October 16th, 2003, 05:47 AM
How can I tell if I've been hacked?
Just curious if there are any tell tale signs of whether or not I've been hacked? One thing that concerns me is that my CD Drive is missing and I cannot use it. I do have a firewall and anti-virus, but I am wondering if maybe a keylogger was placed on my compluter prior to getting the firewall (although I now run two spyware programs that both come up clean)? I have a friend whose computer was hacked and the hacker took info from her computer, generated an email using an email address almost identical to mine and attached a virus, then sent it out to members of a forum we all frequent. This is why I feel I am at risk. Sorry if this is a simple question, but, really, I'm not too sure how all this stuff works. Today alone, my firewall has blocked 26 Backdoor/SubSeven Trojan horse attempts mostly from different IP's so I feel like someone is trying to get in.....maybe through other people's computers (???) Also, how can I find out through tracing exactly who is doing this? Thank you very much.
October 16th, 2003, 05:53 AM
Try a netstat? Im thinking your using windows.
Go to your command prompt ( Start >> Programs >> accessories >> command prompt)
Type in -netstat a
Check if any of the IPs are the ones that your firewall is blocking
You might want to try the Symantec security check
If this keeps up, you might want to contact your ISP and ask to change your IP address.
You might want some anti spyware software to take care of the keyloggers -
Both are free and highly recommended..
Check out Wilders Security for more free anti spyware solutions.
October 16th, 2003, 05:54 AM
What kind of network are you on? How long have you been unable to access your CD drive? It could be something simple like your hardware just died on you....maybe try another drive and see if it works. Other than that, if there is any other info you can pass along, the more the better. Hope this helps and let us know of any changes!
Carrie: Someone\'s definition of what constitutes cheating is in direct proportion to how much they themselves want to cheat.
Miranda: That\'s moral relativism!
Carrie: I prefer to think of it as quantum cheating.
October 16th, 2003, 06:03 AM
To find out who is doing it if you think it is someone remotely connected to the computer hitting you, I believe you would have to have access to that computer, then you could do a netstat -n from that computer to see who is connected. I don't believe you can trace it beyond the last ip from your computer. I could be wrong though.
Today alone, my firewall has blocked 26 Backdoor/SubSeven Trojan horse attempts mostly from different IP's so I feel like someone is trying to get in.....maybe through other people's computers (???) Also, how can I find out through tracing exactly who is doing this?
Also, it's kind of wierd that you are getting all those attempts for Subseven. I'm guessing that it was installed before you got the firewall, and the person is still trying to connect and is now getting blocked. You should do a quick google search on how to confirm that you have subseven then another one on removing it.
Since it is multiple ip's maybe the person who put subseven on your comp(if you go by my assumption above that it's on there) told his friends so they could all use your computer to hack from. Definitely check for subseven or any other trojans on your comp and remove them immediately.
October 16th, 2003, 08:04 AM
Go to The Cleaner and download the 30 day trial. Use it, and it will tell you (and remove) any trojan you might have.
If you CD problem is not related to any trojan, you might check your ribbon cables to see that they are plugged in correctly and not damaged or broken (ribbon cables are relatively cheap also).
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
October 16th, 2003, 11:37 AM
"One thing that concerns me is that my CD Drive is missing and I cannot use it."
Assumptions - The CD Drive worked before and you are using some variant of Windows.
Have a look in the Device manager to see if any devices are installed incorrectly / not functioning. You're looking for devices with Red Cross's on, or yellow exclamation marks. If there are any this could point you in the right direction.
On bootup check in the BIOS that the CD Rom drive can still be seen. Older BIOS's wont, but certainly machines manufactured in the last couple of years tend to list them. If its listed, check to enure that Plug'n'Play is still On.
Boot into Windows safe mode ( F8 at startup - Select Safemode ) - open the device manager and delete any references to CDRoms. I have found that some CDRoms arent listed there as they are Plug'n'Play. Allow windows to redetect them upon the next normal reboot.
Check "Add New Hardware" and see if the CDRom is redetected.
Failing that .. you could always reinstall Windows
October 16th, 2003, 11:48 AM
Its always tedious to establish whenever you think you've been hacked. CDrom device disappearance can be a simple hardware failure, or an IDE cable becoming disattached via joggling of the CPU unit. However, h3r3tic and fatphantom have a good point, netstat is a very useful tool to monitor incoming traffic hits. Now in the days of broadband, you always have those curious many that just hit random addresses to see who's open and who's not. Its not even methodical anymore, more like brute force scanning. Another useful tool to use is netmon (on windows 2000)...If you're really good at understanding just basic protocols, you can establish at what frequency, and what type of packets are coming through...although thats only if you want to take it to extremes and interpret raw packet data. Just a thought though! Doesn't hurt to be thorough.
Creating further mindless stupidity....through mindless automation.
October 16th, 2003, 10:58 PM
I wouldn't think that I have been trojaned just because of a missing CD drive. I would definately think it was a problem with the hardware or a Winblows problem first. If someone put something on your computer they are definately going to want to connect to it. I would use some of the techniques from the previous posters and also if you know what you are looking for use something like Ethereal http://www.ethereal.com to sniff your traffic. You can also use Fport http://www.foundstone.com/knowledge/proddesc/fport.html to see what services are using certain ports.
October 16th, 2003, 11:37 PM
Here's a thought..... The question was "how can I tell if I've been hacked"? Let's make a list of signs that either singly or together are potential signs of this problem. Then we can put them all together and sticky it in the "beginners" forum for all to see...... It'll be helpful and a good exercise..... Let's try to avoid things that could be simple system problems caused by a bad/unknowledgable user..... I'll start.... Please add to either category.
Notes prior to assessing these symptoms:-
1. If multiple people use the computer make sure none of them changed anything.
2. Listen to your computer when you use it. You'll then know when the drives are working too hard for example.
3. Observe your internet connection speed at different times of day, then you know what it should be like when it starts to go "funny".
4. If your desktop is cluttered look carefully at it from time to time so you know what is there.
5. Same with the system tray.... look at it to see if it changes.
1. You changed nothing but you begin to get an error message at startup.
2. Startup suddenly takes significantly longer than it used to.
3. Your modem dials on startup or without input from you.
4. Your internet connection has been stable but is now is consistently or intermittently slower.
5. You're doing nothing on your computer but your drive lights are on too much for comfort.
6. You're available drive space seems to have reduced for no reason.
7. Icons appear on your desktop or in the system tray, apparently by magic.
8. You come back to your computer to find a command prompt open and commands in it, (or not).
9. Error messages start to appear at shutdown whenn you changed nothing.
10. Someone mentions information that could have _only_ been got from your computer.
OK.... My brain is tired.... I'm old... OK....
Anyone want to add to this..... They need to be somewhat generic or every bloody windows error will look like a hack..... If you want to be specific about "what you are doing at the time" then maybe we can break it into categories and come up with a score system... You know.... Like a Cosmo questionaire.... If you scored > 10 on this you are safe.... if you scored more > 90 on this you are pwn3d......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
October 17th, 2003, 12:28 AM
There are diffrent things you can do.
Normaly you can check your "netstat" program (windows users) as mentioned before to check all users on your network, mind you that you may be surfing or reciving images from a website, they may appear on your netstat.
After an attack signs may be new/removed/modified files or directories, checking the "last accessed" portion of file properties is useful on files not used by the system.
If you are being hacked you can always tracert the user and hope they aren't using a spoofed IP, this way you can keep the IP as refrence and if you see a constant attack from them on your PC, you can do one of these two things:
1. Fight fire with fire.
2. Report to their ISP.
However you should not give false attack repports since they will more then likely stop listening to you and eventualy others... they will normaly invistigate but they are corperations, and if they need to they won't waste their time on users who send them notices that one of their users are attacking them again and again when it may just be that they are not and you are doing somthing you have no idea about... but I'm begining to ramble on here, this isn't directed towards anyone (incase some one sees somthing here offencive to them).