AceMcCloud
Disciple
man...u got me tensed...
I need to re-draft my entire online security...:S :S
I need to re-draft my entire online security...:S :S
My Experiences: After my email was Hacked
- Thread starter mahistuffs
- Start date
6pack
ex-Mod
do one thing - after logging to gmail check the "Last account activity" which will show you the last 5 logins and their ip addresses. you will get the ip address of the hacker from that. use it to lodge a complaint. maybe if indian police are good it will become an international alert to nab that hacker. else nothing much will come out of it. dont leave that chance though.
mahistuffs
Disciple
blr_p said:
My tech abilities such as ....?
mahistuffs
Disciple
blr_p said:Would you consider yourself a software techie ?
The point of my question was to determine how easy it would be for this to happen to techincally aware ppl vs less aware
Oh ok... I am technically aware and would call myself a techie...infact all my friends come to advice from me for anything related to computers...and in my collage days used to chase popular virus to check what it does and how it works....
I am very fond of programming...and tools and utilities are my hobby/speciality...I have countless utilties designed and developed for Office intranet use / personal use...few of them exploit lack of security in networks...
few of them use extensive web page handling and understanding of how many sites are laid out...
for instance have one called 'Google Image downloader'....used to download images from google search for any search criteria list....I use it to download pictures of say animals...to show to my little daughter...instead of clicking one at a time to see the full picture...
have tools to download entire wallpaper sites (only wallpaper)...for instance on pixelgirlpresents.com
have one personal tool to scan entire network recursively looking for shared folders on office network and build a searchable tree...its a great time pass tool...can get songs / fwd from network without looking for ways to bringing it in ...:hap2:
so on....
https://addons.mozilla.org/en-US/firefox/addon/3383
these kinda attacks can also happen by keyloggers here isa mozilla add on which encrypts every keystroke
these kinda attacks can also happen by keyloggers here isa mozilla add on which encrypts every keystroke
Gurpartap Singh
Adept
blr_p said:
ha ha ha paranoia
I MUST NOW INCLUDE SYMBOLS IN MY PASSWORDS :ashamed:
mahistuffs
Disciple
blr_p said:
I am not able to zero in on the cause...this makes me mad....and paranoid....to think of an open door available for a hacker to enter my system...and i dont know how to close it.
to be safe ...i am going to format the OS partition and install freshly..and adopt the suggestions made on this thread.
I used to try getting other account password but by using a simple trick.
We normally get the programs to do this from the net for free.
I'll tell you how I did it.
I used to put a client program on the victims computer. this client program had settings by which i could specify my email host settings.
now what happens is that whoever uses this computer , whatever the victim typed along with passwords, email addresses, website url's etc all used to be sent automatically to my email server, and there i was with all email addresses and their passwords.
of course I did not misuse any , and this this was long time ago. The client program could very well be hosted online on a website, and can be downloaded automatically , like plugins etc from the malicious site you may be visiting.
and if it is not detected by your antivirus or spyware , you'r activities get logged.
I would suggest you to use a antivirus which had intusion detection, firwall, network scanning, features. And always keep antivirus updated, update windows regularly as well.
And yeah one more thing, when typing passwords, make sure you mistype it once or twice, backspace it and then type it, sometime helps if keyloggers installed.
just my 2 cents.
We normally get the programs to do this from the net for free.
I'll tell you how I did it.
I used to put a client program on the victims computer. this client program had settings by which i could specify my email host settings.
now what happens is that whoever uses this computer , whatever the victim typed along with passwords, email addresses, website url's etc all used to be sent automatically to my email server, and there i was with all email addresses and their passwords.
of course I did not misuse any , and this this was long time ago. The client program could very well be hosted online on a website, and can be downloaded automatically , like plugins etc from the malicious site you may be visiting.
and if it is not detected by your antivirus or spyware , you'r activities get logged.
I would suggest you to use a antivirus which had intusion detection, firwall, network scanning, features. And always keep antivirus updated, update windows regularly as well.
And yeah one more thing, when typing passwords, make sure you mistype it once or twice, backspace it and then type it, sometime helps if keyloggers installed.
just my 2 cents.
blr_p
Skilled
mahistuffs said:
Using IE8 for the 2nd account tells me all it would take is for you to be tricked into viewing a dodgy page and your browsers contents is wide open. I'd imagine its possible to pull all your *ahem* password from this way regardless of how long it was.
THing is you said you only use IE8 to login for gmail and firefox for browsing which implies if this was the method used than FF was vulnerable somehow.
Can FF be made to run activex ?
mahistuffs said:
Right, all he needed to get was the password to your 2nd *ahem* gmail account and everything else was there for the taking.
- does your modem run in bridge mode or NAT mode ?mahistuffs said:
- did you use IE to view any sites someone recommended. The browser needs to be activex capable. Receive any invitations recently from friends to join them somewhere ?
- did you run any software or tool given to you by someone. Thing is you're a techie so you'd know not to do that without at least virus checking it first. and you do run one already.
- you did not mention any IM apps you use, this is one way to get exe's quickly.
- Do you play online games ?...is there anyway this person might be known to you via IM or gaming where presumably you would use the same ID.
Look at your past emails for the last 2-3 months or IM logs if possible.
I think the chance of a totally unknown hacker getting to you is less than an online acquaintance.
mahistuffs
Disciple
- Modem in NAT modeblr_p said:
- I received invitations to join but it was in the 1st account and not the second...but I think i have clicked few links from the 2nd account recently..it could have been the mistake
- no recent new softwares were run
- i dont chat much...but use yahoo messanger rarely..it has only 4 contacts..
- Nope i dont play online games..