Hackers abound in Anandtech!

[ProviaFan]

Originally posted by: rogue1979
Gosh, I don't know how many times I can say it. I don't know a whole lot about this whole mess. I don't think anyone officially from Anandtech is is trying to hack me personally. It would be more like this is a very large gathering place for computer geeks and the like. Perhaps someone lurking can check out our signatures to try and determine if someone with alot of hardware is worthy of trying to get credit card info? Like I keep saying, when I am logged on Anandtech, 90% of this activity happens. I have been tracking this for over 2 months now, it has to be more than a coincidence. I don't know the how's or why's or the technical implications behind it, but the firewall log tells me it is happening.

Look, you've admitted that your network knowledge is limited; now please listen to those who understand this kind of stuff. Now, I'll repeat what's been said before, so please listen closely:
No one from here (except the admins) can see your IP address unless you give it to them, and they would need your IP address to attempt to hack you. Therefore, no one from here is able to attempt to hack you.

 

[Barnaby W. Füi]

Originally posted by: jliechty

No one from here (except the admins) can see your IP address unless you give it to them, and they would need your IP address to attempt to hack you. Therefore, no one from here is able to attempt to hack you.

Word up!

No one on the forums knows anything about you besides what is listed in your profile, signature, and posts.

 

[MercenaryForHire]

Originally posted by: rogue1979
I think it is safe to say a diamond member on the forums should be able to conduct themselves with some dignity and sense of responsibility.

You couldn't be more wrong.

On top of that, even though I am not sure what is happening, I explained it quite clearly. I didn't see your great knowledge in this area give a viable alternate explanation other then a denial of my theory that hackers are lurking here.

If you'd read everything above my "denial of your theory", you'd realize that you have been told several times that your claims are false, and it's either ads or a script kiddie setting off your firewall, which you've proven you have no idea what it's saying.

Now get off my Internet. </Al Gore>

- M4H

 

[yllus]

Originally posted by: rogue1979
While surfing online some of these messages include Wingate, svchost, services.exe, lovegate, deloader, backdoor.exe, and many trojans. This mostly happens when I am logged in at Anandtech Forums. This has no bearing on my other computers on this network, often I am the only computer booted up. Besides, I recognize all the communications from my other lanned computers and have set rules to permit my firewall to allow this. They also have software firewalls installed.

Like I said, I really don't know how or why it is happening. My firewall is doing it's job and nothing has gotten through yet. I can just tell you what my firewall is informing me of and when it is happening. I am not really worried about myself, my firewall protection appears to be more than secure enough for now. Just wanted to warn unsuspecting people and it would be nice if someone acknowledged that this could be a problem worth recognizing.

It definitely is a problem worth recognizing, but the aspect of it occuring while you are surfing these forums is coincidential. In simple terms, two computers must make a direct connection between each other in order to learn the other computers' IP address. These (and other) web forums act like a middleman in this respect; you post here, I post here, but unless the forum software is written to report our IP addresses (it is, but only to administrator-level members) I'll never learn your IP address.

Your list included "default blocks on the following items". Are you sure that indicates those blocks actually went into effect at some point? The wording makes it sound like that's merely a list of defenses your firewall has available and ready. If those blocks DID go into effect, it means you're already infected with a whole lot of trojan horses. Run DiamondCS TDS-3 and see if it picks anything up and report back to us on how you're doing.

 

[mechBgon]

I think if you upgrade to the Subscriber server then the "HACK ME NOW!" button in your profile goes away. Zuni, is that correct?

















Sorry, could NOT resist. Guy, you should nuke your Windows installation, format your hard drive, reinstall Windows, then update Internet Explorer, then install the latest Windows Service Packs, then your motherboard drivers, then DirectX, then your video-card drivers (might as well be thorough about this ).

Now install current antivirus protection and ensure that it's set to kill on sight, not ask you for permission first.

