| Pages: [1] 2 3 4 :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
7shining7one7
Quafe Paladins
   |
Posted - 2007.09.05 20:21:00 -
[1]
I love this game, it's great, and the people in it, for better or for worse, i'm sticking around and having fun with all of ya :)
Now.. i love to get to know people, and people also loves getting to know me.
It seems however, that there might be a person that is a little bit too eager to get to know me and who i am, and it might be someone from in here, which is why i post this.
yesturday, i was playing around with various stuff, having fun as i usually do. when i'm in front of the computer, at that point i didn't have my firewall on. at approximately 11 pm my time, i got logged out of my computer whereafter my password failed 5 times, i reacted quickly and pulled out the cable and got the message that there were other computers connected to this, that might loose data if i shut it down.
Only thing is, this is the only computer that i currently have hooked up to the internet, straight to the modem. as a precautionary meassure when playing with stuff.
So i ran some scans, spyware malware, scanned for rootkits viruses trojans etc. as anyone would. i changed all my passwords and found to my luck that all was well and no keylogger or such was there.
i also noticed the bugger had enabled remote support, he got in through a port i had accidently left open after playing with some network stuff.
So.. next day.. which is today.. i had all the usual programs up and running, now from approximately 4 pm to 10 pm my time, there were over 1900 attempts on the same port (the port i had just closed as a result).
first of all, no program tries the same port for 4 hours, and definately not 1900 times, normal programs fail and give up after certain amount of tries. secondly no registered program uses the port that it was trying to use.
so as my firewall program was happily blocking and logging i was taking screenshots all along, doing traceroute on some of the ip's. The ip's changed a lot but there were some redundant ones, that will be investigated (more on this in a little bit). ping resulted in timeout, but traceroute went through fine. he was most likely employing an ip spoofer in tandem with a connection program.
he got through yesturday by portscanning me and finding a port open, and as i had a shared folder and no firewall up those who know anything about hacking knows how easy it is from there.
now despite lucking out yesturday, the poor sap thought he'd give it a shot for no less than 4 hours today, apparently he doesn't see the logic in his attempt being logged the 2nd time, after it was clear what he was trying to do yesturday.
now.. i'm all for getting to know one another and having fun.. but i'm really getting bored with this rather quickly. so what i'm going to say is this. 1. i have evidence. 2. in my country the isp can be involved and trace you out in coordination with other isp's if there is sufficient evidence to constitute suspicion of intrusion attempts. 3. ip spoofer will not help once the isp's get involved in tracing you, then it's pretty much over.
so.. i'll do some looking up myself of the huge log i got and the authorities will do the same, and i sincerely hope it's not someone from in here.
now.. i know some of you do meta gaming like this. i know the mittani does.. and others he employs, and i'm not pointing any fingers.. but i have seen several in here that were suprised to see chatlogs surface that were only on their computer, and posted by alts, knowing that this could only have been found through hacking his computer.
so.. meta gamers and those who attempt it without any concent, or script kiddie newbie hacking with maliscious intent, will not be tolerated and should not. whoever it is that did this, say goodbye to your "hacking career".. and no, there's no company that'll save u and come give u a job cause ur such a "nber cool guy"..
have a nice day
7
|
Jimer Lins
Gallente
Sanctuary
|
Posted - 2007.09.05 20:25:00 -
[2]
Prediction: This will be epic.
SEARCh- we find sites for you! |
Laura Steel
Minmatar
Independent Interspace Industiers
Fallout Project
|
Posted - 2007.09.05 20:25:00 -
[3]
Well..
goodjob in taking control of the situation :)
----
Darn exclamation mark! I have brown hair, green eyes and a nice tan :) |
Tarminic
Black Flame Industries
|
Posted - 2007.09.05 20:32:00 -
[4]
Yikes, good thing you caught the attack when you did! I hope you catch the guy that did it.
Until now I forgot that chat logs are recorded by EVE. Makes me glad that I usually keep my computer locked up fairly well, and also glad that I don't do anything especially important either.
