Results 1 to 8 of 8

Thread: i am cracked

  1. #1
    Member
    Join Date
    May 2005
    Location
    waraynon.com
    Posts
    93

    i am cracked

    i visited DShield.org today and i've tried to see if my ip address is cracked an it displayed this message:

    Are you cracked?

    Your IP (*.*.*.*) appears as an
    attacker 124 times in the DShield database.

    (Click for more information on *.*.*.*.)

    There are several reasons why your IP address might appear as an attacker in the DShield database. The most worrisome is if your computer has been compromised and you are are unknowingly running a Trojan program which is accessing other machines, possibly in preperation for conducting a Distributed Denial of Service (DDoS) attack. If you have a dynamic IP address, it could be that someone else owned your current IP address as this event occured. Please check the time/date in this case. Most dialup users, and many DSL and cable modem users use dynamic IPs.

    If you are using a Linux machine, it is possible that it was compromised and is running similar trojan type software and is accessing and probing other machines.

    It is also possible that your machine is misconfigured so that it is innocently accessing other machines.
    is this statement from dshield for real?
    any advices from you guys to what to do with my server? shall i format, repair, get a better firewall (hardware and software), get a better antivirus?
    thanks a lot for the help...
    .sig na ture.

  2. #2
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Well is your IP Static or Dynamically Assigned?


    If you are using a Linux machine, it is possible that it was compromised and is running similar trojan type software and is accessing and probing other machines.
    I just went there with my Linux Box and it said:
    Your IP (xxx.xxx.xxx.xxx) does not appear as an
    attacker in the DShield database.
    I don't know how reliable that is. However you IP is listed. Run your Malware, AV & Trojan Detecting Software and see if you're owned. Formating is one quick way to clean up the problem.

    You can use online scanners as well. TrendMicro seems to be popular.

    cheers

    EDIT: Forgot to add that we have loads of information here at AO on how to clean that mess out and how to prevent any future infestation. Just check out the Tutorial Section and the Spyware / Adware Forum Here
    Connection refused, try again later.

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Recognize this?

    trojan pestering my box posted 11-06-2005 10:46 PM (post #1)

    just how can i get rid of a trojan which i dont know how to get rid of. i know my server is infected with it and compromise but how could i possibly clean up my server. the past computer guys from where i work been using windows which, to me is just ok. it has been infected even before i got here on my work. any advices, what anti-spyware softwares to use, firewalls, etc.? please help me. thanks so much
    Source: Yatot

    Might explain why DShield displayed the hits. Is this a duplicate of what you went through in November?


    Connection refused, try again later.

  4. #4
    Member
    Join Date
    May 2005
    Location
    waraynon.com
    Posts
    93
    Static IP. yes same as that.
    .sig na ture.

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Ouch...

    Well the DShield could be from the past, but that sure looks like a lot of entrees. Did the results include a date? Obvisouly if any of them were after the November encounter you got problems. The easiest way probably will be to Run some Malware, AV & Trojan Detecting Software as before and see if you're infected or not. Hopefully that software will clean it out. If not, unfortunately you know what you have to do.

    cheers
    Connection refused, try again later.

  6. #6
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    I did this on my own PC for sh1t and giggles of course, heres the output:

    Your IP (xxx.xx2.xxx.7xx) does not appear as an
    attacker in the DShield database.
    Also,
    Good. If your IP address appeared in our database, it would be a strong indicator that your machine was possibly cracked and is accessing other machines in a manner that their firewalls log as hostile.

    If this is not your IP address, then it is possible that you are connected through a proxy server which confused our IP detection. If this is the case, then enter your own IP address and click on Submit
    You should check out http://whacker8.hackerwhacker.com/freetools.php
    and run their free tests. Post results.

    Cheers,
    thesims

  7. #7
    Member
    Join Date
    May 2005
    Location
    waraynon.com
    Posts
    93
    according to that hackerwhacker chuva:

    Warning. Item has potential security problems such as clear text passwords, error prone configurations or giving away important information about your system. Be aware of these.
    so far i got seven known security problems that i myt fix. and do some extensive research on how to secure the server.

    thanks a lot. praise to you all....
    .sig na ture.

  8. #8
    Junior Member
    Join Date
    Oct 2002
    Posts
    20
    My IP shows up on the database, but when I checked the records against my ip they were all bit torrent ports (6881 - 7005).

    Did you check what attacks it thought you had made?

    Memnoch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •