Hub HACKED

[BlazeXxX]

Hi all,
I am so fedup with those hackers :( My hub is running on IceCube IV Version and as you all know, i msged saying the server bandwidth was over used.. It seems the hacker is geting into my main server and banning all the ops and using up my bandwidth for his own use :'(. Please someone help me :(


Your Friend,
BlazeXxX

[c h i l l a]

I would  but I can only say..  try to find out how he hacked your hub... and tell it patzek...  this is a big security issue. But I can't really help ya. Tighten security..  dunno. maybe you wann give out his IP too.

[SaintSinner]

look at your logs
try to get his ip
stop the hub
disconnect your modem or whatever you use to get online
call your isp
or contact his isp
he is prob spoofing someones ip, maybe even yours
there is a small chance he will not get caught but
a small chance is better than no chance at all.

[BlazeXxX]

Yess :'( The last ip in the server log shows my IP , but he is able to kick me out and others and add them to ban.. In the hub soft wise, i can find anyone's ip as he is wiping off all the logs and deleting all my scripts..

Pls someone help me out !

[Roy]

Well, i would of closed the hub, rebooted the pc and go to the link below and check your firewall shields. It's the best firewall tester in the world.

that site also says that black ice defender is a joke if anyone is running that.

then i would put a different hub soft in, and fresh scripts cause he might have control over the one u run. i would also have done a full virus and trojan scan.

just a suggestion.

ShieldsUP!

*update* and maybe do a win update check, lots of security holes in xp lately they have released patches for.

[plop]

sounds 2 me he's hacking your computer and not the hub.
indeed black ice is kinda a joke for a firewall, but in in my eyes every app based firewall is.
i love visnetic firewall, but it's extremely hard 2 setup, don't expect 2 get it running in a couple mins.
but 1ce your done your safe, unless you made a big error.
checking for a trojan horse is also a real good idea.
shields up is nice but nothing beats nmap.

plop

[pHaTTy]

use norton personal firewall m8 it will fix all ur problems within the matter of 1 restart after installing it, simple setup, very easy to use, and the security is brilliant, since i first installed it ive never been hacked agen :))

[BlazeXxX]

Hi all,
Thx for all ur interest in helping me out.. I am using Kerio personal firewall, which is good for a Win2K3 server.. Its been setup by the server ppl, who are professionals as well..

But if my pc is hacked, and i am using it.. Wudn't it show if they open up the pcanywhere window ? I mean wudn't it show their activities in my pc, if they trying to acccess something on my pc to another one ?

Like a new window of pcanywhere , or mouse moving or some kind ? I didn't notice anything like that.. infact i did a formatting and got a firewall on rite from the begging.. :S

Byezzzzz,
BlazeXxX

[pHaTTy]

hmmm well if you have a firewall on and they have hacked you the firewall is cr*p else the ppl that are so called pro's are cr*p looooooooool

norton will block any trafic that is attempting to access your computer, without ur knowledge and it works great with dc and ptokax :))

i think you need a new firewall or you need some new pro's lol ;)

[BlazeXxX]

loool ya true.. Let me post u the port scans of both machines.. Btw, u are early today :) Good moring m8

[pHaTTy]

yep lol no sleep in 4 days he he he, but what i call today you will call yesterday looooooool

i slept today for 6 hrs looool

and yep good morning m8 thx how are you?  :):)

[BlazeXxX]

Hehe lol.. Ya u are luck m8 I only had 4 hrs sleep :p I am doing good, except the fact too stressed out rite now with these stupid hackers

[BlazeXxX]

Syn Scanned results from my pc:

Opened Ports (Syn Sscan)
Remote Port    Service Port                 Retransmits
18067            not assigned                       18
1025              blackjack/*                            0
5000              commplex-main/ssdpsrv/*    0
7329              swx                                       0


Will post the scan results from my server in few mins time..

[pHaTTy]

looooooool you shud only have 3 ports max open ;)

316/411/80

80 can be closed if no webserver

411 if no hub

and 316 is set by me donno what other peeps use

[BlazeXxX]

No clue wat the blackjack is abt.. It is also opened in my server side :S

[SaintSinner]

ok, you need to act quickly becouse from what i have read, you are not taking this all too seriously,
you are still posting here during this event when you
should have yourself disconnected from the internet, and trying to find your security breach, by this you are contributing to the hackers sucess.

here get this DUMeter  to monitor your up/down speeds, and see how much you are transfering,
shut your hub down and any downloads that you have going
and if the arrows are green, means information is being transmited.

