Welcome to WebmasterWorld Guest from 54.196.5.163

Forum Moderators: bill

Message Too Old, No Replies

Need help! Someone is hacking my computers.

     
7:04 am on Feb 28, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 12, 2004
posts:550
votes: 0


I have 6 computers on my wife's store for her customers to use. My promblem is someone is hacking the computers. Everytime someone use yahoo messenger on any of the computers, he is intercepting the user's password. I don't know what's this guy's up to, he is changing the passwords, jerking around with our clients. Sometimes, he would send instant messages and tell our client that he knows her password. And when my clients ask what, he would tell the password.

How did he do this? I have the windows firewall turned on, avg and yahoo anti spyware intalled. I often scan the computers but found no spyware or virus.

Any recommendation on what to do to stop this guy from hacking my computers will be much appreciated.

7:26 am on Feb 28, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


Why do you need IM in the store? If it is not essential to your services, delete it.
7:38 am on Feb 28, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 12, 2004
posts:550
votes: 0


Thanks pendanticist,
Unfortunately, I can't delete the IM. Actually, they are paying us everytime they use this and they love it.
7:47 am on Feb 28, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


Well, I know you probably don't want to go into too much detail, so, is the situation one that tracking software may help? In other words, are these infractions occurring within the store, or remotely?
8:09 am on Feb 28, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 12, 2004
posts:550
votes: 0


Basically, what I want to do is to keep anyone from accessing my computer remotely, like what this crazy man doing in my computers. Beside the securities and settings I mentioned above, what else should I do to prevent this from happening again. I'm not always in the store, my wife is running it, and she's really mad because our custsmers are going somewhere else because of this.
8:32 am on Feb 28, 2005 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts:14978
votes: 131


A more powerful firewall like ZoneAlarm might be an easy first step.

There are all sorts of precautions that you could take to prevent this depending on your setup. Make sure none of the PCs are running with Administrator permissions to start with. You might just want to do a clean install of windows on all the machines and set up some security guidelines.

8:34 am on Feb 28, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 16, 2002
posts:2010
votes: 0


Are you using wireless networking? Some IM passwords and email passwords are sent "in the clear" (meaning plain text that can be seen easily).
8:43 am on Feb 28, 2005 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14663
votes: 99


I hate to say it, but it was probably someone that uses your computers messing with you. Came in, hit the browser, clickety click, download and install something nasty. You need to virus scan, check spyware, look in your system for odd things installed in your auto-start, browser start page, etc.
10:25 am on Feb 28, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 12, 2004
posts:550
votes: 0


I tried norton's internet security but makes the computer so slow. I'll try zone alarm.

amznVibe, I'm not using wireless.

bill, Only me have access with administration.

Thank you all!

11:06 pm on Mar 3, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 15, 2005
posts:65
votes: 0


It sounds like a keylogger someone installed. Like incrediBILL said, its probably someone in the store that uses the pcs.
11:25 pm on Mar 3, 2005 (gmt 0)

New User

10+ Year Member

joined:Dec 1, 2004
posts:10
votes: 0


Format all computers and install windows again on all computers. Buy a modem / Router with firewall support (Draytek 2600 for example), it is much better then a software firewall. To prevent viruses on your computer use McAfee and not Norton.
Make a mirror drive of every computer. If you do not trust a certain computer just format the drive and get the original configuration back using the mirror you made earlier.
11:29 pm on Mar 3, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 18, 2003
posts:1925
votes: 0


Possible problem

Keylogger

Keyloggers log everything that computer users type and it can even log program names people use and many other things. Then the program can automatically send reports by email or upload to an ftp on a schedule. Abuser can also personally come and get the reports.

Back Door Application (aka Trojan Horse)

Back door software allows abuser to "login" to your computer remotely and monitor all activity. Abuser can see the screen, see the programs running and even control the computer remotely. Sometimes those programs come with built in keyloggers as well.

What You Need

Firewall

First of all, install a firewall. Block all incoming connections to your network. Block most outgoing ports as well. Watch out though, if your users rely on AIM, then it might block the file transfers. There are ways around it though. Maybe you shouldn't allow file transfer anyways - just to be safe.

Antivirus Software

Install an antivirus (Dr. Web) and spyware programs (Ad-aware, Spybot) on each computer. Make it so that your users cannot turn the software off. Update it regularly. Or even better - set it to self update every day.

Deep Freeze

Look into a program called Deep Freeze. You can control what user can and cannot do on your computers. Even things like installing, opening certain applications, changing settings, etc... You can disallow all that. If they only require AIM - you can set DF to only allow running that program and nothing else.

Ghost Imaging

Look into ghost imaging. Ghost imaging will revert all the changes that were made to the OS every time it's restarted. You can create one configuration with the programs, settings, updates and everything you would need on a running computer. Create an image out of it and use that image for the rest of your computers. If something went wrong, all you need is a restart. But I beleive you need one central computer (server) to store the image.

8:02 am on Mar 5, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 12, 2004
posts:550
votes: 0


Thanks to all of you!
I'll review this again when I visit the store next week.
5:41 pm on Mar 12, 2005 (gmt 0)

New User

10+ Year Member

joined:July 28, 2003
posts:5
votes: 0


I run several computers for the public to use (unsupervised) and the best solution I have found is to use Symantec's GoBack, which takes the computer back to how I installed it after every reboot. I have had these computers running for many months without problems this way.
5:52 pm on Mar 12, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 16, 2001
posts:2015
votes: 3


Ahhh, GoBack that's an excellent idea! You can present a consistent experience to everyone that uses the computer. You can also have a mixed computer environment running since GoBack is unique to each machine.

When I was travelling around Europe, I found the country-wide internet cafes would re-image the computer after I logged off. But I imagined all the computers for each cafe were the same, so all they need was one image file.

For a small shop, GoBack would make the most sense. Just make sure you do the entire installation. ;)

2:42 am on Mar 14, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 12, 2004
posts:550
votes: 0


I run several computers for the public to use (unsupervised) and the best solution I have found is to use Symantec's GoBack, which takes the computer back to how I installed it after every reboot. I have had these computers running for many months without problems this way.

I will definitely try this. Thanks