Jump to content

Hacker Protection


tubui

Recommended Posts

Someone hacked into my computer today, how, I have no idea but he has access to my documents. Please tell me advice on how to prevent this and blocking him/others in the future. Firewalls, Antivirus, please anything..

Link to comment
Share on other sites


Depends how he/she got in. It also depends on what kind of software you are running; as far as firewall and what not. If they got in physically, you should have used a stronger password and disabled the guest account. You could also have made your My Documents private. That way, not even an admin can access your stuff. Of course, they could either take ownership or backup and restore your files somewhere else.

Best thing you can do is download Microsoft's Private Folder. It's a password protected folder that can't be accessed by any means unless you know the password, IIRC.

Link to comment
Share on other sites

it also depends upon your network configuration. We need a little more information.

suggestions:

Disable any unneeded accounts.

assign strong password to all enabled accounts.

any firewall which blocks non-requested incoming connections will work, if this is your home network get a router and set it up to be a NAT, don't put your machine in the DMZ.

Virusscan is personal choice, just keep it updated.

Turn off unneeded services.

Turn off file and print sharing.

Turn off simple file sharing.

Check out available security settings for local group policies and enable those which don't inhibit your use.

Keep up with windows updates and other software updates.

Run security/auditing check tools like those from cisecurity.com

Link to comment
Share on other sites

Also, be careful when sharing files through peer-to-peer, even if your computer is secure (have the latest patches, firewalled, latest virusdef) .

As I have seen so many times that when someone shares files and through misconfiguration, their personal documents are also shared. Some even write their usernames and passwords, credit cards number in plain text or MS Word .doc and these also gets shared :no: !!!

Link to comment
Share on other sites

First thing is to learn not to use the term "hacked" to loosely.

The other day i "hacked" someones network, just to see if i could do it. However this was not really hacking. The wireless network had no security so i was free to connect and use their network connection for free. Then i browsed the computers connected to the network and saw 2 machines, one MAC and one PC. The PC was named the owners name (so i now have his name).

The guy was sharing out his music and documents, so i could easily browse to his documents etc and if i had been malicious, could have deletted everything.

It also gave me the chance to see pictures of him, his family and private arrangments for when he was going away (so i now know he lives in the area. If i spot him i could follow to see where he lives, and then later when i know he is away because of what i have seen on his machine i could break in, knowing he wont be back for a good long while.

He didnt have a password on the admin account so i had access to what i wanted.

Because i was just doing it to see what i could do and not to be malicious i simply left a message in a place i know he would see saying he has been hacked and should secure his network.

Sine then he has secured it with WEP encryption, which is better than no encryption.

However, to be secure as possible at a cheapest way try the following:

If using wireless use WPA2 and make the passcode something that no one could even guess. Make sure your not broadcasting your SSID and enable MAC connections so only machines with the MAC address' you say, can join the network.

Make sure you have a good firewall. A hardware firewall is better than any software firewall, but as that is not usually an option try some firewall software. Anything other than the standard Windows firewall is good. Zonealarm is usually the standard for most home users.

Make sure you have spyware software installed. I prefer spybot.

Make sure you have antivirus installed, a good free one is Avast!

Some people like to run multipul antivirus and spyware programs, but this will seriously impact your system performance.

Other than that, just use your initiative. Dont exept files from people you dont know or dont trust etc. Common sense things really.

Link to comment
Share on other sites

Just how do you know your computer was hacked? What sign did they leave behind?

I've been using Windows forever and I still would not be able to know if my computer was hacked or was infected by a virus or malicious code.

Don't get me wrong... I definitely would know I was infected by a virus or malicious code or when system starts going haywire, but I wouldn't know if someone did access my files and looked at my pics, etc.... because what trace would they leave??? Unless they left me a note or something, I wouldn't know if someone was snooping in my system.

So, the question is, how do you know someone was snooping in your system? Or is your system just infected?

Link to comment
Share on other sites

Where are these logs located?

I'm interested to find out.

start => run (or command prompt) eventvwr.msc

Look for the log file which say:

Hacker attached to system and the date and time, then look for the entry of:

Hacker detached from system and the date and time.

Obviously if someone where to enter the guys machine they would probably have enough nohow of how to clear any evidence of their being there.

Link to comment
Share on other sites

Look for the log file which say:

Hacker attached to system and the date and time, then look for the entry of:

Hacker detached from system and the date and time.

Obviously if someone where to enter the guys machine they would probably have enough nohow of how to clear any evidence of their being there.

Yeah, that was the point I was trying to make by raising doubts. You won't know for sure you were hacked, when you were hacked, how you were hacked; unless the hacker left a trace just to let you know you weren't smart enough to secure your system.

The question for the original poster is: How do you know you were hacked? What clues led you to think you were hacked?

We are offering him advice without knowing the details.

Link to comment
Share on other sites

Look for the log file which say:

Hacker attached to system and the date and time, then look for the entry of:

Hacker detached from system and the date and time.

Obviously if someone where to enter the guys machine they would probably have enough nohow of how to clear any evidence of their being there.

Yeah, that was the point I was trying to make by raising doubts. You won't know for sure you were hacked, when you were hacked, how you were hacked; unless the hacker left a trace just to let you know you weren't smart enough to secure your system.

The question for the original poster is: How do you know you were hacked? What clues led you to think you were hacked?

We are offering him advice without knowing the details.

Yep. you are very right.

Link to comment
Share on other sites

Where are these logs located?

I'm interested to find out.

start => run (or command prompt) eventvwr.msc

Look for the log file which say:

Hacker attached to system and the date and time, then look for the entry of:

Hacker detached from system and the date and time.

Obviously if someone where to enter the guys machine they would probably have enough nohow of how to clear any evidence of their being there.

Well actually if he assumes he's been hacked that means that there was some change made which would lead someone to believe that the user who accessed his account was either sloppy or a script kiddie. That would lead the same person to believe that the user who accessed said system forgot to, or didn't know how to alter the logs. Simple logic at work.

Tubui and spacesurfer,the log that you would look for is in Even Viewer>click Security. Depending on what rights you have, you may not be able to see what's in this log. What you are looking for is any consecutive "Failure audit" followed by a success audit. Double-click one to see what user was trying to login. As general practice, after about 3 failed attempts suspicious should start. Moreso if they where able to login after that.

Edited by CptMurphy
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...