[[ES]latinmusic]

Just to add here: kerio is one of the best firewall out there if well configured in my point of view is better enough than norton but this is my personal opinion, about security holes i don't know a firewall without any of them.

[plop]

Originally posted by BlazeXxX
Syn Scanned results from my pc:

Opened Ports (Syn Sscan)
Remote Port    Service Port                 Retransmits
18067            not assigned                       18
1025              blackjack/*                            0
5000              commplex-main/ssdpsrv/*    0
7329              swx                                       0


Will post the scan results from my server in few mins time..

this looks 2 me like you need 2 find new ppl 2 setup your firewall.
they should all be closed.
if you setup the firewall/windows correct even open ports can be made stealth.
i can remember lots of confused scriptkiddy's who after scanning me found port 80 closed but still hosting a webserver.
pcanywhere is not the only way 2 view the desktop, terminal service (now called remote desktop) can run a session beside it wich you won't see unless you join a session.

Originally posted by [ES]latinmusic
Just to add here: kerio is one of the best firewall out there if well configured in my point of view is better enough than norton but this is my personal opinion, about security holes i don't know a firewall without any of them.

kerio is indeed a lot better then norton.
specialy the wizard mode of norton is a joke.
kerio can run in rule based mode just like visnetic 2 really lock up your computer.
many firewalls support application hijacking, again this is a joke.
if that happens your anti virus is failling, your firewall has nothing 2 do with this.
firewalls without any securety leaks are indeed non excisting as the weak link is the human making the config.
even a openbsd firewall can contain leaks because of this.
i love visnetic for the simple fact that it's based on the linux firewall and there for is much better then anyother windows firewall.
just like the linux version it supports syn cookies wich make the registry fix for ptokax obsolete (the 1 syn is excepted, the folowing are all droped untill the 1st is fully completed).
ok i'll stop talking, maby more later.

plop

[BlazeXxX]

Hi All,

SaintSinner: I shut down my hub and the server yesterday.. I am loggin in from my other pc..

Plop: I agree with you.. But the problem is.. the damned server ppl tied me up with a prepaid 12 month contract and everytime u ask them, they charge u like 140 dollars per hr  :(  

Hint: If the hacker has access to the server, why shudnt he just shutdown or reboot or do something to the server for the big time.. than just banning ppl of.. and stopping the hub ? You pick a point there? Was there any issues b4 regarding IceCube versions, that has been hacked or has a security hole ?

Byee..

[plop]

Originally posted by BlazeXxX Hi All,

SaintSinner: I shut down my hub and the server yesterday.. I am loggin in from my other pc..

Plop: I agree with you.. But the problem is.. the damned server ppl tied me up with a prepaid 12 month contract and everytime u ask them, they charge u like 140 dollars per hr  :(  

i'm a lot cheaper 2 hire. lol
i got a 50% working default config for visnetic, if some1 wants 2 finish it just send me a email.

Originally posted by BlazeXxX
Hint: If the hacker has access to the server, why shudnt he just shutdown or reboot or do something to the server for the big time.. than just banning ppl of.. and stopping the hub ? You pick a point there? Was there any issues b4 regarding IceCube versions, that has been hacked or has a security hole ?

you got 2 groups of ppl.
1 hackers: they enter a system and leave a msg how 2 securery the leak or telling about the problem.
2 crackers: sick ppl thinking it's fun 2 tease ppl, for them banning all your users/ops or deleting files is fun.
this last group is causing the 1st group 2 get a bad name,  this can really piss me off.
because those ppl make it posible for us 2 use secure software so the crackers can't do much/nothing.
the 1st law of hacking is NEVER break/delete anything.
it's just a group of ppl who want 2 know how things work, there by they find errors/leaks wich should be fixed wich is also in there interest as most of the times they use the same software.
you are the victem of a cracker not a hacker.

plop

[BlazeXxX]

Hmm You are rite plop :)

This hacker doesn't seem to do any much harm to the server.. or maybe he doesn't know.. but to my extent.. he is some kid.. he banned ppl like !nickban [ADSL]bla bla with the !nickban in frton of the nick.. and played arnd with the permban like this..

|25421A International Financial Management (UG) Tuesday 18/11/2003 9:30 12:40 CB01 25.46
|26.14
|26.15
|26.17
|26.19
|26.19A
|27.26
|254210A International Financial Management (UG) Tuesday 18/11/2003 9:30 12:40 KG02 4.54
!nickban [10mbit][FTM]Grrrr|[nickban]

This is wat i found wen i took the banned ppl's list from the hub..

