|
-
March 30th, 2003, 09:51 PM
#11
If your running some kind of business from your computer and it was hacked, you may want to contact the police, so that they can do a thorough forensic investigation. Don't try to do this kind of stuff yourself if you don't have expertise in computer forensics, as you could destroy evidence or lose/alter volitile information. There may be evidence that could lead back to your attacker, you wouldn't want to lose that would you? Let a pro handle something like that, That's your best bet.
PuRe
-
March 30th, 2003, 10:06 PM
#12
Junior Member
i use .htaccess
i'm not sureif .htaccess and firewall are the same, but i use .htaccess. it's provided by my webhosting service and on my control panel it's called web protect. when someone logs into my site, a dialog box pops up and they enter their user name and password.
how are they getting past this and how are they getting this credit card information along with my hotmail account information? also, can i track them down and report them to the authorities?
-
March 30th, 2003, 10:31 PM
#13
Junior Member
download ZoneAlarm Pro - FireWall , install it and read Readme.txt file about settings ! than ... NEVER upload information about you and your business on FTP or WebSite that can be hacked! thats all!
www.astalavista.box.sk
search information about Firewalls , FTP you can learn more than you expected !
-
March 30th, 2003, 10:38 PM
#14
Some things you may want to do.
1) Change ALL your passwords and never tell anyone what they are. Each person should have their own passwords.
2) I recommend upgrading to a better OS that you can control access. Win98 == no security. Anyone can install trojans, viruses, keyloggers, etc. without even trying. Win98 says "Yay! you know how to click the mouse! Install whatever you want! Yay!" At least with 2k, you can make users have a user id and password and you can set permissions on user accounts and only make yourself an admin.
3) Run a virus scanner or trojan remover. Make sure the defs. are up to date on both before you do this, otherwise... it won't do a bit of good. You can use free online virus scanner here if you don't have one. If you don't have one... you should get one ASAP. Try the cleaner for 30 days f ree. It will at least tell you if you have a trojan on your PC.
4) Install a firewall. If you don't want to spend money, get Zone Alarm Free . If you want something easy that you don't have to do much with... get norton internet securit y. There are several more out there. Everyone has their favorites.
5) Check to see what is accessing the net and if it should be. Active ports is free and it does a good job of tracking down connections and maps them to the applications that are connecting to the web. Its bascially a beefed up netstat with a GUI.
-
March 31st, 2003, 04:07 AM
#15
Member
If the guy has that much sensitive information on his system I would suggest buying a router, setting up some ACLs, and keeping the IOS udated. I would also suggest purchasing a Catalyst switch, and setting up some VLANs. Forget a software firewall, buy a Cisco 2500 or something of that nature, buy a router off of Ebay, thats basically all you need. And disable unused network services. Check for viruses, prefer. trojans.
The End Justifies The Means...
-
March 31st, 2003, 03:44 PM
#16
number one, if someone has, and continues to, hack your computer and you're running a business, GET THAT COMPUTER OFFLINE. change all your passwords, etc. You also have a legal obligation to contact the credit card companies, as well as those customers, to report a fraud.
if you have the resources, get a second computer online, and use it ONLY FOR YOU BUSINESS, and keep your personal BS off of it (never mix work with pleasure!) that way, if you get hacked because you wanted to run kazaa, or some other p2p, your customers won't be affected.
Switching OS's to linux probably isn't an option right away, as i'm sure you have inventory and accounting programs already running. using a more secure OS is always better (win2K would be a good one to go with if you don't want to have to learn all the ins and outs of linux)
lastly, be very careful from now on. when installling programs, read the dialogue boxes before clicking accept (i know no one ever reads those, but there are some pretty important ones) Canon printers, for example, won't re-imburse you if you printer gives you AIDS, catches fire and burns your house down, or reformats your hard drive. Read before you jump, it's not the male thing to do, but it'll keep you safe.
i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.
-
March 31st, 2003, 04:04 PM
#17
Everything everyone has said here so far is valid - especially the stuff regarding your obligation to your customers and the CC companies.
This case is one where the likelihood is _extremely_ high that the attacker has unfettered access to your computer and probably has remote administration tools installed. Since your plea for assistance was worded in the fashion it was I am assuming that you do not - nor will you in a short time - have the ability and knowledge to "fix" this situation yourself. Since it is a business computer spend the money to get a professional to set this system up for you. Have them erase the existing system and keep _only_ data that could not have been tarnished. Have them set you up a secure system that is effectively firewalled from the big wide world and contains secure passwords etc. Then write off the cost against the business.
As was also mentioned - keep your personal crap off the new machine. It doesn't matter if it is the only PC you have. Your responsibility remains with your customers and compromising their security and possibly ruining their credit record doesn't fly because you wanted to listen to the latest track by the "hot-n-sweet chix".
This is a good example of where CC companies should require certain things be in place before they allow just anyone to accept CC's over the internet.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
March 31st, 2003, 04:57 PM
#18
last time i checked in the USA credit card fraud is a federal crime- and i'm sure there are a bunch of suits waiting for you to contact them... I believe that would be the secret service? anyway- as posted before- contact the law, they'll help...
/edit->
please tell your customer's that there Account information was "compromised" so that they can take the proper steps to protect their assets... this is serious- as if you do not inform them of this, you can be held somewhat accountable... (please, someone correct me if i'm wrong) but i was under the impression that businesses has certain responsibilities concerning their customers financial information?
yeah, I\'m gonna need that by friday...
-
March 31st, 2003, 05:26 PM
#19
Junior Member
Ur web Service might have a vulnerability
id email ur webserver about it and check the ip logs to see anything funny like a static ip address and port redirects. Defenitaly tell the cops.
-
March 31st, 2003, 05:52 PM
#20
Yeah I'd recommend what everbody else is saying. Get a firewall like Zone Alarm and put that on your computer, and go to this to get the cleaner. Run it on your system and see if any trojans pop up.
I'd also recommend resetting all of your passwords and get a program to password lock your files that are important.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