------------
Whiners - Unite! | Posting and You
Tarminic - Forum Warfare Specialist. |
Major Stallion
Four Rings
D-L
|
Posted - 2007.09.05 20:32:00 -
[5]
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
________________________________
High Sec PvP
 Originally by: "Wylker"
CCP has finally mastered stupidity
|
Illyria Ambri
RennTech
|
Posted - 2007.09.05 20:33:00 -
[6]
See what happens when you leave your ports open.. you get sailors in them
------------
This is not War... This is pest control - Dalek Sek
Here come the Drums!! - The Master |
SengH
Black Omega Security
Pandemic Legion
|
Posted - 2007.09.05 20:35:00 -
[7]
Originally by: 7shining7one7
Only thing is, this is the only computer that i currently have hooked up to the internet, straight to the modem. as a precautionary meassure when playing with stuff.
Thats your problem right there.... are you insane? It probably has nothing to do with eve to begin with...
|
Tarminic
Black Flame Industries
|
Posted - 2007.09.05 20:35:00 -
[8]
Originally by: Major Stallion
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
There are cute little programs that script kiddies and n00b hackers use called Port Scanners - download one and have it scan your own IP address, it will give you a list of ports that respond.
------------
Whiners - Unite! | Posting and You
Tarminic - Forum Warfare Specialist. |
Major Stallion
Four Rings
D-L
|
Posted - 2007.09.05 20:39:00 -
[9]
Originally by: Tarminic
Originally by: Major Stallion
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
There are cute little programs that script kiddies and n00b hackers use called Port Scanners - download one and have it scan your own IP address, it will give you a list of ports that respond.
and the ones that respond are the open ones....im assuming you close them via your router? =/ im good with computers, but absolute crap with anything related to networking.
________________________________
High Sec PvP
Originally by: "Wylker"
CCP has finally mastered stupidity
|
XiticiX
Gallente
Kudzu Collective
Knights Of the Southerncross
|
Posted - 2007.09.05 20:40:00 -
[10]
Analysis: This is a random event, nothing to do with EvE. He was not 'hacking' - rather, running a script looking for open ports. The script found one, logged it as avaliable, and kept trying because that's what scripts do. The 'hacker' was probably sleeping or out to dinner while it did its stuff. If he was clever he would have routed his attack through previously 'hacked' computers, making an ISP's life extremely difficult. No ISP in the world will follow the trail through 8 different machines, 7 of which they don't own, nor provide service for. The authorities will stop their investigation at your ISP.
Prediction: nothing at all will come of this. Keep blocking the port intrusion attempts.
~~~
This is my sig. Do you like it?
~~~ |
|
|
Big Pick
Caldari
Task Force Ranger
|
Posted - 2007.09.05 20:41:00 -
[11]
Agreed. You gotta run an intermediary firewall man. Its probably not even a script kiddie. The overwhelming majority of the logged intrusion attempts on my company's network are automated bot nets. Almost all of those are intended as e-mail spam bots.
It can be something as simple as a cheap NAT router or as advanced as a FreeBSD firewall that runs Snort or some other intrusion detection system like we use. But you have to really protect your network.
=====The Devs stole my sig, so they should make me a new one.===== |
Abbadon
Caldari
Pukin' Dogs
D0GMA
|
Posted - 2007.09.05 20:43:00 -
[12]
Edited by: Abbadon on 05/09/2007 20:45:04
Edited by: Abbadon on 05/09/2007 20:43:42
Originally by: Major Stallion
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
One of the fastest and easiest ways is to go here Gibson Research and run the ShieldsUP! scan.
There is also a list of other very useful hints/tips/apps etc
.
|
Tarminic
Black Flame Industries
|
Posted - 2007.09.05 20:45:00 -
[13]
Originally by: Major Stallion
Originally by: Tarminic
Originally by: Major Stallion
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
There are cute little programs that script kiddies and n00b hackers use called Port Scanners - download one and have it scan your own IP address, it will give you a list of ports that respond.
and the ones that respond are the open ones....im assuming you close them via your router? =/ im good with computers, but absolute crap with anything related to networking.
