Hi all,
I am so fedup with those hackers :( My hub is running on IceCube IV Version and as you all know, i msged saying the server bandwidth was over used.. It seems the hacker is geting into my main server and banning all the ops and using up my bandwidth for his own use :'(. Please someone help me :(
Your Friend,
BlazeXxX
I would but I can only say.. try to find out how he hacked your hub... and tell it patzek... this is a big security issue. But I can't really help ya. Tighten security.. dunno. maybe you wann give out his IP too.
look at your logs
try to get his ip
stop the hub
disconnect your modem or whatever you use to get online
call your isp
or contact his isp
he is prob spoofing someones ip, maybe even yours
there is a small chance he will not get caught but
a small chance is better than no chance at all.
Yess :'( The last ip in the server log shows my IP , but he is able to kick me out and others and add them to ban.. In the hub soft wise, i can find anyone's ip as he is wiping off all the logs and deleting all my scripts..
Pls someone help me out !
Well, i would of closed the hub, rebooted the pc and go to the link below and check your firewall shields. It's the best firewall tester in the world.
that site also says that black ice defender is a joke if anyone is running that.
then i would put a different hub soft in, and fresh scripts cause he might have control over the one u run. i would also have done a full virus and trojan scan.
just a suggestion.
ShieldsUP! (https://grc.com/x/ne.dll?bh0bkyd2)
*update* and maybe do a win update check, lots of security holes in xp lately they have released patches for.
sounds 2 me he's hacking your computer and not the hub.
indeed black ice is kinda a joke for a firewall, but in in my eyes every app based firewall is.
i love visnetic firewall, but it's extremely hard 2 setup, don't expect 2 get it running in a couple mins.
but 1ce your done your safe, unless you made a big error.
checking for a trojan horse is also a real good idea.
shields up is nice but nothing beats nmap.
plop
use norton personal firewall m8 it will fix all ur problems within the matter of 1 restart after installing it, simple setup, very easy to use, and the security is brilliant, since i first installed it ive never been hacked agen :))
Hi all,
Thx for all ur interest in helping me out.. I am using Kerio personal firewall, which is good for a Win2K3 server.. Its been setup by the server ppl, who are professionals as well..
But if my pc is hacked, and i am using it.. Wudn't it show if they open up the pcanywhere window ? I mean wudn't it show their activities in my pc, if they trying to acccess something on my pc to another one ?
Like a new window of pcanywhere , or mouse moving or some kind ? I didn't notice anything like that.. infact i did a formatting and got a firewall on rite from the begging.. :S
Byezzzzz,
BlazeXxX
hmmm well if you have a firewall on and they have hacked you the firewall is cr*p else the ppl that are so called pro's are cr*p looooooooool
norton will block any trafic that is attempting to access your computer, without ur knowledge and it works great with dc and ptokax :))
i think you need a new firewall or you need some new pro's lol ;)
loool ya true.. Let me post u the port scans of both machines.. Btw, u are early today :) Good moring m8
yep lol no sleep in 4 days he he he, but what i call today you will call yesterday looooooool
i slept today for 6 hrs looool
and yep good morning m8 thx how are you? :):)
Hehe lol.. Ya u are luck m8 :) I only had 4 hrs sleep :p I am doing good, except the fact too stressed out rite now with these stupid hackers :(
Syn Scanned results from my pc:
Opened Ports (Syn Sscan)
Remote Port Service Port Retransmits
18067 not assigned 18
1025 blackjack/* 0
5000 commplex-main/ssdpsrv/* 0
7329 swx 0
Will post the scan results from my server in few mins time..
looooooool you shud only have 3 ports max open ;)
316/411/80
80 can be closed if no webserver
411 if no hub
and 316 is set by me donno what other peeps use
No clue wat the blackjack is abt.. It is also opened in my server side :S
ok, you need to act quickly becouse from what i have read, you are not taking this all too seriously,
you are still posting here during this event when you
should have yourself disconnected from the internet, and trying to find your security breach, by this you are contributing to the hackers sucess.
here get this DUMeter (http://www.dumeter.com/) to monitor your up/down speeds, and see how much you are transfering,
shut your hub down and any downloads that you have going
and if the arrows are green, means information is being transmited.