Its quiet weired :( I feel like so shit and can't even access my server as its shield by server ppl :(

If anyone can check my server port info, and i trust them pretty much.. pls tell me. i will give u the details of the server for u to trace it out :) I would prefer someone who is like plop,tezlo,phatty,ptacezek etc.. :)
no offence, not another hacker shud know the details  :P

[pHaTTy]

Originally posted by plop

Originally posted by BlazeXxX
Syn Scanned results from my pc:

Opened Ports (Syn Sscan)
Remote Port    Service Port                 Retransmits
18067            not assigned                       18
1025              blackjack/*                            0
5000              commplex-main/ssdpsrv/*    0
7329              swx                                       0


Will post the scan results from my server in few mins time..

this looks 2 me like you need 2 find new ppl 2 setup your firewall.
they should all be closed.
if you setup the firewall/windows correct even open ports can be made stealth.
i can remember lots of confused scriptkiddy's who after scanning me found port 80 closed but still hosting a webserver.
pcanywhere is not the only way 2 view the desktop, terminal service (now called remote desktop) can run a session beside it wich you won't see unless you join a session.

Originally posted by [ES]latinmusic
Just to add here: kerio is one of the best firewall out there if well configured in my point of view is better enough than norton but this is my personal opinion, about security holes i don't know a firewall without any of them.

kerio is indeed a lot better then norton.
specialy the wizard mode of norton is a joke.
kerio can run in rule based mode just like visnetic 2 really lock up your computer.
many firewalls support application hijacking, again this is a joke.
if that happens your anti virus is failling, your firewall has nothing 2 do with this.
firewalls without any securety leaks are indeed non excisting as the weak link is the human making the config.
even a openbsd firewall can contain leaks because of this.
i love visnetic for the simple fact that it's based on the linux firewall and there for is much better then anyother windows firewall.
just like the linux version it supports syn cookies wich make the registry fix for ptokax obsolete (the 1 syn is excepted, the folowing are all droped untill the 1st is fully completed).
ok i'll stop talking, maby more later.

plop

Well i totally disagree with you, maybe you aint got it in you to set norton up, its pretty simple, i think its a pretty easy wizard its a simple click click click and your off, then if a program attempts to access net in or out, then you will be asked to make a rule for this program, if anyone connects to you succesfully and its a threat to your computer it will ban their ip, norton is/and will remain the best firewall in my experience, it has the biggest database going, uses little memory, doesnt pop up with annoying warnings, it will simple flash in the tray

norton also protects data from being passed over the internet for example if you have a password, and you dont want it to be said on msn or such then you block it, and it will warn you that you are about to send crutial data online and recommend blocking, norton is the best, i do not have to say no more ;)

[pHaTTy]

Originally posted by BlazeXxX
Hmm You are rite plop :)

This hacker doesn't seem to do any much harm to the server.. or maybe he doesn't know.. but to my extent.. he is some kid.. he banned ppl like !nickban [ADSL]bla bla with the !nickban in frton of the nick.. and played arnd with the permban like this..

|25421A International Financial Management (UG) Tuesday 18/11/2003 9:30 12:40 CB01 25.46
|26.14
|26.15
|26.17
|26.19
|26.19A
|27.26
|254210A International Financial Management (UG) Tuesday 18/11/2003 9:30 12:40 KG02 4.54
!nickban [10mbit][FTM]Grrrr|[nickban]

This is wat i found wen i took the banned ppl's list from the hub..

Its quiet weired :( I feel like so shit and can't even access my server as its shield by server ppl :(

If anyone can check my server port info, and i trust them pretty much.. pls tell me. i will give u the details of the server for u to trace it out :) I would prefer someone who is like plop,tezlo,phatty,ptacezek etc.. :)
no offence, not another hacker shud know the details  :P

wud like us todo what exactly??

hack ur computer, or see how much info we can get off it?

[BlazeXxX]

Grrrrr no man ! I want to know which one is hacked.. the server or the hub soft.. :( pls don't get me wrong.. i am just sitting here helpless.. :(

[pHaTTy]

well i put all my bets on the computer itself, its pretty unlikely the hub nowadays, ive not known any px4's to be in this situation, so yep ur computer is being hacked, and if you dont get on it and sort it fast you will end up in the situation i was without norton, i was flooded 5 times bombed 3 times, viruses dropped on my computer, crucial data files that i had no replacements projects id been working on for so many hours deleted by someone misc, no logs left.....very pro.....so i sugest getting it sorted and fast.......

-phatty