It varies depending on the type and sophistication of your router, but generally yes. Some you'd want to leave open for diagnostic purposes (ping, for example). You should also be able to close ports through your firewall software as well.
Take this with a grain of salt though, it's been a year or two since I did any serious networking work.
------------
Whiners - Unite! | Posting and You
Tarminic - Forum Warfare Specialist. |
Frug
Zenithal Harvest
|
Posted - 2007.09.05 20:45:00 -
[14]
Originally by: XiticiX
Analysis: This is a random event, nothing to do with EvE. He was not 'hacking' - rather, running a script looking for open ports. The script found one, logged it as avaliable, and kept trying because that's what scripts do. The 'hacker' was probably sleeping or out to dinner while it did its stuff. If he was clever he would have routed his attack through previously 'hacked' computers, making an ISP's life extremely difficult. No ISP in the world will follow the trail through 8 different machines, 7 of which they don't own, nor provide service for. The authorities will stop their investigation at your ISP.
Prediction: nothing at all will come of this. Keep blocking the port intrusion attempts.
This man is right.
You're on the internets. It's full of haxxorz trying to pwn ur computorz. It's got nothing to do with eve, but I like how you tossed mittani's name in there.
- - - - - - - - - Do not use dotted lines - - - - - - -
If you think I'm awesome, say BOOO
BOOO!! - Ductoris
Neat look what I found - Kreul
Hey, my marbles |
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 20:45:00 -
[15]
Originally by: XiticiX
Analysis: This is a random event, nothing to do with EvE. He was not 'hacking' - rather, running a script looking for open ports. The script found one, logged it as avaliable, and kept trying because that's what scripts do. The 'hacker' was probably sleeping or out to dinner while it did its stuff. If he was clever he would have routed his attack through previously 'hacked' computers, making an ISP's life extremely difficult. No ISP in the world will follow the trail through 8 different machines, 7 of which they don't own, nor provide service for. The authorities will stop their investigation at your ISP.
Prediction: nothing at all will come of this. Keep blocking the port intrusion attempts.
he logged me out and attempted to change password.
granted it might have nothign to do with eve, but i've been on some teamspeak servers, (and granted i could have used an ip spoofer when i did that, it's allways easy to be smart after the fact.) and other stuff that might have given away my ip. and as i write, i write this post in case it is someone from in here, and as an encouragement to the entire community not to take metagaming to this level (i've seen such thigns mentioned here before, it's not a new thing), cause it has dire consequences. it's the equivalent of breaking into somebody's home and prying around in their stuff potentially breaking stuff or stealing something that does not belong to you. it's not just "ok" cause it's on the "computer".. hacking is not "a game".
just a little heads up.
|
SengH
Black Omega Security
Pandemic Legion
|
Posted - 2007.09.05 20:55:00 -
[16]
Originally by: 7shining7one7
Edited by: 7shining7one7 on 05/09/2007 20:53:56
Originally by: XiticiX
Analysis: This is a random event, nothing to do with EvE. He was not 'hacking' - rather, running a script looking for open ports. The script found one, logged it as avaliable, and kept trying because that's what scripts do. The 'hacker' was probably sleeping or out to dinner while it did its stuff. If he was clever he would have routed his attack through previously 'hacked' computers, making an ISP's life extremely difficult. No ISP in the world will follow the trail through 8 different machines, 7 of which they don't own, nor provide service for. The authorities will stop their investigation at your ISP.
