• We've upgraded our forums. Please post any issues/requests in this thread.

I've been hacked...

hat

Enthusiast
Joined
Nov 20, 2006
Messages
18,523 (4.59/day)
Likes
3,156
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i5 2400 :: Athlon II x4 630
Motherboard MSI H67-G43-B3 :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 4x2GB DDR3 1333 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: GT720
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) X-Fi Titanium Fatal1ty Pro - iLive IT153B Soundbar (optical) :: None
Power Supply Corsair CX600w :: Unknown
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
#1
Well, someone has, somehow, managed to attack my network, and steal some personal images. Unfortunately, I know nothing of this sort of stuff. I know nothing about hacking, or how to defend against a hacker.

All I know is I'm pretty sure which computer was attacked. Is there any way I may be able to find out when it happened, how they got in, how to stop them from gaining access again, and who might have done it?

I thought my stuff was pretty reasonably secure until now. I use AES wifi encryption... the password isn't fantastic but strong enough. I don't even have any ports open/forwarded. We use OpenDNS, every computer uses Windows 10 (stays updated). On my machine, I don't use any AV or firewall (even disabled Windows firewall), as I find it's more of an annoyance than anything... not sure exactly how the other systems are set up. Is it possible for an attacker to have initially computerized my computer, and then attacked another from there?
 
Joined
Oct 17, 2012
Messages
6,821 (3.63/day)
Likes
8,959
Location
Massachusetts
Processor i7 4790
Motherboard Asrock Z97 Extreme 4
Cooling Corsair H-110i GTX
Memory 16 Gb kingston Hyper X
Video Card(s) Nvidia Reference GTX 970 x2
Storage C:\Samsung 850EVO 500Gb & Samsung 850 evo 250Gb
Display(s) Dell Ultra Sharp Widescreen 24" 1200P
Case Phanteks Enthoo Pro M Acrylic
Audio Device(s) Realtech Edition X1789,Ver2.78
Power Supply EVGA 220-G2-0650-Y1
Mouse Logitech G502 spectrum
Keyboard AZIO MRGB Kaith Blue
Software Win 10 Professional 64 bit
Benchmark Scores Congrats USA!! on the Travel Ban.....
#2
Well, someone has, somehow, managed to attack my network, and steal some personal images. Unfortunately, I know nothing of this sort of stuff. I know nothing about hacking, or how to defend against a hacker.

All I know is I'm pretty sure which computer was attacked. Is there any way I may be able to find out when it happened, how they got in, how to stop them from gaining access again, and who might have done it?

I thought my stuff was pretty reasonably secure until now. I use AES wifi encryption... the password isn't fantastic but strong enough. I don't even have any ports open/forwarded. We use OpenDNS, every computer uses Windows 10 (stays updated). On my machine, I don't use any AV or firewall (even disabled Windows firewall), as I find it's more of an annoyance than anything... not sure exactly how the other systems are set up. Is it possible for an attacker to have initially computerized my computer, and then attacked another from there?
I'm very far from an expert, but I'm fairly certain that disabling your firewalls is pretty bad idea(For future reference, maybe a hw firewall). Where they disabled on the computer that you feel was hacked?

Also is there a possibility that these images have been missplaced ,I know it's silly and basic but sometimes the simplest answer is the most likely.i'm just trying to think of the motivation to go through the trouble of getting into someone's network to take a couple images unless there's some stuff you haven't realized Or noticed yet

Is it possible for you to elaborate on how you arrived at the conclusion of hacking being the most likely scenario
 
Joined
Nov 13, 2007
Messages
6,137 (1.67/day)
Likes
1,633
Location
Austin Texas
System Name silen8
Processor Intel i7 7820X Delidded @ 4.64Ghz / 3.1Ghz Mesh
Motherboard MSI X299 Tomahawk
Cooling 240mm Corsair H105 Intake
Memory 32 GB Quad 3434Mhz DDR4 15-16-16-38-300-1T
Video Card(s) Gigabyte GTX 1080 Ti Gaming
Storage 1Tb Samsung 960 Pro m2, 1TB Samsung 850 Pro SSD
Display(s) Dell 24" 2560x1440 144hz, G-Sync @ 165Hz
Case NZXT S340 Elite Black
Audio Device(s) Arctis 7
Power Supply FSP HydroG 750W
Mouse zowie ec-2
Keyboard corsair k65 tenkeyless
Software Windows 10 64 Bit
Benchmark Scores Cb: 2103 Multi, 209 Single, 10450 Timespy - 10150 GPU/11900 CPU, superpi 1M - 7.71s
#3
did they hack your router or did you download something? Download fiddler and see if you have strange activity.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
18,523 (4.59/day)
Likes
3,156
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i5 2400 :: Athlon II x4 630
Motherboard MSI H67-G43-B3 :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 4x2GB DDR3 1333 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: GT720
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) X-Fi Titanium Fatal1ty Pro - iLive IT153B Soundbar (optical) :: None
Power Supply Corsair CX600w :: Unknown
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
#4
The images for sure weren't misplaced. They were found up on some website somewhere... we didn't put them there. My fiancee also says somebody was texting her friend on TextNow (an online texting service) while they were talking on Facebook... and she wasn't even on TextNow at the time. So there's definitely suspicious activity going on. We also have reason to believe there's a certain individual who may be behind it, as this person has had some issues with us and they don't like us very much...

