Hi! Long Time No Post!

It has been at least three or four years since I was on here. A lot has happened during that time. In a nut shell - I am trying to retire and go on Social Security Disability. Of course they are saying no but we are going to have a hearing in Social Security Court about it. I meet the qualifications in several ways. Anyway, I have noticed several new methods of attacking computers. My systems are still being attacked by hackers but thanks in part to Major Geeks and in part to me reading everything I could find - I have managed to secure my systems. I thought I'd post some of the things I have found out.

Attack #1 - Hacker gets onto your router as one of the non-normally used IP addresses and attacks.
How: I have AT&T. AT&T's passwords to their routers (backdoor) can no longer be easily changed. Even so, the IP ranges available are 192.168.1.0-192.168.1.253. 192.168.1.254 is used for the router itself. This leaves 192.168.1.255. This is where my hacker is getting on at. He then starts doing either UDP or TCP pings to the system of his choice until he crashes it.
Fix: Create a new IP rule that blocks all traffic from 192.168.1.255. Also make it block all communications. Under Windows 7 this is relatively straight forwards. Under Windows XP (yes - I still use XP) you should look at https://support.managed.com/kb/a482/block-an-ip-or-ip-range-using-windows-ip-security-policy.aspx. They explain how to set up a rule for XP.

Attack #2 - Hacker tries to log in as either you or a system account. Such as Administrator or Guest.
How: Once the hacker is on your router he can then just sit there and try to get onto your system. Once on they set up a viewer like TightVNC. Only it is a special viewer that doesn't show itself on your system like TightVNC does. This program (which I forget the name now of course!) can take snapshots of your screen and/or read the keyboard.
Fix: After finding and removing the program I recommend going into the Local Security Settings and make it so no one can log on to your system. This doesn't mean YOU can't log onto it (as you are setting the remote login restrictions) and it doesn't mean you can't use something like TightVNC or TeamViewer to still get onto the other system. It just prevents anyone else from getting onto your system.

Attack #3 - Using TIGHTVNC can allow a hacker onto your system even though you thought you set it up so they can't.
How: Using too broad of an ALLOW option.
Fix: Only allow one system to log on to the system you are running TIGHTVNC from. So like 192.168.1.1 is allowed and no other system is allowed to get on. By just saying 192.168.1.0-192.168.1.255 you allow a hacker to get on any of the IP addresses and then log in to the system. Some might say "Just use TeamViewer" but the free version of TeamViewer will not allow you to move multi-gigabyte movie files from one system to another and if you are converting VHS tapes over to WMV files (which I am - lots of dog flyball races) then you need to be able to move those files. TIGHTVNC has no such restrictions and it doesn't burn up your DSL usage totals either because both computers are on the router. So it short circuits between the two.

Attack #4 - Logging in to the Administrator or Guest account.
How: Brute force method unless the person never changed their account passwords.
Fix: Change "Administrator" to something else like "MyDearAuntSally". Do the same for the Guest account. Disable the Guest account. Disable the Administrator account (if you are an administrator), Change the passwords for both accounts.

Attack #5 - Misusing the file & printer sharing
How: Once the hacker is on, he goes into your system and sets up file sharing directly to his computer so he can mount your hard drive and begin moving files over to his computers. One of the flags that this is happening is your system begins running slowly and those little lights on your router are flashing a whole lot more than what you are doing over the internet.
Fix: Since File Sharing is not necessary if you have TightVNC - I removed it from my system. Once it is removed this activity stops. Please note that you can still share your printer by just letting everyone connect directly to the printer and use their own system as the print spooler.

Attack #6 - Hard core - take over your system.
How: Hacker resets your hard drive so you can't delete any files or add anything to the files. This basically locks you out of being able to do anything on your system.
Fix: You have to reset all of the privileges again for the entire hard drive. This can take hours to do. A good recovery CD will allow you to boot it up and get in to the system, make modifications, etc...

When your system appears to be running slowly and it isn't something like Avira scanning files or PerfectDisk trying to move a multi-gigabyte file around - then it is time to look to see if someone is trying to hack you. If you do not have a Group Policy (ie:Home version) widget - you need to download it and install it. You also need to go look at the Event Viewer. Your Event Viewer (in the Administration Tools folder) needs to be set to see all _failed_ attempts at logging in. (After all, who cares about successful ones - right?) I was surprised that even out in the middle of no where (30 miles to the nearest town) - hackers are still trying to break in to computers. Even over dial-up lines at 1200 baud!

It is a tough world out there - stay safe!

Mark

 

Maybe TightVNC is the problem.

 

Ah! You must not have read the entire message. Note that I said "So like 192.168.1.1 is allowed and no other system is allowed to get on." If you set your computer to always get on one IP number (like 192.168.1.1) and set TightVNC to block anyone else getting on (there are two places to do this) then no one else can get on after you have and if you set TightVNC to shut the system down when you log off, then only you can get onto it and there is no reason to worry about it. Again, it is ignorance on the part of many people who use TightVNC on how to set it up (myself included originally) that can cause problems.

It is just like not having an antivirus program. You are just asking for viruses. Even Avira does not come properly set up. You need to go in and adjust what all it can or can not do in order to be protected properly.