Prediction: nothing at all will come of this. Keep blocking the port intrusion attempts.
he logged me out and attempted to change password.
i threw the mittani's name in here cause of the article here where it seems obvious that he might be morally capable (or crippled, matter of oppinion i suppose) to take metagaming to such a level. part of the article is an associate of the mittani verifying and cross referencing ip and phone number of the interviewer. and i am not pointing any fingers as i said.. i just brought him and his associates up as an example of heavy meta gaming.
granted it might have nothign to do with eve, but i've been on some teamspeak servers, (and granted i could have used an ip spoofer when i did that, it's allways easy to be smart after the fact.) and other stuff that might have given away my ip. and as i write, i write this post in case it is someone from in here, and as an encouragement to the entire community not to take metagaming to this level (i've seen such thigns mentioned here before, it's not a new thing), cause it has dire consequences. it's the equivalent of breaking into somebody's home and prying around in their stuff potentially breaking stuff or stealing something that does not belong to you. it's not just "ok" cause it's on the "computer".. hacking is not "a game".
just a little heads up.
what rock have you been under its already been done.... its how the T20 thing was uncovered...
|
SchirmerN
Amarr
Danish Arms Association
|
Posted - 2007.09.05 20:55:00 -
[17]
Edited by: SchirmerN on 05/09/2007 20:56:06
A blind chicken could get into your pc, if you turn your firewall off. duh
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 21:03:00 -
[18]
Edited by: 7shining7one7 on 05/09/2007 21:05:06
it's a funny coincidence however, that 10 minutes after i wrote the post, the 4-5 hour onslaught with over 1900 attemps went to a complete standstill..
might be a coincidence, i just find it rather amusing still...
so again, it might have nothign to do with eve, just thought i'd bring up the whole meta gaming thing along with my own experience, to get people to think about making themselves safe at all times, and don't let your guard down just to experiment a little bit, and also to give people a chance to reconsider if they really want to take metagaming to a level like that.
have a nice evening :)
update: i'm still laughing 
|
DavidBowiesNippleAntenna
GoonFleet
GoonSwarm
|
Posted - 2007.09.05 21:08:00 -
[19]
looks like you caught "The Mittani" red handed trying to infiltrate the Quafe Paladins, clearly a high priority target. I'm glad to hear you're safe 7shining7one7 and I hope you repel all future internet invaders.
|
Play Thing
|
Posted - 2007.09.05 21:11:00 -
[20]
Hmmmmm
"Acquired" Laptop + Wireless + idiot users with no security on wireless router = trace with your isp until your blue in the face.
I have become the formless.
|
|
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 21:12:00 -
[21]
Edited by: 7shining7one7 on 05/09/2007 21:15:22
rofl, i'm quite sure that was not the purpose with it tho (otherwise someone needs to check their intel), might just have been an effort to get to know more about who i am in general.. but thanks for the funny comment
i don't use wireless, definately.. definately.. not an idiot, (yes i know about wireless hacking and such *hint* pringles can *hint*, and i've played around with some friends with concent to test stuff out for fun.
as for the hopelessness.. the traceroutes went through fine, so that narrows it down substantially.
oh btw. post with your main :) (ya, i like that too)
|
JoDirt
Minmatar
Tides of Silence
Hydra Alliance
|
Posted - 2007.09.05 21:28:00 -
[22]
You should install a hardware firewall and NAT your IP Address. This will implicitly deny all inbound traffic. Only traffic orginating from your network will be allowed the return trip. oh and pm me the ip address scanning you if you like, wouldn't mind having a looksy.  |
Gwoden
Gallente
Exa Utopia
Exa Nation
|
Posted - 2007.09.05 21:31:00 -
[23]
Everyday... every minute.. millions upon millions of IP addresses are being scanned by other infected systems. This is nothing new.
What you are experiencing is what we call the interet. Welcome. Now get behind a router/firewall before your PC gets killed.
My opinion is that this is all just one big coincidence. This has nothing to do with eve, or the playerbase. Your system IP has been added to a hacker "hot list". A list of IP addresses with open ports, placed backdoors, or easy passwords. Unfortunately your IP will undergo many, many scanns for many months until it is eventually removed. Maybe. Best bet is to contact your ISP and request that they give you a new external IP address. And then format your PC. Yep... for-mat. Change all passwords. And start over.
