FUCK!! I WAS JUST HACKED.

[boneprone]

I think my computer was just fucking hacked.

I was working on shit, and wanted to go into my documents to get some shit, and this weird error came up saying the file was being accesed by some network, and was unaviable. I thought something was fucked with my computer..

Meanwhile I hear these clicks on my speakers, like I hear when my wife pics up the phone when Im online. I use DSL, but I also have a phone line in my PC as well, forking to my telephones in my office..

SO I yell to my wife, quit fucking with the phones cause all these sounds are pissing me off. She screams to me that she hasnt touched the phone. Im still hearing these connections sounds in my speaker.. I shut off my Go to run a virus scan to see if I got some strange virus, and somehow my virus scan which is ALWAYS on, is "DISABLED"
I check Norton, and McAfee, both are Disabled..
So I shut down my computer, and reboot.
I get back on, and still disabled. I unplug my dsl modem, and try to figure shit out.. My ftp shit had been fucked with. the icon is gone. THen I go to my documents, and everything is GONE.. Everything.. I store fucking everything in there. EVERYTHING.. All gone.. I check my recycle bin to see if its in there, and no its not! WHat the fuck!

So im running anti virus now, but nothing is coming up.. I think someone somehow dialed into my pc.. Took all my files in Mydocuments, and tryed to get into my sites with my ftp..

I have no firewall (but Im getting one now), but im still wondering if someone somehow got into my pc? It was like a ghost was moving around doing shit on my computer as I sat back and watched.. When I unplged my modem it stoped, and when I rebooted my files were all gone! All my pictures, all my shit I had in my documents.

Im on my laptop now till I can go get some fire wall thing..

Is this making sence? Does this shit happen?
Fuck I wonder if this is related to the cashtour hacking a few hours ago? If someone is pissed at GFY, Im sure they'd hate me the Mascot of GFY as well!!

But hey, if you hackers are out there and mad about that Chineese post, Im half Chineese My brothers, so leave me alone!

[boneprone]

I have like 3 years worth of files in the my documents folder.. Along with files with passwords, html, pics from the convention, pics of my wedding, and no copies.. Fucking gone.. WHere the fuck did it go? Can this somehow be a computer glitch or can someone steal and erase this shit? And why?

This isnt making sence.. My sites are fine, and my passwords have been changed.. Im hoping this wasnt an attack on boneprone, but rather a random shit thing that some hackers saw an opening though and just fucked with me..

I read this shit about people getting into systems though cable modems, dsl, and icq, but what does that mean exactly? ANd is it bad that I leave my computer on all day and night, and also leave icq on with no firewall?

Shit I nevr thought much of it, im not Microsoft, I nothing to offer any hackers, so what the fuck? And why the fuck did these bastards have to take my wedding photos I had saved from my digital camera, and my convention pics? MOTHER FUCKERS.

[MrBrian]

be smart and zip up your docs and put it in a password protected zip at least...

[boneprone]

Pete that fucking phone call where you disquised your voice saying you have my site, and my documents and my passwords of mine scared the fuck out of me.

You bastard!

[boneprone]

Yo brian, I have nothing to lock up!! Everything I ever saved in my documents is fucking gone!!

[titmowse]

damn boney. i guess it would be logical that if you can dial out, someone can dial in.

shit

tit

[boneprone]

Is there somewhere the stuff I had in My Documents could have been transfered? I dont get where it all went.. There was sooo much stuff..

[Gemini]

Are you running systemworks?!

[boneprone]

yeah, norton system works.

[Chris R]

BP,

I have had files mysteriously switch into subdirectories of different folders. Make sure you use the find feature before freaking oyt too much. They should be somewhere...

Go to GRC.com and to a quick test of your PC. If your cable/dsl light is blinking when you are doing nothing - and I don't mean a blip here and there - THEN you have some hacking activity. Pull the phone line just to be sure, but that would be VERY VERY unusual.

