0
promise5

I've been hacked

By promise5, in The Bonfire

Recommended Posts

promise5    17

promise5
I can't believe I've been hacked!!! I just bet its some little perv living in his mothers basement!! oohhhh if I could get my hands on that person right now. I mean seriously, did they have to send out some nasty emails and the website?? Thanks trying to explain some of those things to my family.>:(
No matter how slowly you say oranges it never sounds like gullible.
Believe me I tried.

Share this post

Link to post
Share on other sites

fallfast69    2

fallfast69
Send everyone in your contacts a note indicating that your account was hacked. My ex used a phrase something like "some of you may have recieved a email that was distasteful in nature and I apologize for that". Most everyone will accept and undewrstand that. Really sucks to have that happen.

Jon

Share this post

Link to post
Share on other sites

rwieder    0

rwieder
Quote

I can't believe I've been hacked!!!



Don't feel like the Lone Ranger. I had a hacker get two of my machines yesterday. I was up until 04:15 Hrs. this morning getting the crud squared away. Poor little vamps got nuthin else to do with their time except make hard working folks life a living hell.
-Richard-
"You're Holding The Rope And I'm Taking The Fall"

Share this post

Link to post
Share on other sites

Gene03    0

Gene03
Let me guess, running Windoze?

Ubuntu or Linux Mint may prevent it from happening again.

Both OS's are free.
“The only fool bigger than the person who knows it all is the person who argues with him.

Stanislaw Jerzy Lec quotes (Polish writer, poet and satirist 1906-1966)

Share this post

Link to post
Share on other sites

FlyingRhenquest    1

FlyingRhenquest
Heh, funny story, a few years back I was talking to our IT guy and he made the assertion that Windows was more secure than Linux. I told him I had an open connection to the internet at home and suggested that we set up two networked computers on it, he could install windows, I could install Linux and we'd see who'd get taken over first. He did some mighty fine backpedaling at that point.

I'd read a story right around that time that your typical windows install, if you were so unwise as to install it on an open connection, would be taken over before the installation had completed.

But security is a journey, not a destination. Just because you're running Linux doesn't mean you crap daisies and unicorns either. There are still all manner of methods your system can be taken over in. Operating system choice is just one component of your overall security strategy.
I'm trying to teach myself how to set things on fire with my mind. Hey... is it hot in here?

Share this post

Link to post
Share on other sites

Gene03    0

Gene03

Good story.

Could you elaborate on what one can do to update to a more secure system?

Or point me to a link?

I'm listening.

Pooping daisies, maybe.

Unicorns, no thanks.:D

“The only fool bigger than the person who knows it all is the person who argues with him.

Stanislaw Jerzy Lec quotes (Polish writer, poet and satirist 1906-1966)

Share this post

Link to post
Share on other sites

theonlyski    3

theonlyski
Quote

Heh, funny story, a few years back I was talking to our IT guy and he made the assertion that Windows was more secure than Linux. I told him I had an open connection to the internet at home and suggested that we set up two networked computers on it, he could install windows, I could install Linux and we'd see who'd get taken over first. He did some mighty fine backpedaling at that point.

I'd read a story right around that time that your typical windows install, if you were so unwise as to install it on an open connection, would be taken over before the installation had completed.

But security is a journey, not a destination. Just because you're running Linux doesn't mean you crap daisies and unicorns either. There are still all manner of methods your system can be taken over in. Operating system choice is just one component of your overall security strategy.



A big part of my job is VPN administration, for which I use Cisco ASA's plugged directly into the internet.

I cannot even begin to tell you how many port 22, 23, 445, 3389, 80/443 requests come in on an open connection, sources from China, Indonesia, Russia, the UK... all within about a 2 minute log time.

I just last night put a site behind an ASA that previously was just using a 2811 router with NAT (one to one for many of the servers). No access list applied either, so they were about as directly connected as one could get... and to top it off, they hadn't been patched or updated since January of LAST year.

Our security team is having a field day trying to get them into compliance and find any/all of the malicious traffic... just putting them behind the firewall (still have a one to one NAT on the servers) seriously cut down on the unsolicited attempts that make it to the server.

