Maybe the Admin or is it a hacker

How long should it take for an admin to stop a hacker from entering someones email?
Considering the Admin knows who the hacker is the email is webbased and the hacks are being done remotely. I have a friend who has been getting attacked for over a year by a hacker he can enter her email at will he sends spam from her email and knows everything she writes as well as everyone that writes her. She doesn't have a trojan on her computer. I think the admin is playing games with her. But before I say anything to her about the admin I would like to know is it possiable for a hacker to get away with hacking the same account for so long? If a hacker could not get away with it for over a year what do you think is the longest amount of time he could get away with it?

i'm not sure about what your question is, but i would suggest that your friend install a firewall or ids (maybe both) on his/her system...

Personally I think it is time to change ISP's
Be sure to use another password never used
on the existing ISP.
Also change login name....

I know it is a pain but since most people do not
want to mess around with the legal dept.
Most locals have no idea on privacy laws
and the internet...

There is no way they should be hacking the same person for over a year. Either the admin doesn't know what he/she is doing, or there is a trojan/key logger/ backdoor into either the email server or your friend's computer.

You don't need to change ISP's and all that stuff, just get an admin that knows what to do and get it fixed. But I would install a firewall and IDS to sift through network traffic to and from your friends computer. This will help you see if the attacker is doing things actually on her computer or from the mail server. I would say it is more likely the mail server if anything is being exploited.

Good Luck.

Yes, and if the "web based email account" is something like yahoo or hotmail, why not simply hand write down every email address, and then go and create a new account? Again it's a pain, but then you can make sure it doesn't happen. Plus doing all of the above will increase the chances of the "hacker" not being able to find your friend.

uhh, did they ever change their password?
Are they using a secure password? (One that isn't their name, dog's name, child's name, etc.)
why not change to a different e-mail service?

Is it possible that a hacker could get away with hacking the same account for so long?
Yes, anything is possible. But, why target a nobody? I'm not disrespecting your friend, it is just that, well if you are going to open yourself up to that kind of risk, wouldn't you pick a target that would actually give you something in return?

How does she know that they know everything she writes and that people write her? Is someone talking about it? Spamming using someone's address doesn't require it actually coming from their account. You can put any return address on an envelope, so long as you don't actually expect a response.

If the admin knows about the problem, it must be a fairly small e-mail host. Hotmail and other places like that have many many admins, so if it is only one, then is it for a school, a friend's machine, some shady fly-by-night e-mail host?

How do you know that there isn't a trojan? Is she on dial-up or on broadband, or perhaps a university network?

I know I am asking a lot of questions, but what you have described is basically meaningless without the context of the situation.

Maybe after more info is given other people will be able to desipher the problem and aid you.

Ciao,
Dhej

Quote:

---

Originally posted here by evsed
How long should it take for an admin to stop a hacker from entering someones email?
Considering the Admin knows who the hacker is the email is webbased and the hacks are being done remotely. I have a friend who has been getting attacked for over a year by a hacker he can enter her email at will he sends spam from her email and knows everything she writes as well as everyone that writes her. She doesn't have a trojan on her computer. I think the admin is playing games with her. But before I say anything to her about the admin I would like to know is it possiable for a hacker to get away with hacking the same account for so long? If a hacker could not get away with it for over a year what do you think is the longest amount of time he could get away with it?

---

Couple things here - I'm understanding that the problem is that you have a friend who is getting hacked on her webbased email? Is it from Hotmail, Yahoo, etc? All this so called 'hacker' needs to know is her password for her email account and he could do all of the things you described.. The fix is simple though - change the password to something very secure using numbers and letters, or simply delete the account and start from scratch.. If the admin is the 'hacker,' then he is a worthless admin and shouldn't be in that position.. If the admin knows of the wrongdoing but does nothing, he is still worthless and shouldn't be the admin..

If you could clarify your question a little more, maybe we can be of better help.. Hopefully though, with the respones you got, you found your answer..

If we haven't answered your question, just give us a few more details on the scenario.

From what she says the hacker is in New York she lives in Ukraine and the server is in Latvia. She uses a dial up account. The website that hosts her email is a company called Langa Ltd.
I have recieved email from her account from someone using a proxy server I contacted the owner of the proxy but they have not replied. She has said such emails are not from her. Also everyone that writes her gets some nasty messages about her or some guy sent to them. She uses JAWmail and I know that has a few holes but the admin would know this as well one would think and would try and fix it if that is how the hacker gets in.
If they know the hacker is from New York I think they must know his isp why wouldn't an admin write them? I always thought American ISPs would not put up with this kind of thing.

If she has changed her password and he knows everything she is writing she might have a key logger installed...how did you confirm she had no trojans on her comp?

anyhow, if you wanna make sure she doesnt have some bad stuff on her comp you can always try this link HERE ...

its one of many types of software that help you detect keyloggers..

Google is your friend.....good luck