[meshell]

what a nightmare...why would anybody wanna hack you?
don't you have backups? I hope you do
am so sorry this happened to you

[boneprone]

whewwww.. I found the shit in mydocuments.. I think it was osmekind of backup or something that the search function help me find.. Im buring shit on to CD, and keeping it here in my office.. For now on when people want to steal shit they will have to do it the old fashoned way and steal it by breaking into my home.

[This message has been edited by boneprone (edited 07-16-2001).]

[Gemini]

If you have Norton plugged into the trash bin then you can retrieve the files. Might take awhile but they ARE there

[boneprone]

yeah gem thats what I had to do.

[Gemini]

It was prob just a Windows hiccup. It happens. It would take quite a while to do that much damage. Ever watch those lil monitors on your command bar?!

Or it was just a Bone Burping.

[Gemini]

Wait til you swap file crosslinks!!!! Want fun? there ya go!

[boneprone]

so is it common to be a victum and unsafe not to have a firewall? I thought most people dont have one?

I leave my computer on all night, and I am on dsl, and I also keep my icq on all night, is this not something I should do??

Really, I did not know this was a fucking problem until now after everyone has been icqing me telling me I should have known..

I personally dont know a soul who has had thier PC hacked.. Websites yes, but pc's never.

[boneprone]

Im retrieving my shit. SO fuck, what was this a computer fuckup or was someone in my pc? I get emails all the time from those fuckers from Turkey saying they are gunna hijack my site, and they want $$ to avoid this, but Ive known a lot of people to get those.. SO im not sure what the fuck?

Is there a way to see if someone has been in?

[titmowse]

were you playing any computer games? games are forbidden on our pc...they fuck it over waaay bad

[Gemini]

First NEVER leave your system on unattended. And second odds are it was Windows doing a self scan from that one program, can't pull up the name at almost 4am, but it will screw the .swp or .386 files and cause things to disappear every now and again.

We used to get customer systems all the time like that. Made good cash from it too.

[Gemini]

A good tech sometimes can tell if someone attempted it, ours is in bed with his cell off over in the UK probably. Wizzo is supposed to fix his pw to get in here today tho. gfy screwed up and never mailed his pw to him Saturday.

[boneprone]

Thanks guys, I feel better now knowing and hoping it was just a copmuter error..

But why was my antivirus deactived on both programs, norton, and Mcafee? Does it shut off as these things occur that you talk about?

[titmowse]

i have no freeking idea my boney. there are far smarter folks than i on this board. i aam sorry you had that happen, whatever it was

[Gemini]

Yes Windows deactivates all antivirus as a matter of course to scan. It can cause errors when it sees Windows writing and tries to stop it. Another reason to keep the antivirus in the bios off.

[danevans]

Quote:

Originally posted by MrBrian:
be smart and zip up your docs and put it in a password protected zip at least...

That's not enough.. Try a search for a "zip password cracker", even download.com has some..

[f | a s h]

If you need a firewall, I can strongly recommend ZoneAlarm.
Comes in a free and a pro version.
Grab a copy at: http://www.zonelabs.com/products/index.html

------------------
// f | a s h

THAT'S WHAT YOU GET FOR ACCUSING ME OF HACKING CASHTOUR

HAR HAR HAR

[boneprone]

who's familiar with this?
This looks like what i think happened.
http://www.nwinternet.com/~pchelp/bo/bo.html

[jimmyf]

boneprone, you better go get ZoneAlarm.

Your virus checker's should have picked up
Back Orifice if you had it.

Once you get ZoneAlarm and set it up am sure you'll be very surprised at what it picks up.
Set to show alert popup_window.

One of the next big things for crackers is
fooling firewalls.

Jim

[This message has been edited by jimmyf (edited 07-16-2001).]

[boneprone]

I just ran a
Security Risk Scan with a NetBIOS Availability Scan and got this:


Scan Results:
WARNING!! The scan was able to make a connection with your computer. This means that you could potentially be vulnerable to attack by malicious people who gain access to your computer and can potentially view, copy, delete, or modify data on your computer.

To Fix This Problem:

Install a personal firewall on your computer
If you have a firewall installed on your computer it may not be properly configured to make you computer invisible on the Internet
Internet connections to your computer are made through ports. To learn more about the status of ports on your computer, see: Network Vulnerability port status

And I had two vulnerabile ports..