After this, always connect your PC to the internet, behind a hardware firewall. Then turn on your software firewall. :) Have up to date anti virus, and an up to date OS. Preferably layer your vendor protection. Software firewall by Norton, and anti-virus by McAfee. The more "layers" a hacker has to pass through, the more frustrating it is for them ;) After a while the time to ***** versus benefit is no longer in their favor.
As for going after these people. Unfortunately the hacker rule #1 is that any open port is an open invitation or people to access it. If they login to your system and you have a banner/message that says "only authorized access allowed. If you are not authorized, you must disconnect." (or something close) then you can prosecute. If you do not have a message/banner, once again this will fall back on the rule of "you have the port open, you are giving people the right to access it.". Then you cannot prosecute.
Sorry to hear of your troubles, and i hope this information helps you.
_______________________________________________
There is no "I can't" only "I will". |
Zenst
Gallente
Reikoku
Band of Brothers
|
Posted - 2007.09.05 21:46:00 -
[24]
As a rule never connect a PC directly to the net when you can port forward and do with other means as well as a firewall.
Fact - installing windows XP from scratch and patching from windows update straight away will by the time you get fully patched up already have left your box exposed and vulnable for nearly an hour. In that time there will be many attempts due to botnets and scriptkiddies. The various different IP's and duration would indicate that to some extent is what you got. Even having automation driven port scans after several nodes rport unsucceful back to the controlling nodes to restablish root.
I do however strongly reccomend having a seperate install/partition of XP just for games. This means you can do all that jazz in a install tuned for that without extra registry and dll bloat distracting from performance. Then have dedicated internet banking/business stuff. VMware is a wonderful tool btw in that you realy dont need a fast system for internet banking and having using that or another free version works well from a security aspect.
Also check sheilds up remote port scan on this site GRC Sheilds up . Its not the best but it does do the job and thats all you can ever ask.
Also not there is never any reason whatsoever to have your PC plugged directly onto the internet, NAT or firewall and/or port redirection. Generaly as a rule deny everything and allow by exception and then you can ignore all the bots. Though do keep patched up as whilst your patched up today there will be a vulnability tomorrow and thats one released at a public level. Zero day expliots whilst not exactly years until known thesedays do happen, albeit mostly days or weeks. But still there are the odd ones that do get a long shelf life.
Remember putting a PC directly onto the internet is like driving a bicycle on a busy motorway.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 21:53:00 -
[25]
Originally by: Gwoden
Everyday... every minute.. millions upon millions of IP addresses are being scanned by other infected systems. This is nothing new.
What you are experiencing is what we call the interet. Welcome. Now get behind a router/firewall before your PC gets killed.
My opinion is that this is all just one big coincidence. This has nothing to do with eve, or the playerbase. Your system IP has been added to a hacker "hot list". A list of IP addresses with open ports, placed backdoors, or easy passwords. Unfortunately your IP will undergo many, many scanns for many months until it is eventually removed. Maybe. Best bet is to contact your ISP and request that they give you a new external IP address. And then format your PC. Yep... for-mat. Change all passwords. And start over.
After this, always connect your PC to the internet, behind a hardware firewall. Then turn on your software firewall. :) Have up to date anti virus, and an up to date OS. Preferably layer your vendor protection. Software firewall by Norton, and anti-virus by McAfee. The more "layers" a hacker has to pass through, the more frustrating it is for them ;) After a while the time to ***** versus benefit is no longer in their favor.
As for going after these people. Unfortunately the hacker rule #1 is that any open port is an open invitation or people to access it. If they login to your system and you have a banner/message that says "only authorized access allowed. If you are not authorized, you must disconnect." (or something close) then you can prosecute. If you do not have a message/banner, once again this will fall back on the rule of "you have the port open, you are giving people the right to access it.". Then you cannot prosecute.