Next, install ZoneAlarm or whatever firewall you have. Don't install any file-sharing software, or install any illegitimate software. See if the problem is mitigated now that your system is "clean" and not holding a huge HEY, I AM HERE AND I'M A SUCKER FOR ALL THE EASY TRICKS sign.

I would recommend some sort of hardware firewall unit anyway, such as the Linksys BEFRS41 or similar Netgear models. If you're on an always-on connection, you really should have one IMHO.

 

[ProviaFan]

Originally posted by: mechBgon
Next, install ZoneAlarm or whatever firewall you have.

...and disable all incoming connection rejection notifications! That way we won't have to hear about it each time a script kiddie tries to enter your system unsuccessfully.

 

[rogue1979]

Originally posted by: MercenaryForHire

You couldn't be more wrong.

I have to agree with you 100% on that point

 

[merlocka]

Originally posted by: mechBgon


Sorry, could NOT resist. Guy, you should nuke your Windows installation, format your hard drive, reinstall Windows, then update Internet Explorer, then install the latest Windows Service Packs, then your motherboard drivers, then DirectX, then your video-card drivers (might as well be thorough about this ).

Now install current antivirus protection and ensure that it's set to kill on sight, not ask you for permission first.

Next, install ZoneAlarm or whatever firewall you have. Don't install any file-sharing software, or install any illegitimate software. See if the problem is mitigated now that your system is "clean" and not holding a huge HEY, I AM HERE AND I'M A SUCKER FOR ALL THE EASY TRICKS sign.

I would recommend some sort of hardware firewall unit anyway, such as the Linksys BEFRS41 or similar Netgear models. If you're on an always-on connection, you really should have one IMHO.

I have a question, as I am far from savvy on security.

How secure is a BERFS41 with the latest FW, using the default settings? Is there anything obvious to change (other than the default PW) to improve it's security?

 

[rogue1979]

I ran the program, thanks yllus. It found 7 Suspicious Filenames. I checked these and they were all Prime95, Adobe Acrobat and MSN messenger files. I'm gonna guess that all those programs probably have some form of spyware that is being detected. No Trojans detected.

 

[Xionide]

You sir have been pwned.

-Xionide

 

[mechBgon]

Originally posted by: merlocka

Originally posted by: mechBgon


Sorry, could NOT resist. Guy, you should nuke your Windows installation, format your hard drive, reinstall Windows, then update Internet Explorer, then install the latest Windows Service Packs, then your motherboard drivers, then DirectX, then your video-card drivers (might as well be thorough about this ).

Now install current antivirus protection and ensure that it's set to kill on sight, not ask you for permission first.

Next, install ZoneAlarm or whatever firewall you have. Don't install any file-sharing software, or install any illegitimate software. See if the problem is mitigated now that your system is "clean" and not holding a huge HEY, I AM HERE AND I'M A SUCKER FOR ALL THE EASY TRICKS sign.

I would recommend some sort of hardware firewall unit anyway, such as the Linksys BEFRS41 or similar Netgear models. If you're on an always-on connection, you really should have one IMHO.

I have a question, as I am far from savvy on security.

How secure is a BERFS41 with the latest FW, using the default settings? Is there anything obvious to change (other than the default PW) to improve it's security?

I haven't bothered to update mine for more than a year, so I'm not sure I have the latest firmware or not. You can enable SPI (Stateful Packet Inspection) and block large ranges of ports outright, leaving just the ones you know that you need. Let's put it this way... when my Linksys is between my cable modem and my PC, ZoneAlarm leads a very dull life because there's almost nothing for it to do. Try going to Broadband Reports for a port scan and a full scan. You'll need to register to do the full scan, but it's free and worth the time My Linksys comes up with a perfect score on both of these.

Now, if a worm got loose inside my home network, ZoneAlarm would keep it out of my system. If my system got a worm or trojan, ZoneAlarm would keep it from getting out of my system to the others (I hope). I actually don't have antivirus software right now, but I don't engage in any of the usual risky behaviors such as file sharing or warezing, either. So far so good, but I'm going to pick up some AV software next time I place an order with Newegg or somewhere.