Mind you, these were new set up connections/IP's that hadn't been used in at least a year... didn't even have DNS entries.

Granted, a decent network admin could whip up an access list and do a pretty decent job of limiting internet facing servers, but many I've seen don't even bother... Especially if it's not their network.
"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

Share this post

Link to post
Share on other sites

FlyingRhenquest    1

FlyingRhenquest
As much of a Linux evangelist as I am, I feel that Windows can be reasonably secure with a few precautions. Keep it current with its updates, run a virus scanner regularly, use the firewall and don't run IE, for starters. I run firefox or chrome with plug-ins that only allow whitelisted sites to run javascript (No one gets to run Java) or flash. I also don't use the same password for various web sites. That way if a site is compromised and passwords leaked, it can't lead to a takeover of my gmail one.

If you used web-based E-Mail, you'll want to take steps to insure the security of your E-Mail password, particularly if all your other sites can be reset from that one. If you want to be really paranoid, you can keep a separate account (With a separate password) just for resetting other sites. I don't go that far. Make sure you never access your web mail from a public terminal or over an unsecured wifi network.

If you want to try out Linux, a number of distributions offer live CDs you can download and check it out without installing. Ubuntu (http://www.ubuntu.com/) is pretty popular these days. Personally I think their default GUI sucks, but you can just install Enlightenment and you don't have to mess with any of that. Just choose "Enlightenment" as your session before you log in.

Keep in mind that most windows software won't run on Linux. You can sometimes persuade some of it to, if you beat your head against the Wine not-an-emulator hard enough. So if you game a lot, Linux is probably not an ideal solution (though Valve just released steam for it.) If you just use your computer for E-Mail, web browsing and document processing, Linux might be a good use case for you. I use it for software development, prefer it to anything else for that.

Apple's OSX is also a unix derivative, so if Linux is just a little too underground for you, you could always buy a Mac. Same windows compatability issues apply.
I'm trying to teach myself how to set things on fire with my mind. Hey... is it hot in here?

Share this post

Link to post
Share on other sites

theonlyski    3

theonlyski
Quote

Yeah I used to like to tail my logs and watch the hackers trying to brute force my ssh server. They'd keep that damn thing going for weeks at a time.



While I was toying around with my NAS as a router for the network (two interfaces, Ubuntu Server 12.04), I had my IPTABLES log every dropped packet...

tail -f /var/iptables.log

Good times. :D:D:D

Some of those guys were pretty fucking persistent. Too bad I had moved my SSH to a different port and they weren't even getting the login prompt!

Sadly though, I had some issues using it as my router/firewall and I just gave up on it and pulled the second NIC...
"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

Share this post

Link to post
Share on other sites

ryoder    1,384

ryoder
Quote


Keep in mind that most windows software won't run on Linux. You can sometimes persuade some of it to, if you beat your head against the Wine not-an-emulator hard enough.



The only Winblows app I need to run is an exam-test-emulator, and Wine works like a charm. In the past I was using Winbloze in VirtualBox and that was just too much of a resource-hog, and even worse I had to deal with Winbloze.

And to say Ubuntu's default GUI suck is an understatement. That is why Linux Mint exists. No reason to use Ubuntu anymore.
"There are only three things of value: younger women, faster airplanes, and bigger crocodiles" - Arthur Jones.

Share this post

Link to post
Share on other sites

FlyingRhenquest    1

FlyingRhenquest
I used to use Debian, but the distribution has a kind of "fallen-into-disrepair" feel to it lately. I couldn't even find an ISO image last time I went looking.

It's not like it's hard to change Ubuntu's UI. I just installed E17. I don't even use Gnome or KDE with it, stock E17 does everything I need it to. You can also install KDE and choose that as your desktop environment instead. Once you do that, it's just another .deb-using distribution of Linux. I might feel differently if I ever had cause to upgrade the kernel, I suppose.