Also my network adapter address is accesable if that means anything?

Im getting a firewall now if that helps.

Quote:

Originally posted by boneprone:
who's familiar with this?
This looks like what i think happened.
http://www.nwinternet.com/~pchelp/bo/bo.html

HEY I SENT YOU THAT LINK !

Geez - boneprone, you're such a n00bie...

[Juge]

At the very least, buy another hard drive, and save a copy of important data there. This helps if windows 'hiccups' as someone else put it. I've had an entire directory crash on me just because the OS fucked up. Did you run scandisk or anything like that to see if the disk has some problems?

Most files are retrievable afer deletion if you dont mess with your computer too much and get those allocation slots overwritten - it looks like you used a program to do just that.

As far as hacking, programs like subseven can give an outsider full access to anything on your computer, including your cam... shut the cam or face it away if you have one, and you don't want someone looking at you... I think cam manufacturers should place a light that blinks when the cam is in use, so you know when someone's hacking ya, but they are morons. Some cams dont even have a lid.

Use NETSTAT -a -n in dos to show all active connections. If you have a connection in there that is suspicous, find out what it is. Try netstat without the -n, as well, it shows the address in non-numerical form. Any trojan or virus accessing the net, or someone connection thru to your computer talking to the virus allowing access to your whole computer will show up here.

Install a firewall, and a good one, to stop these things. A few months ago I was getting probed to see if I have a subseven installed 10 or 20 times a day. These guys find one person on DSL, and scan the whole fucking IP range for DSL'ers without a firewall. If only one of these reports back, they just found someone that they can do anything with. These trojans are pretty crazy, too... they can even monitor keystrokes. Say goodbye to your credit card if you're the unlucky fool who just bought something off the net.

GRC.com explains a lot of this crap, and more, as someone has already mentioned. I recommend it to anyone, it explains it detail, too. A new page that was just put up explains how this 13 yr old fucker shut down his website with bots spread on 1000's of computer via viruses, all pinging at the same time. It's a good read.

------------------
Juge - [email protected]
- Juge's Bikini and Thong Page
- Juge's Weekly Wallpaper
- Daily Bikini Babe

Need FREE CONTENT?

[Backov]

First off:

Duh, turn OFF netbios! And file sharing.

Whoever said zips can be cracked - yes, they can, by brute force. Any password over 8 characters will take a long time, and a pass phrase will take so long it's just not feasible.

Contrary to popular belief: No one can dial into your machine unless you've set it up to do that, or there is a trojan running on your machine.

No one can take control of your machine outside of file sharing and netbios connections without some kind of client, ie, SubSeven, BackOrifice and PCAnywhere.

Those clients have to be installed. It's potentially possible with the nice security holes in IE that these can be automatically installed, much the way they set your home page and such. I would be very surprised if it wasn't happenning already.

So you were probably hacked. Backup your docs. ;> Get a firewall. Zonealarm is ok, blackice is not.

Good luck with it Bone.

Cheers,
Backov


------------------
AVSBlitz - Build AVS Sites Faster and Better

[fantasyc]

Hey, that's a great article for us newbies

That's why I like to hang out here, you guys are so smart

------------------
Thanks ;)
Tracy
Fantasy Content
http://www.fantasycontent.com

[fantasyc]

Well, the good news is I don't have it but now I'm all paranoid

[SNOW]

Sorry bone I was just trying to see naked pics of your wife LOL.....

[Taz]

You've been given some good advice so far concerning simple lock downs for your system. Everyone should be running some kind of firewall, either virtual or physical.

As to B/O and Sub7, they are not only nasty they can be difficult to totally remove from your system. The newest versions are using .d1l file extensions which look like regular windows .dll extensions, due to the font that window uses it is very difficult to tell them apart. They also rewrite your registry.

If you think you may have been trojaned and if you have your Windows disk, you might want to re-install your Windows .dll files.
You may also want to change your passwords to everything, your ftp, your sponsors, any banking or utility companies you access online, everything.

