-
January 19th, 2006, 03:59 AM
#1
i am cracked
i visited DShield.org today and i've tried to see if my ip address is cracked an it displayed this message:
Are you cracked?
Your IP (*.*.*.*) appears as an
attacker 124 times in the DShield database.
(Click for more information on *.*.*.*.)
There are several reasons why your IP address might appear as an attacker in the DShield database. The most worrisome is if your computer has been compromised and you are are unknowingly running a Trojan program which is accessing other machines, possibly in preperation for conducting a Distributed Denial of Service (DDoS) attack. If you have a dynamic IP address, it could be that someone else owned your current IP address as this event occured. Please check the time/date in this case. Most dialup users, and many DSL and cable modem users use dynamic IPs.
If you are using a Linux machine, it is possible that it was compromised and is running similar trojan type software and is accessing and probing other machines.
It is also possible that your machine is misconfigured so that it is innocently accessing other machines.
is this statement from dshield for real?
any advices from you guys to what to do with my server? shall i format, repair, get a better firewall (hardware and software), get a better antivirus?
thanks a lot for the help...
-
January 19th, 2006, 04:08 AM
#2
Well is your IP Static or Dynamically Assigned?
If you are using a Linux machine, it is possible that it was compromised and is running similar trojan type software and is accessing and probing other machines.
I just went there with my Linux Box and it said:
Your IP (xxx.xxx.xxx.xxx) does not appear as an
attacker in the DShield database.
I don't know how reliable that is. However you IP is listed. Run your Malware, AV & Trojan Detecting Software and see if you're owned. Formating is one quick way to clean up the problem.
You can use online scanners as well. TrendMicro seems to be popular.
cheers
EDIT: Forgot to add that we have loads of information here at AO on how to clean that mess out and how to prevent any future infestation. Just check out the Tutorial Section and the Spyware / Adware Forum Here
Connection refused, try again later.
-
January 19th, 2006, 04:46 AM
#3
Recognize this?
trojan pestering my box posted 11-06-2005 10:46 PM (post #1)
just how can i get rid of a trojan which i dont know how to get rid of. i know my server is infected with it and compromise but how could i possibly clean up my server. the past computer guys from where i work been using windows which, to me is just ok. it has been infected even before i got here on my work. any advices, what anti-spyware softwares to use, firewalls, etc.? please help me. thanks so much
Source: Yatot
Might explain why DShield displayed the hits. Is this a duplicate of what you went through in November?
Connection refused, try again later.
-
January 19th, 2006, 04:58 AM
#4
Static IP. yes same as that.
-
January 19th, 2006, 05:09 AM
#5
Ouch...
Well the DShield could be from the past, but that sure looks like a lot of entrees. Did the results include a date? Obvisouly if any of them were after the November encounter you got problems. The easiest way probably will be to Run some Malware, AV & Trojan Detecting Software as before and see if you're infected or not. Hopefully that software will clean it out. If not, unfortunately you know what you have to do.
cheers
Connection refused, try again later.
-
January 19th, 2006, 05:46 AM
#6
I did this on my own PC for sh1t and giggles of course, heres the output:
Your IP (xxx.xx2.xxx.7xx) does not appear as an
attacker in the DShield database.
Also,
Good. If your IP address appeared in our database, it would be a strong indicator that your machine was possibly cracked and is accessing other machines in a manner that their firewalls log as hostile.
If this is not your IP address, then it is possible that you are connected through a proxy server which confused our IP detection. If this is the case, then enter your own IP address and click on Submit
You should check out http://whacker8.hackerwhacker.com/freetools.php
and run their free tests. Post results.
Cheers,
thesims
-
January 19th, 2006, 06:52 AM
#7
according to that hackerwhacker chuva:
Warning. Item has potential security problems such as clear text passwords, error prone configurations or giving away important information about your system. Be aware of these.
so far i got seven known security problems that i myt fix. and do some extensive research on how to secure the server.
thanks a lot. praise to you all....
-
January 19th, 2006, 10:11 AM
#8
Junior Member
My IP shows up on the database, but when I checked the records against my ip they were all bit torrent ports (6881 - 7005).
Did you check what attacks it thought you had made?
Memnoch
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|