The only deal-breaker I noticed with Unity was its inability to do any sort of focus-follows mouse in the current release. I've been using FFM since the 80's (On Sun workstations) and I'll be damned if I'm going to turn it off now. You can even get it working reasonably well in Windows. I've never liked software that thought it knew better than I did how I should work. That's why I mostly avoid Windows for everything other than gaming.
I'm trying to teach myself how to set things on fire with my mind. Hey... is it hot in here?

Share this post

Link to post
Share on other sites

skymama    35

skymama
Quote

That doesn't help with the way most people get hacked these days, ie, poor FB or online email passwords.



I saw a report on the news tonight that FB was hacked recently because of some of their employees going to questionable sites!
She is Da Man, and you better not mess with Da Man,
because she will lay some keepdown on you faster than, well, really fast. ~Billvon

Share this post

Link to post
Share on other sites

ryoder    1,384

ryoder
Quote

Quote

That doesn't help with the way most people get hacked these days, ie, poor FB or online email passwords.



I saw a report on the news tonight that FB was hacked recently because of some of their employees going to questionable sites!



It was a "mobile-developer" website according to this: http://www.theregister.co.uk/2013/02/15/facebook_hacked/
"There are only three things of value: younger women, faster airplanes, and bigger crocodiles" - Arthur Jones.

Share this post

Link to post
Share on other sites

Remster    24

Remster
Quote

Quote

That doesn't help with the way most people get hacked these days, ie, poor FB or online email passwords.



I saw a report on the news tonight that FB was hacked recently because of some of their employees going to questionable sites!


IT geeks, going to p0rn sites????? say it aint so! :ph34r:
Remster

Share this post

Link to post
Share on other sites

Gene03    0

Gene03
Thanks.

I'll have to take this up with my IT guy to translate it for me.

I'm currently running the latest updated version on Ubuntu now on this machine.

I have Mint on another machine I use occasionally.

While I prefer the GUI of Mint, the new Ubuntu sort of grows on you after a while.

Isn't it a thing of beauty to have all these choices?
“The only fool bigger than the person who knows it all is the person who argues with him.

Stanislaw Jerzy Lec quotes (Polish writer, poet and satirist 1906-1966)

Share this post

Link to post
Share on other sites

1969912    0

1969912
Quote

If you used web-based E-Mail, you'll want to take steps to insure the security of your E-Mail password



Please tell me more about this.

"Once we got to the point where twenty/something's needed a place on the corner that changed the oil in their cars we were doomed . . ."
-NickDG

Share this post

Link to post
Share on other sites

FlyingRhenquest    1

FlyingRhenquest
Usually all roads lead back to your E-mail. Every site you subscribe to (Probably including your bank) handle password resets through it. Plus if you leave mail up there (Which I do but shouldn't) they can go back through it and see if they can find anything good. Ever have anyone E-Mail you some official-ish document with your social security number in it, or anything?

So you want to be careful how you access that. Make sure that you move sensitive documents down to your computer and delete them, make sure your password is different from anywhere else, don't access them with unsecured wireless networks -- It's trivial to watch traffic on an unsecured network. Even if the network has a password that everyone knows, its traffic is encrypted and a lot harder to watch. Don't access your mail on machines from machines that the public can use (Library computers or whatever.) You have to trust their security as well as your security, and you don't want to do that.

Using different passwords is pretty important. If your E-Mail password as the same as let's say your password to this site, then if this site's security is compromised and someone gets their password file, it could lead to the compromise of your E-Mail password. Again it boils down to trusting their security as well as your security. It's always best to minimize how often you have to do that.

You can have great security practices and still get hacked, but the easier you make it, the more likely it is to happen to you. Most of the guys out there are just trolling for easy targets and won't waste time with the more difficult ones.
I'm trying to teach myself how to set things on fire with my mind. Hey... is it hot in here?

Share this post

Link to post
Share on other sites

1969912    0

1969912
I leave nothing on my main (ISP) email server. I access gmail through Thunderbird, but have to log on to gmail and delete everything from their server, usually once a week. No wireless use. Password management is a PIA, and could use some work. Are any of the password management things like KeePass or LastPass any good? Thanks for the help.

"Once we got to the point where twenty/something's needed a place on the corner that changed the oil in their cars we were doomed . . ."
-NickDG

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing