Happy Planet : What to do you if you are attacked or hacked

HAPPY PLANET- SECURITY

The future belongs to those who believe in the beauty of their dreams.

	Cosmos of Happiness
	>Happy Planet
	-	Happiness
	-	Science
	-	Mind Technology
	-	Meta Physics
	-	Dream
	-	Meditation
	-	Intuition
	-	Philosophy
	-	Psychology
	-	Creativity
	-	Telepathy
	-	Great Scientists
	-	Dream Dictionary
	-	Miscellaneous
	-	Games
	-	Links

	>Special Features
	-	Intelligence
	-	Security
	-	Tutorial


	>Powered by

	Welcome to Happy Planet - Security Section
	"Deep in the sea are riches beyond compare. But if you seek safety, it is on the shore." What to do you if you are attacked or hacked : Part Three Check startups If you still dont have a clue, remember to check what gets started up during reboot. You can check it in the registry (run "regedit" and check places HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Run. and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows\CurrentVersion\Run.) or just simply run "msconfig" which will tell you what is starting up. Also, you better check win.ini and system.ini files too to see what they contain. Again, if you dont know what you are looking at, it wont tell you much but if you have some knowledge about what SHOULD be started up, then you know what to look for. Ofcourse, remember that there are plenty of clever trojans around that can hide themselfes at the existing .exe files like explorer.exe so you cant spot them in either registry or in running processes. They are nasty ones. Here is an excellent site about what programs you might be starting up. Game over If your system is just a mess, its likely that the hacker was there. Or some virus or worm has "exploded" in your system. Or someone has tampered with your system. Depending upon how hard you have been hit, you need to concider how to move on. If its just a mess, try to fix it up with antivirus, settings, startups, registry and boost your security. If its a total mess, its just easier to recover by restoring a image of your system (which you have ofcourse created with a program like Norton Ghost) from an image you KNOW is a safe one. There is no point of restoring image you created yesterday, it might have the same trojan already inside! If you are up to restoring an image, better restore an image that has been created more than a week ago. Before restoring the image, remember to backup your recent documents and such that you have created after that image was created...backup to floppy or such, dont backup to partition you are about to wipe by writing an existing image ontop of it! If you have a reason to believe that your system has been compromised or it has been messed up really bad and you dont have an image file to recover from, then you are out of options. OR, if you believe that the hacker has installed a "root kit" to your computer which will allow him to totally control every program, command and procedure that goes on in your computer making it absolutely impossible for you to recover from it, then you are in trouble. Then all you can do is to backup documents, picture and other files (but NOT any program files etc!) to save place (like floppies or other HDD). Then you must boot to DOS (or with WindowsNT/2k/XP boot from CD) or otherwise commit format. Format your system partitions (Usually C:), but to play it safe, format all partitions, repartition and install everything back from the scratch. Use only original program CD:s and floppys; you cant be sure is the cause of you mess in some pirated software or other piece of code you cannot trust. You might be surprised to realize that it is actually quite fast to reinstall your system. It might be much faster to reinstall everything than try to figure out what went wrong and how to fix it...and formatting and installing everything again is the ONLY way to be sure that whatever happened, will not happen again (unless you again executed the program that caused it in the first place). Be carefull with document files, they can contain macroviruses, but if you setup your settings properly and scan them with antivirus, they shouldnt be a problem when you restore them to your clean system. When you are done After you have recovered, you need to think what might have happened. What kinda trojan/attack it was? Did it or did it not penetrate your defences? If it did, what could it do? What could that particular trojan (if you could identify it) be used to? If your system has been compromised, you need to change ALL you passwords and you need to do it fast (before the villan uses the perhaps captured passwords or changes them and locks you out of your email etc.) AFTER you have secured your system. Make sure you remember your new passwords (or use a program that saves them in encrypted form so you only need to remember one passphrase, like Password Safe). After changing your passwords, you might want to warn your friends about it (if your system was compromised, ofcourse there is no reason to alarm them if you just got your ports scanned). Tell them quickly what happened and that if they have received some emails / attachments from you, they should not open them. Dont spread hoaxes or alarm them if your system was not compromised. Do it ONLY if you are sure it was compromised from inside. Think. Think hard. What have you executed lately? Did you receive some weird email? Are you sure you had all the updates to your Windows and antivirus updated and properly running too? What about settings on your programs olike browser and antivirus, where they safe? Who else has been using your computer and what did they do? Are you sure? Could have someone tampered with your computer without your knowledge? Try to find answers to these kinds of questions inorder to locate where did the (possible) infection came from. At last, think how can you prevent it ever happening to you. If you know or think you know what caused it and why, you can pretty easily avoid it next time. If someone was scanning your ports, make sure you have them all closed now and forever until you REALLY need some of them to be open. If it was an attack from inside your computer, concider altering what you do with your computer...like for instance, stop loading programs from unreliable sources, switch your browser and email client to something more secure (like Opera), concider upgrading your antivirus or getting an antitrojan too and so on. If you used to let other people use your computer, limit who can use your computer (good settings and Guest account in WindowsXP works like a dream...IF you have a good password onto them!) and to what and make sure they understand to follow your security guidelines (the most important being: dont run programs you cant trust). If they dont get it, dont let them use your computer. Plain and simple. :) Report it! Want to revenge? Usually, dont bother. What you can do is, if you are SURE about it...I mean SURE, not guessing but are absolutely sure that you have been hacked or under hacking attempt...is to report about it. Make detailed descriptions about what has happened, when and how. If you get IP address of the S.O.B. who attacked you, good. If not, you can ask it from your ISP and tell them you where under attack. Figure out who is on the other end of the line, use services like Whois or Traceroute to figure it out. There are good (non-free) programs like net.demon to help you out. Then, after you have figured it out, send email to abuse@xxxxxxx.xxx (where the xxx is the domain of the S.O.B. who attacked you) and explain them about it. Remember to attach (not as an attachment but in text) the data you have collected, like the IP, time and date, type of attack, ports used and what do you know so far. If you are not sure about it, ask your ISP about it and tell them you want to file a complain against the S.O.B. he can help you out or even do it for you! The kind of message you might want to send:"Hi! Someone in your domain at IP XXX.XXX.XXX.XXX has scanned my ports 666 and 999 which are used for trojan XXX. I scanned my system and found trojan XXX so I have good reason to believe that the same person attempting to connect to me planted it somehow. This all happened at time XXXX at XX.XX.XXXX and lasted until XXXX at XX.XX.XXXX. Here are my firewall logs so you can check it out...........<snip>....... Please check your logfiles. I want to know that you also have this logged on your system incase I will press charges against this villan.....<snip>.... Yours XXXXXX" If you have suffered severe damage, like lost your files and/or much time, I suggest haunting the S.O.B. down and pressing charges against him after you have collected some data. Your data will not hold up in court, but it can be used to assist the police investigations a lot. If the villan is in other country, then again concider how much you can actually gain and loose if you do so. In any situation, if you have suffered from the attack, you should also contact your ISP, he might be able to tell you something about connections to your computer and assist you further, more importantly, he can tell you how to press charges because he is more used to handling situations like this than you are. Remember: Shit happens. Sometimes someone sends you email that has a worm inside. Or you download and execute a trojan. Or misconfigure your system as an invitation to hackers. Its not the end of the world, nor something to worry about that much. It might have been an accident too. Usually just fix it and be smarter next time you use your computer. Life goes on... -Markus Jansson

	Back to Security>>

Home | Mind Technology | Intelligence | Science | Creativity | Dreams | Inspiration Zone | Meta Physics | Copyright | About us

Copyright © Happy Planet. All rights reserved. webmaster