Was I hacked?

Discussion in 'other firewalls' started by MuffinMan123, Jun 17, 2008.

Thread Status:
Not open for further replies.
  1. MuffinMan123

    MuffinMan123 Registered Member

    Joined:
    May 16, 2008
    Posts:
    8
    I left home in the morning,
    at 3pm, my firewall policy was changed to 'allow all'

    I found out by 9pm, appears to be running fine. the peerguardian does not log because I ask it not to.

    I am running windows 2k with jetico free version, and antivir. no antispyware because I dun have enough ram.

    what could explain this situation?
    is there any way to trace what happened?
     
    Last edited: Jun 17, 2008
  2. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    Have a Kid at home o_O that maybe wanted it changed ? or some other person. ? otherwise if there was a attack before the firewall was changed it would be in the Log entry for the Firewall. Depending on What firewall you have


    Need more info
    1. What Firewall you running jetico the firewall (never heard of it is why I ask)
    2. Could it of been changed from home Like a kid or someone ?
    3. check logs if your firewall provides them
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Endorse that,

    most likely suspect kids wanting to play a game and needing internet access.

    Look at the firewall logs and when it are ip addresses of game servers you have an internal hacker, otherwise you were hacked before, changing the FW policy to allow is also a typical script kiddy who entered through an open port/remote desktop/assitance service.

    Harden your PC (disable all remote assistance entries), check whether this service is allowed through your firewall.

    Regards Kees
     
  4. MuffinMan123

    MuffinMan123 Registered Member

    Joined:
    May 16, 2008
    Posts:
    8
    no, no one in the house is smart to know how to deal with firewalls and other stuff, heck, they don't even know what tray icons are, let alone changing the settings.

    also, jetico don't pop up random junk that asks user to change firewall settings. it only asks if the connection to certain server is allowed or rejected to create new rules.

    I only noticed 2 changes: 1 of the 2 torrent clients was closed, while the other stays running. firewall becomes allow all. that was about it all I noticed, but that's because I don't know what other changes happened on my system. the firewall is pretty much the only logger running on my system.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Okay, I believe you, but . .

    don't forget the friends of your kids, maybe he/she wanted to show a new game.

    For cleaning . . .

    have a look at this post
    https://www.wilderssecurity.com/showpost.php?p=1253046&postcount=3
    https://www.wilderssecurity.com/showpost.php?p=1253160&postcount=10
    https://www.wilderssecurity.com/showpost.php?p=1253312&postcount=13
    https://www.wilderssecurity.com/showpost.php?p=1253331&postcount=15

    There are several forums where HJT (Hijack This logs) are read by experts.

    Regards Kees
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Could it be that you had a power surge and the computer restarted?
    Sometimes this can mess the firewall settings ...
    Mrk
     
  7. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    167
    Is someone in the house smart enough to download and install some junk?
     
  8. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Could you have changed the setting by accident?
     
  9. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Well, the free version of Jetico hasn't done so well in leak tests, however I don't have any information about the protection it provides from attacks.

    Also, I doubt any kid would be able to change it settings, I remember that the Jetico interface is a little bit confusing.

    Consider that the free version is an old version, so that bugs and errors may have been found and corrected in the newest commercial version, so there is a possibility of an intrusion...
     
  10. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812

    Dont forget this is the information age most kids out there could know more then us :eek: :doubt:
     
  11. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    You stating that you use peerguardian was all needed to be said.

    I hope you realise that peerguardian has a "time-bomb" programmed into it, and it set to activate particular instructions at certain times to OPEN YOUR SYSTEM to the writers and hackers behind peerguardian.

    Simply put... If you install any piracy supported programs and if you do any illegal downloading of (c) movies, games and programs etc, then you better expect to get hacked because the programmers who write these type of programs to help people commit illegal crimes on the internet also program a "BACK-DOOR" in the programs that allow them full access to your PC.

    I KNOW WHAT I AM TALKING ABOUT.. (Psi - future crew)
     
  12. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Got any proof of this? Other than "knowing what you're talking about", of course.
     
  13. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    I'm quite interested also in seeing references regarding that. Pretty sweeping accusation, there.
    (Hiya, Argus.)
     
  14. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I do not have the source code for the program, so unless I did, I cannot prove it.

    So I openly admit I have no proof.

    So people have a choice to make.

    1. Conclude my comments are baseless and disregard them.

    2. Ponder my comments and accept the idea that what I say may be true and valid.
     
  15. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Well, obviously the seemingly intelligent option is (2), simply because you don't give us much to go on, and if it is a possibility, it would be foolish to disregard it.
    (An argument could be made for option (1) on the same basis.)
    Go on. Give us some clues. Something a bit more credible than a shouted opinion. Doesn't do much for me.
     
  16. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    And this statement based on what?
     
  17. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,566
  18. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Well of course what you say may be true and valid.
    The idea that there is a hitherto undiscovered species of invisible airborne pig may be true and valid, certainly there is no proof that there aren't invisible flying pigs.

    Going with option 1 for now :cool:

    (hey Tarq :) )

    edit- ^^ you've got the source code now.

    edit 2 - sorry to the OP for dragging this thread off track.

    Have you had a look in the event viewer? (start > run > eventvwr)
     
    Last edited: Jun 24, 2008
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I would look into that first.

    I do remember problems in W2K with Jetico1 and PG, so a problem could of happened, but I have not seen the problem you mention.
    Being hacked is actually the last place I would start to look.

    As far as the PG(peerguardian) is concerned, I have known/used that application for quite a while(to block spyware etc), the source code is available, that is actually why you should check where you download the application,... when executing PG, you should get a popup to verify that you are using the genuine version. If the genuine version was in any way a compromise then we would of certainly seen many reports by now. But, I am still open to any proof of such.
     
  20. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Me having the source code is totally irrelevant, because the source code I have and which I compile may be different from the compiled version that most people would download and install. Think about it :)

    And as Stem mentioned above, you should check where you download the application. Because MOST people would be installing a version that has already been complied by someone else, and they do not know this person personally, and they cannot verify that the place they downloaded the program from is a valid and reliable place.

    To be certain, a person would need to learn programming, then download the source code for themselves, and go through the source code line by line and then compile their own version.

    All I will say is this... There are compiled versions out there that people have and are downloading and installing that has a "back-door".

    So use this program at your own risk.
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Stem:

    As you may remember, I use PG2 as a blocker.

    But reading this post here I'm worried that I get no pop up with daily use of PG 2. We are taling of PG 2 correct? Maybe you meant during installing? How can a user confirm they have a valid version.

    Mine was downloaded from:

    http://forums.phoenixlabs.org/

    Please advise. Pending more information I will discontinue PG 2.
     
Thread Status:
Not open for further replies.