Just to add here: kerio is one of the best firewall out there if well configured in my point of view is better enough than norton but this is my personal opinion, about security holes i don't know a firewall without any of them.
QuoteOriginally posted by BlazeXxX
Syn Scanned results from my pc:
Opened Ports (Syn Sscan)
Remote Port Service Port Retransmits
18067 not assigned 18
1025 blackjack/* 0
5000 commplex-main/ssdpsrv/* 0
7329 swx 0
Will post the scan results from my server in few mins time..
this looks 2 me like you need 2 find new ppl 2 setup your firewall.
they should all be closed.
if you setup the firewall/windows correct even open ports can be made stealth.
i can remember lots of confused scriptkiddy's who after scanning me found port 80 closed but still hosting a webserver.
pcanywhere is not the only way 2 view the desktop, terminal service (now called remote desktop) can run a session beside it wich you won't see unless you join a session.
QuoteOriginally posted by [ES]latinmusic
Just to add here: kerio is one of the best firewall out there if well configured in my point of view is better enough than norton but this is my personal opinion, about security holes i don't know a firewall without any of them.
kerio is indeed a lot better then norton.
specialy the wizard mode of norton is a joke.
kerio can run in rule based mode just like visnetic 2 really lock up your computer.
many firewalls support application hijacking, again this is a joke.
if that happens your anti virus is failling, your firewall has nothing 2 do with this.
firewalls without any securety leaks are indeed non excisting as the weak link is the human making the config.
even a openbsd firewall can contain leaks because of this.
i love visnetic for the simple fact that it's based on the linux firewall and there for is much better then anyother windows firewall.
just like the linux version it supports syn cookies wich make the registry fix for ptokax obsolete (the 1 syn is excepted, the folowing are all droped untill the 1st is fully completed).
ok i'll stop talking, maby more later.
plop
Hi All,
SaintSinner: I shut down my hub and the server yesterday.. I am loggin in from my other pc..
Plop: I agree with you.. But the problem is.. the damned server ppl tied me up with a prepaid 12 month contract and everytime u ask them, they charge u like 140 dollars per hr :(
Hint: If the hacker has access to the server, why shudnt he just shutdown or reboot or do something to the server for the big time.. than just banning ppl of.. and stopping the hub ? You pick a point there? Was there any issues b4 regarding IceCube versions, that has been hacked or has a security hole ?
Byee..
QuoteOriginally posted by BlazeXxX Hi All,
SaintSinner: I shut down my hub and the server yesterday.. I am loggin in from my other pc..
Plop: I agree with you.. But the problem is.. the damned server ppl tied me up with a prepaid 12 month contract and everytime u ask them, they charge u like 140 dollars per hr :(
i'm a lot cheaper 2 hire. lol
i got a 50% working default config for visnetic, if some1 wants 2 finish it just send me a email.
QuoteOriginally posted by BlazeXxX
Hint: If the hacker has access to the server, why shudnt he just shutdown or reboot or do something to the server for the big time.. than just banning ppl of.. and stopping the hub ? You pick a point there? Was there any issues b4 regarding IceCube versions, that has been hacked or has a security hole ?
you got 2 groups of ppl.
1 hackers: they enter a system and leave a msg how 2 securery the leak or telling about the problem.
2 crackers: sick ppl thinking it's fun 2 tease ppl, for them banning all your users/ops or deleting files is fun.
this last group is causing the 1st group 2 get a bad name, this can really piss me off.
because those ppl make it posible for us 2 use secure software so the crackers can't do much/nothing.
the 1st law of hacking is NEVER break/delete anything.
it's just a group of ppl who want 2 know how things work, there by they find errors/leaks wich should be fixed wich is also in there interest as most of the times they use the same software.
you are the victem of a cracker not a hacker.
plop
Hmm You are rite plop :)
This hacker doesn't seem to do any much harm to the server.. or maybe he doesn't know.. but to my extent.. he is some kid.. he banned ppl like !nickban [ADSL]bla bla with the !nickban in frton of the nick.. and played arnd with the permban like this..
|25421A International Financial Management (UG) Tuesday 18/11/2003 9:30 12:40 CB01 25.46
|26.14
|26.15
|26.17
|26.19
|26.19A
|27.26
|254210A International Financial Management (UG) Tuesday 18/11/2003 9:30 12:40 KG02 4.54
!nickban [10mbit][FTM]Grrrr|[nickban]
This is wat i found wen i took the banned ppl's list from the hub..
Its quiet weired :( I feel like so shit and can't even access my server as its shield by server ppl :(
If anyone can check my server port info, and i trust them pretty much.. pls tell me. i will give u the details of the server for u to trace it out :) I would prefer someone who is like plop,tezlo,phatty,ptacezek etc.. :)
no offence, not another hacker shud know the details :P
QuoteOriginally posted by plop
QuoteOriginally posted by BlazeXxX
Syn Scanned results from my pc:
Opened Ports (Syn Sscan)
Remote Port Service Port Retransmits
18067 not assigned 18
1025 blackjack/* 0
5000 commplex-main/ssdpsrv/* 0
7329 swx 0
Will post the scan results from my server in few mins time..
this looks 2 me like you need 2 find new ppl 2 setup your firewall.
they should all be closed.
if you setup the firewall/windows correct even open ports can be made stealth.
i can remember lots of confused scriptkiddy's who after scanning me found port 80 closed but still hosting a webserver.
pcanywhere is not the only way 2 view the desktop, terminal service (now called remote desktop) can run a session beside it wich you won't see unless you join a session.
QuoteOriginally posted by [ES]latinmusic
Just to add here: kerio is one of the best firewall out there if well configured in my point of view is better enough than norton but this is my personal opinion, about security holes i don't know a firewall without any of them.
kerio is indeed a lot better then norton.
specialy the wizard mode of norton is a joke.
kerio can run in rule based mode just like visnetic 2 really lock up your computer.
many firewalls support application hijacking, again this is a joke.
if that happens your anti virus is failling, your firewall has nothing 2 do with this.
firewalls without any securety leaks are indeed non excisting as the weak link is the human making the config.
even a openbsd firewall can contain leaks because of this.
i love visnetic for the simple fact that it's based on the linux firewall and there for is much better then anyother windows firewall.
just like the linux version it supports syn cookies wich make the registry fix for ptokax obsolete (the 1 syn is excepted, the folowing are all droped untill the 1st is fully completed).
ok i'll stop talking, maby more later.
plop
Well i totally disagree with you, maybe you aint got it in you to set norton up, its pretty simple, i think its a pretty easy wizard its a simple click click click and your off, then if a program attempts to access net in or out, then you will be asked to make a rule for this program, if anyone connects to you succesfully and its a threat to your computer it will ban their ip, norton is/and will remain the best firewall in my experience, it has the biggest database going, uses little memory, doesnt pop up with annoying warnings, it will simple flash in the tray
norton also protects data from being passed over the internet for example if you have a password, and you dont want it to be said on msn or such then you block it, and it will warn you that you are about to send crutial data online and recommend blocking, norton is the best, i do not have to say no more ;)
QuoteOriginally posted by BlazeXxX
Hmm You are rite plop :)
This hacker doesn't seem to do any much harm to the server.. or maybe he doesn't know.. but to my extent.. he is some kid.. he banned ppl like !nickban [ADSL]bla bla with the !nickban in frton of the nick.. and played arnd with the permban like this..
|25421A International Financial Management (UG) Tuesday 18/11/2003 9:30 12:40 CB01 25.46
|26.14
|26.15
|26.17
|26.19
|26.19A
|27.26
|254210A International Financial Management (UG) Tuesday 18/11/2003 9:30 12:40 KG02 4.54
!nickban [10mbit][FTM]Grrrr|[nickban]
This is wat i found wen i took the banned ppl's list from the hub..
Its quiet weired :( I feel like so shit and can't even access my server as its shield by server ppl :(
If anyone can check my server port info, and i trust them pretty much.. pls tell me. i will give u the details of the server for u to trace it out :) I would prefer someone who is like plop,tezlo,phatty,ptacezek etc.. :)
no offence, not another hacker shud know the details :P
wud like us todo what exactly??
hack ur computer, or see how much info we can get off it?
Grrrrr no man ! I want to know which one is hacked.. the server or the hub soft.. :( pls don't get me wrong.. i am just sitting here helpless.. :(
well i put all my bets on the computer itself, its pretty unlikely the hub nowadays, ive not known any px4's to be in this situation, so yep ur computer is being hacked, and if you dont get on it and sort it fast you will end up in the situation i was without norton, i was flooded 5 times bombed 3 times, viruses dropped on my computer, crucial data files that i had no replacements projects id been working on for so many hours deleted by someone misc, no logs left.....very pro.....so i sugest getting it sorted and fast.......
-phatty
phaty i was not telling norton is bad, i only say that kerio is better than norton, also is very difficult to configure it, at last waht firewall people are going to use is only a matter of taste :)
QuoteOriginally posted by (uk-kingdom)pH?tt?
Well i totally disagree with you, maybe you aint got it in you to set norton up, its pretty simple, i think its a pretty easy wizard its a simple click click click and your off, then if a program attempts to access net in or out, then you will be asked to make a rule for this program, if anyone connects to you succesfully and its a threat to your computer it will ban their ip, norton is/and will remain the best firewall in my experience, it has the biggest database going, uses little memory, doesnt pop up with annoying warnings, it will simple flash in the tray
ok visnetic is complex.
i have setup norton a lot of times for other ppl so yes i know it (same for nearly every other firewall around).
if a program tryes 2 acces the net and you won't allow it then it's or a program wich shouldn't be there or a service wich shouldn't be running etc...
visnetic also bans ip's automaticly after x connects (port connect scan not only pings).
if a connection is dangerous it should be blocked before it can be made (default deny - no rule no acces).
and what happens if norton crashes???
yes everything goes open, visnetic has the great option 2 block everything if the firewall is not running/crashed (it never crashed on me and i have a couple friends who reguarly try 2 hack me).
does norton use less then 6MB memory ??
visnetic doesn't popup anything and doesn't flash, it logs everything wich is blocked and can even email the log files.
QuoteOriginally posted by (uk-kingdom)pH?tt?
norton also protects data from being passed over the internet for example if you have a password, and you dont want it to be said on msn or such then you block it, and it will warn you that you are about to send crutial data online and recommend blocking, norton is the best, i do not have to say no more ;)
most you say here is the work of a webfilter not a firewall.
look here (http://www.surfcontrol.com) for more info about that.
now 2 give an example about my setup, i'm behind a gateway, if i would run norton on that how is it gone know wich program is sending data from the workstation??
in my case norton and any other application based firewall is useless, and a firewall on the workstation is useless 2 as it's hidden by the NAT router in the gateway.
now also comes the fact that the router in my modem can set a default ip, any inbound connections on ports wich are not routed are send 2 this.
now comes the trick, that ip is not used by any computer.
visnetic has the boring job of only protecting the routed ports.
*sorry if you find me anoying, i'm a crazy guy trying everything 2 get the best.
in the end it is like latinmusic says a mather of taste, just something you like doesn't have 2 be better then something you don't like.
for example why do ppl use windows instead of BSD, because it's easyer, but BSD is way better.
plop
looooooooooool well if you want to be picky then :P
do you know what a gateway is? :P
everyone that has a no-ip addy has a gateway friend ;)
now for you just to know, i use norton, i am behind a proxy, and have not been hacked whilst running norton, it always blocks the intrusion, and yep it depends on ur taste but i still say no matter what NORTON RULES
did you know norton is the only firewall, and av working agenst the MO3 virus atm ;)
altho being behind a proxy aint all its set out to be, anyone that try connecting to your no-ip addy is a threat, not to mesnion its got to be run from another comp, but its great!!!
QuoteOriginally posted by BlazeXxX
Grrrrr no man ! I want to know which one is hacked.. the server or the hub soft.. :( pls don't get me wrong.. i am just sitting here helpless.. :(
icecube doesn't have brute force pw protection so if he used the hub he most likely used that or 1 of you op's had a way 2 easy pw.
try running testdrive for a couple day's or a script wich binds the operator account 2 his ip (make it log if the ip doesn't match).
if you want i can do a scan on you 2 check for any errors in the firewall config, if so you might be able 2 send that log 2 the folks who set it up and have them fix it free of charge as they made mistakes on that.
for that send me a pm and whill arange something.
plop
QuoteOriginally posted by (uk-kingdom)pH?tt?
looooooooooool well if you want to be picky then :P
do you know what a gateway is? :P
everyone that has a no-ip addy has a gateway friend ;)
now for you just to know, i use norton, i am behind a proxy, and have not been hacked whilst running norton, it always blocks the intrusion, and yep it depends on ur taste but i still say no matter what NORTON RULES
did you know norton is the only firewall, and av working agenst the MO3 virus atm ;)
altho being behind a proxy aint all its set out to be, anyone that try connecting to your no-ip addy is a threat, not to mesnion its got to be run from another comp, but its great!!!
yes i know all that and i don't need no-ip i got a domain.
btw why would you install that virus????
i thought you were a linux user were is open office.
every1 connecting 2 my no-ip addy has 2 connect on a routed port otherwise it's no threat.
but ok you win but i'm right. lol
lets stop this useless battle.
you love norton i hate it.
plop
Thx plop :) I will get them to give me access again and see whats happening den.. Also decided to upgrade to TD version..
I am using Kerio and yes its indeed a good firewall, if its configed properly.. But if u are newbie like me, and the server access is remote.. You will surely get logged out of server after u restart to apply the changes.. It happend to me , while norton asks u about the current running program's access b4 it restart :)
So for newbies, Norton is best.. For Professionals i wud prefer Kerio :)
Latezz,
BlazeX
Hmmm for pros i still wudnt use Kerio sorry looool
Norton rocks still, in my records, when was being a pro about clicking a few buttons loooooooooool
one of my personal favories is eSafe nice little firewall and keeps you pretty safe, but i wud recommend this one to someone knowledgable to firewalls, "not a pro" :P
here is a better firewall
http://www.agnitum.com/products/outpost/
Try see this information:
Detaljer: Indtr?ngen: Portscan
Angriber: tcc2.dyndns.dk(80.197.219.116)
Risikoniveau: Mellem
Mindst 11 porte blev pr?vet.
Edited 02-12-2003 (by a mistake - all solved)
Thx Guys For all your help ! Finally they tracked that looser out.. It wasn't a hacker, it was some traiter.. He had access to the Data Center and he was repairing my server for them... he is not a pro, but pro's friend and he allowed acccess to his remote computer through the msn remote system.. So the server or firewall lets his ip in, and as he had access to data center.. he erased the last login's ip :( I screamed at them, that if they don't find the hacker , i am returning the bloody server..
Now they finally traced him out and blocked all the unncessary ports.. now only 411 is open for ptokax :)
So IceCube or TD4 didn't have Anything to do with this hacking concept.. Sorry if i wasted anyones time ?(
Byezz,
BlazeX
QuoteOriginally posted by BlazeXxX
Thx Guys For all your help ! Finally they tracked that looser out.. It wasn't a hacker, it was some traiter.. He had access to the Data Center and he was repairing my server for them... he is not a pro, but pro's friend and he allowed acccess to his remote computer through the msn remote system.. So the server or firewall lets his ip in, and as he had access to data center.. he erased the last login's ip :( I screamed at them, that if they don't find the hacker , i am returning the bloody server..
Now they finally traced him out and blocked all the unncessary ports.. now only 411 is open for ptokax :)
So IceCube or TD4 didn't have Anything to do with this hacking concept.. Sorry if i wasted anyones time ?(
Byezz,
BlazeX
nothing's wasted, and good 2 hear that they found the cause and solved it.
plop
Thx plop for ur kindness :)
I hate hackers and crackers. They only mess things up.
whats wrong with crackers?
yo all,
all this seams a little strange, i mean, there is a good few reasons behind how this can be done from a unsurcure hub.
maybe u have no logs because one connection managed to force your hub to connect to itself say 20 times quickly:- theirfor making ptokax ban all the users in the hub from hammering.
i for one, can say i writin lots of destructive stuff, and sometimes, its the most simple exploits that cause the largest problems with sockets processing filesharing protocol.
i say, aslong as you have any form of socket listening publicly in ur internal network, your liable to attack.
noza
< plop,
i dont agree with how u sort hackers and crackers! im not gonna say anything, execpt, how many cracked apps u have ;)
*** give it a think
i agree noza, anything that accepts large amount of connections publically, for a service etc, will always be vulnerable to attack, hence i left dc, no point wasting me bandwidth i dont use it lol :D
-/pha