• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Hackers in Anandtech? Beware!

R

rogue1979

Diamond Member
I was on the Forums for a couple of hours last night. Most of the time I was watching a movie and remaining idle. So i shut down my computer and turned it on again to check my e-mail before going to bed. When I booted up I found the a WinVNC program was installed on my computer and it wanted a password to enable remote desktop control! I thoroughly searched my folders and registry and found it hiding in 5 different places. Thing is when I tried search it saw the files in certain folders, but upon going there they weren't really there. I was still able to delete them anyway and after cleaning up the registry entries everything was OK. But when you are on Anandtech you can check someones profile and see that they are online. I wonder if this makes us more vulnerable since anyone can see that we are online. I don't have anyway of knowing for sure, but I strongly feel that it was someone with that info that tried to infiltrate my computer. I think I interrupted their work, and they planned to have the WinVNC program boot up with a password enabled with the taksbar icon disabled. Perhaps to watch and wait for me to enter credit card numbers!
 
That's no different from having someone on your AIM/ICQ list. How do you know someone hacked it as opposed to you actually downloading the virus on accident?

EDIT: oops nm
 
Do you use IRC? IRC gives away all your info necessary to hack into your computer (I've had some fun with this wit' mah CS buds--but lets not get into that 😀).

As well, if you use Kazaa/etc., you could easily be downloading viruses and not know it, be careful in this respect if you use Kazaa...

~Aunix
 
No I don't use IRC, and I didn't even open any e-mails or download anything that day. Not sure where it came from, but I definately believe it was hacking and I have a gut feeling it was someone hanging around and lurking here.
 
I'd have to agree with others here, someone got your IP by other means. No user here has the ability to view your ip address. Any IM, or persistent connection to something is open to hacking. The forums are a web page nothing more, not persistent. You could visit a website and they have your IP Address. Every time you request a page on a web server anywhere your ip is tracked, it's part of the CGI variables scope on any server.
 
Your IP address is not something that makes you a target for hacking, having vulnerable services running does, as well as doing stupid things like running random software you get from kazaa or irc.

As has been mentioned, these forums are web pages in a web browser, nothing more.
 
Originally posted by: BingBongWongFooey
Your IP address is not something that makes you a target for hacking...
Click to expand...
Agreed. My IP isn't some top secret thing, unlike a credit card number. To prove a point, my IP is, in fact, 127.0.0.1; come on and try to hack me. 😉
having vulnerable services running does, as well as doing stupid things like running random software you get from kazaa or irc.
Click to expand...
Non-windows-updated Windows (and sometimes even Windows with all the latest updates) qualifies as a very vulnerable "service" IMHO. On Linux, things are much easier for the user to control, and staying secure is as simple as doing a weekly apt-get (for those Debian users, or using whatever autoupdater your distibution provides), and not running stuff you don't need (like sendmail and apache for the majority of desktop Linux users).
 
my IP on this syetm is 192.168.0.61 Feel free to try to hack it 😛

It would be much easier just to ping you then go all the way to AT to see if you were online.
 
Originally posted by: Evadman
my IP on this syetm is 192.168.0.61 Feel free to try to hack it 😛

It would be much easier just to ping you then go all the way to AT to see if you were online.
Click to expand...

Hm, mine's 192.168.0.2, we must be on the same isp or something 😕 😛
 
Originally posted by: BingBongWongFooey
Originally posted by: Evadman my IP on this syetm is 192.168.0.61 Feel free to try to hack it 😛 It would be much easier just to ping you then go all the way to AT to see if you were online.
Click to expand...
Hm, mine's 192.168.0.2, we must be on the same isp or something 😕 😛
Click to expand...

Oh my gawd!! My IP on this system is 192.168.0.1 and the the system behind me is 192.168.0.2 and ...uh.. wait a minute (looks back over shoulder) Whew you're not there. Had me worried there for a moment. 😉 😛

 
Originally posted by: TonyH
Originally posted by: BingBongWongFooey
Originally posted by: Evadman my IP on this syetm is 192.168.0.61 Feel free to try to hack it 😛 It would be much easier just to ping you then go all the way to AT to see if you were online.
Click to expand...
Hm, mine's 192.168.0.2, we must be on the same isp or something 😕 😛
Click to expand...

Oh my gawd!! My IP on this system is 192.168.0.1 and the the system behind me is 192.168.0.2 and ...uh.. wait a minute (looks back over shoulder) Whew you're not there. Had me worried there for a moment. 😉 😛
Click to expand...

Why would you be scared of me? 😀 😉
 
Originally posted by: mechBgon
LOL, this thread is funny 😀
Click to expand...

I agree.

Sure, someone could look at your profile to see if your are online and then "hack" you. Personally I am not concerned by this as I am always online 24/7. Cable internet and computer on.

If I were you I would lock down that computer, change all the passwords, firewall it, and have a good antiviri program.

 
Two nights in a row now, this time they got further installing the WinVNC program as well as several items in my registry under Windows/Current version/Run and Run Services. A "patchHL" and a "dial32.exe" as well as an explore.exe naming one of the files where the VNC program is hidden. I removed everything and installed Norton Firewall. At least for now I leave my MSNMessenger turned off, until they find a different target. No damage to my Windows, I don't believe they want that. They had plenty opportunity to hose my OS, but I think they are trying to install these programs to run them remotely when I am online and if they have a chance to finish I wouldn't notice anything running. I can only guess they want to grab credit card numbers or bank info or the like to steal money. I have no clue why they are targeting me, and I am not sure how all this works. But I am updating all my credit card numbers just in case.
 
Seriously dude. Do you have any firewall setups on that machine? Virus programs? Just because you cleared your info on your computer doesn't mean that they won't try it again. Whoever it is, (and I am SURE that it's not someone from here) knows your volnerable and just sits and waits till you get back online. Once they find a vulnerable IP they make sure they remember it.

But Geoff is right. Do a fresh install to be sure nothing is left on there and make sure you install a firewall/viri program as soon as you get it up. Things will happen when you go online. Even with all the protectents, it doesn't mean you won't get hit. If you don't like getting hit. Don't go online.


Wolfie
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top