have been a script kiddie who had not seen a Linux command prompt in his entire life, and even if he had, he couln't have caused any permanent damage to my environment, seen as the Knoppix iso file is handled in read-only mode by VMWare player.But this small incident served to remind me that the threat from hackers who do this stuff for fun or in order to have something to brag about in their obscure black hat forums ... is REAL.It also served to make me a little bit more paranoid and check three things at least once a day:- what processes are running on my PC? Do I know what each one of them does?- what ports are open on my PC, which ones have established connections with a remote host, and which applications have opened those ports?- what are the attached devices on my wireless router? Has anyone managed to break the three layers of security (WPA, strong password, MAC filtering)? Edited July 1, 2007 by dserban (see edit history) Share this post Link to post Share on other sites