Sorry to hear of your troubles, and i hope this information helps you.
hehe thanks, but i have rootkit, malware, spyware, trojan scanner firewall and a router with nat, i was just experimenting with some network stuff s all..
as for the prosecute or not prosecute: "you have the port open...." i didn't and it was attempted for 5 hours. so that's what that is.
and yes unless the person has some way of coming in contact with me and so we can have a talk about it, then the hunter has become the hunted as far as i'm concerned. But that offer won't stand forever offcourse. If someone tries to break into your property with success or not, you wouldn't take it lightly either.
also let's differentiate between true hackers who actually are nice very intelligent people who seek to find exploits and inform corporations about them and make a living as such, and concentually hacking various systems in order to accomplish this..
and script kiddies, *****ers etc. who are maliscious, many times sociopathic semi adults who wants to make a reputation for themselves by messing stuff up, thus creating maliscious scripts, trojans and viruses, hoping they will somehow get employed for being such an "nber cool guy".
i like to keep those two terms very separate.
jodirt, that can be arranged np :) it's allways nice to have justice on your side, morally and lawfully speaking. and the more the merrier.
|
Gnulpie
Minmatar
Miner Tech
|
Posted - 2007.09.05 22:27:00 -
[26]
OMG!
You got attacked by some scripter and you seem to have good control over the situation, grats to that.
But what the *** makes you believe that this has ANYTHING to do with Eve??? Honestly, if your first thought after you got attacked is that it might be something Eve-related then I seriously suggest that you should take a step away from Eve for a while...
|
Zombie Network
GoonFleet
|
Posted - 2007.09.05 22:33:00 -
[27]
1989 just called, they want their breaking news back!
|
SiJira
|
Posted - 2007.09.05 22:35:00 -
[28]
someone is about to get a retro amazing prostate exam
____ __ ________
_sig below_
devs and gms cant modify my sig if they tried!
_lies above_
CCP Morpheus was here
Morpheus Fails. You need colors!! -Kaemonn
[yellow]Kaem |
syphurous
Gallente
|
Posted - 2007.09.05 22:42:00 -
[29]
I dont get how you related Eve and your machine being scanned ?
Can I Have Your Stuff ?
___
Too Many Anchored Cans |
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 22:50:00 -
[30]
Edited by: 7shining7one7 on 05/09/2007 22:56:38
Originally by: Gnulpie
OMG!
You got attacked by some scripter and you seem to have good control over the situation, grats to that.
But what the *** makes you believe that this has ANYTHING to do with Eve??? Honestly, if your first thought after you got attacked is that it might be something Eve-related then I seriously suggest that you should take a step away from Eve for a while...
first of all i said it could potentially be an eve player, and i didn't point any fingers please read it again.
second it was first of all to bring up the issue of meta gaming based on the experience since it was a possibility it had something to do with it.
but also.. it was to see if posting here had any effects on the attack, which it had, the attacks stopped on a dime 10 minutes after i made the post.
i still haven't said that it might necessarily be an eve player, and i have also stressed that i hope it is not. but.. i'm definately going to find out.
and thirdly, meta gaming is something very much to do with eve since many do it to some degree, and as i've illustrated with mittani, he doesn't mind looking up your ip and cross reference it with your phone number, and i sincerely doubt he's the only one that could contemplate metagaming like that. also the numerous instances where some have had chatlogs surfaced by alts showing info of strategic importance, that to the person owning those, never left his computer, but that person was hacked some time ago. this game means a lot to some people, i just encourage that keeping it in game might be the way to go. And that failure to do so will result in consequences. and that's what this post is about.
i hope that clarifies it.
to the "can i have your stuff" comment, mb you should read the post first before making smart remarks, i am not gonna leave game anytime soon :) i think me asking you the same would be more likely to be quite honest :)
as for me playing eve a lot.. no not really, i mostly juts hit up the forums as i skill up :) it's a great game tho so respect to everyone who put whatever effort they deem appropriate to their lives into it.
|
|
|
|
|
| |
|
| Pages: [1] 2 3 4 :: one page |
| First page | Previous page | Next page | Last page |