Guys, make sure you have a good antivirus software that says they will catch trojans since they don't normally show up in regular virus scans.

When you know your system is virus free. Make a back-up of your registry and save a copy to disk. Update this copy regularly.

Zone Alarm is probably the best virtual firewall out there right now if you only run one system to the net. If you have several systems networked and running on a fast access connection, I strongly suggest using a physical proxy/firewall.


Peace,

[The White Rabbit]

http://www.elitehackers.com/cgi-bin/Ultimate.cgi

You can cull alot of security info from guys that do this shit. They have alot of info on firewalls and such.

Fight High Prices...Grow your own.

[boneprone]

The Symantic Internet protection thing I just installed, poped up a waring about some backdoor thing trying to access some shit.. I clicked no not to allw application to run... Isnt this bacdoor shit the bad guy? Or is that back office..

This shit is driving me crazy.. Intially it asks me to accept all sorts of shit like accessing icq, or explorer.. Im clicking accept and decline top shit Ive never heard of with this firewall shit.

[TheFLY]

This is what my guru told me,

"a firewall is always helpful, but if you're running win98 theres pretty much nothing to hack.

where it comes in handy, is if you run a trojan. A firewall makes it a lot harder to use the trojan effectively....

or run any servers like a webserver or something. essentially windows just sits there, until you put something up someone can exploit"

I don't even use MSIE or that Outlook. I wonder if ICQ has any weakness...

------------------
...from the nectar of the Bone flows all that clicks...

[Xero]

Zonealarm is not the professional way to go. I would strongly suggest "BlackIce Defender" as it has won several awards, and I have used it personally, and its great. Here is a direct link to the product. http://www.networkice.com/sales/home_office_sales.html
Contact me VIA ICQ if you have any further questions reguarding this topic.

[TheFLY]

Where did the term "ice" used in this context originally come from?

I remember reading about hacking through ice in Neuromancer... Just wondering if that author coined the term or not... BTW awesome book! One of my personal favorites...

Wintermute lives... ehehe...

[Fossil]

hey boneprone, my suggestion would be to goto neworder.box.sk, search there for a program called the cleaner which will search your harddrives for a lot of little trojans that these script kiddies have fun settin up on peoples pc's

and depending on how many pcs you have, you could get a cable/dsl router from linksys, i personally have one, and trojans wont gain any access at all unless if you set it up through the router via port forwarding

good luck on securing your machine

[aprilkorova]

Wow Bone, I'm sorry you had such a stressful time.

2 good lessons though, without losing everything...One, always back-up everything. I learned the hard way. I lost 9 mos of work about a year ago. Worst day ever, you will make it a habit now like I have.

Two, with a dsl line you are suppesedly always connected and can be very vulnerable...get zone alarm and may I suggest since you do well for yourself and are fairly visible through the boards and your sites, that you get one puter for work that isn't connected to anything and one for e-mail, internet, bbs', etc.

Put 'em right next to each other, you'll never notice the inconvenience and makes you feel a lot safer. There are just too many little shits with too much time on their hands.

[boneprone]

ohh shit!! "There was a recent attempt to attack your computer which was blocked!! Do you wish to see the details on the attempted attack?

I clicked yes to see wgat the fuck and this came up.. Attempt to connect to local computer using "Backdoor/SubSeven Trojan Horse blocked"

Is this bad??

[boneprone]

fuck, i checked the status of my protection shit and this is the current status:


You were last attacked on: 7/16/2001 11:55 am

Recent intrusion attempts: 2

Recent attempted attackers: 1

Most frequent attacker 200.49.154.28

Is this the ip address of the fucker?? If so what can I do with it? Can someone figure out where this ip address is from for me?

[boneprone]

wow, 2700 posts!! 300 more till an oil change!

[The White Rabbit]

More than likely they used a bunch of proxys together. http://members.home.net/darknesz/impspage.htm
This page has some good info that might be useful.

Fight High Prices...Grow your own

[boneprone]

How do I do "a reverse dns look up on the ip and it will give you the provider that has that ip. then you contact that isp and they can pin point it from there."