hacked

Discussion in 'Port Explorer' started by grant, Jan 10, 2004.

Thread Status:
Not open for further replies.
  1. grant

    grant Registered Member

    Joined:
    Jan 10, 2004
    Posts:
    11
    Since I bought a new computer and have been forced to use windowsgarbageXP I haven't been able to keep from being hacked. I use opera normally but am forced to use explorer when I play online hearts. I watched while someone ran through my system and can't do a thing about it. So the bottom of port explorer shows everything in red. Why does this program expect one to be a tech. I bought it so I wouldn't have to be. My question is how do I stop the invader without losing my connection to the game I'm playing?
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Grant, and welcome!
    Which firewall are you using?
    If none please get the easiest free and rather good one which is an almost set and forget and install Zone Alarm from www.zonelabs.com which will help you to block your system for unwanted guests.
    PE shows you all connections and which they are.
    For instance those red (hidden) connections can be the traffic to/from your game site and nothing wrong with that, nothing illegal as you connected yourself to that site. It all depends on what is happening.
    You can have a look with adding that process to the socket spy and look into the data packets, or if you would not trust the connections you can block or kille them, whatever, all with a right-click on them, chose your option and it's gone.
    So you can do a lot about it!
    Before you used PE it qwas there too, but now you know it is there and you can now actually do something about it if you want.

    Hacked would be another person who should not be on your system at all and without a firewall that can be a whole highway of traffic.
    People say so easy i have nothing to hide, but the people like to use your bandwidth and your IP will be the sender of unwanted activity if they are able to use you as their proxy, while you ae completely innocent.
    So this is why we need to protect ourselves and know what's going on, and with PE on our screen we can actually act!
     
  3. happy

    happy Registered Member

    Joined:
    Jan 14, 2004
    Posts:
    1
    Location:
    Delfzijl/Netherlands
    DCOMbobulator
    Use the website http://grc.com/dcom/ And download this dubble click the file you have downloaded. You don'thave to install,the program starts rightaway Go to DCOM -bobulate me then click Disable DCOM and then exit and reboot. Then you are protected against hackers
    DCOM is used in compagnies for your home pc you don't need the DCOM. YOU can always enable it if you don't like it
    Frans :D
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    disabling DCOM doesn't protect you against all crackers, but against those who use the DCOM vulnerability, that it be crackers or worms.

    So, it's indeed adviced after you have update your windows :)
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Easy attacks on XP are on NETBIOS and SMB - make sure you have a STRONG password on all accounts, have no fileshares which arent intentional, and disable the NetBIOS helper service. These are the ways most spreaders get in first. Windows Update and a firewall and you are well on your way to protection :)

    Process Guard may well be a good idea, ADMIN accounts should be avoided if you arent going to protect them well
     
  6. grant

    grant Registered Member

    Joined:
    Jan 10, 2004
    Posts:
    11
    Hi Gavin, Thanks very much for the information. How do I disable the NetBIOS helper? I have gone in and found some filesharing things to disable before. Windows XP search is extemely poor compared to 98. Most searches I do come up with nothing including the one I just did for NetBios helper which is why Im asking you. Thanks, Grant
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Click Start > Run and type services.msc

    In here, find the service called TCP/IP NetBIOS Helper. Double click it, set startup to disabled, then click STOP. Press OK and close the services applet.

    Actually you might want to disable a few more nasty ones that users rarely need. Like "Messenger", "SSDP Discovery Service", and even "Error Reporting" which seems to actually cause crashes sometimes :)
     
  8. grant

    grant Registered Member

    Joined:
    Jan 10, 2004
    Posts:
    11
    Thanks for all your replies. Jooske, I'm running Outpost2Pro firewall sometimes 1 and a router. It was reccomended by a tech I worked with at work. When he made housecalls to remove a trojan or virus zonealarm was somtimes the firewall. The most popular of anything draws lots of attention from the hacking community and that is what Ive seen visiting hacking sites. Apparently many trojans are custom made to disable the most used firewalls. I believe this is a great firewall but not one that is easy to understand for a beginner. I remember my workmate telling me not to let yahoo messenger have free rein on my system when I was using it, so when I was configuring outpost, I did something that blocked it from working altogether!
    The data packets in PE mean what? How do you tell the difference between legit ones and hacking activity? Also socket spy shows information that means what? Frans, I'd been to the grc site before but didn't know it had such excellent information and programs to disable security risks. Just used the shields up part. When I had windows98 my buddy had me delete the client microsft network+I think its called family logon from where the lan driver is. Once its gone ports 137,138 and 139 are closed. They are default open normally. Before opening a browser I would have 0 ports open or listening. Absolutely nothing, so imagine my dismay when I got XP and the netstat is showing 17 or more various things like port 5000. When I had 98, and was gaming, when someone connected to my computer, I would kill the socket with the TDS3 netstat as its quicker than PE, and hadn't had any problems until getting XP which seems to have allowed a way for somone to get in on a socket I couldn't kill. Anyways with the excellent posts I've received I should be able to secure my computer very well. Thanks, I hope the little information I've offered on 98 can help someone
     
Thread Status:
Not open for further replies.