@phanbuey I'm pretty sure it was my fiancee's laptop that was targeted, not my computer. As such I have no idea what might have happened that might give somebody access...
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,405 (3.56/day)
Likes
4,256
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#5
to understand how a hacker got what he/she got you have to get into their mind. that being said, were the images *cough* personal in nature?
 
Joined
Nov 13, 2007
Messages
6,137 (1.67/day)
Likes
1,633
Location
Austin Texas
System Name silen8
Processor Intel i7 7820X Delidded @ 4.64Ghz / 3.1Ghz Mesh
Motherboard MSI X299 Tomahawk
Cooling 240mm Corsair H105 Intake
Memory 32 GB Quad 3434Mhz DDR4 15-16-16-38-300-1T
Video Card(s) Gigabyte GTX 1080 Ti Gaming
Storage 1Tb Samsung 960 Pro m2, 1TB Samsung 850 Pro SSD
Display(s) Dell 24" 2560x1440 144hz, G-Sync @ 165Hz
Case NZXT S340 Elite Black
Audio Device(s) Arctis 7
Power Supply FSP HydroG 750W
Mouse zowie ec-2
Keyboard corsair k65 tenkeyless
Software Windows 10 64 Bit
Benchmark Scores Cb: 2103 Multi, 209 Single, 10450 Timespy - 10150 GPU/11900 CPU, superpi 1M - 7.71s
#6
well even if they broke through your wireless they would still have to get access to the share, so it's most likely she downloaded something... if thats the case then it will show up on an app that monitors your/her pc's network activity. find it, see if you can trace it back to that person, kill it, and have her change her passwords.

there are a ton of ways to get hacked... but most of them involve getting a hold of a commonly used password.

Do you have a static IP?
 
Joined
Sep 2, 2011
Messages
617 (0.27/day)
Likes
479
Location
Where the hand of man has never set foot
Processor AMD Phenom II X4 965
Motherboard ASUS M4A79T Deluxe
Cooling Cooler Master Hyper 212 Plus with 2x SickleFlow 120 2000 RPM
Memory 2x2GB Kingston HyperX 1333MHz CAS7
Video Card(s) PowerColor Radeon HD 6870 (Baked 3 Times and Heat Gunned Once)
Storage Crucial MX100 512GB
Display(s) LG Flatron W2453V
Case Xigmatek Midgard-W
Power Supply Thermaltake TR2 RX 750W
Mouse HP VooDooDNA
Keyboard Corsair K60
#7
1- Enable Windows firewall
2- To find when you were hacked you could check your router logs, but it can be a real pain in the ass to find anything relevant.
3- Reset your router and use a new password
4- Scan your computers with MBAM and with an antivirus. If you don't want to install one you can download Kaspersky Virus Removal Tool. You should also do a scan with an AV before Windows starts. You can use Kaspersky Rescue Disk to do so.

If you find proof that you were hacked by someone you know, you can report them to the police. It is illegal to hack a network without the owner's permission.
But it's unlikely that you were actually hacked.

If you were actually hacked it's probably IMO with a backdoor.
 

cdawall

where the hell are my stars
Joined
Jul 23, 2006
Messages
26,540 (6.38/day)
Likes
7,452
Location
Houston
System Name Team Blue
Processor 5960X@4.8 1.42v
Motherboard Asus X99M-WS
Cooling EK Supremecy EVO, MCR220-Stack+MCR220+MCR320, D5-PWM+EK X-RES 140
Memory 4x8GB G.Skill Trident Z 3200 CL16
Video Card(s) (2) EVGA SC BLACK 1080Ti's+ EVGA reference 1080Ti soon to be under water
Storage Samsung SM951 512GB, Samsung PM961 512GB
Display(s) Dell UP2414Q 3840X2160@60hz
Case Caselabs Mercury S5
Audio Device(s) Fischer HA-02->Fischer FA-002W High edition/FA-003/Jubilate/FA-011 depending on my mood
Power Supply Seasonic Prime 1200w
Mouse Thermaltake Theron
Keyboard Thermaltake Poseidon ZX
Software W10P
Benchmark Scores Zoom zoom mofo
#8
Router through the cable company and rented? If so tell them you need a new one.

If it is just someone being a jerk I wouldn't worry much past actually securing the network, changing passwords and turning on firewalls.
 

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
14,876 (3.46/day)
Likes
5,411
System Name A dancer in your disco of fire
Processor i3 4130 3.4Ghz
Motherboard MSI B85M-E45
Cooling Cooler Master Hyper 212 Evo
Memory 4 x 4GB Crucial Ballistix Sport 1400Mhz
Video Card(s) Asus GTX 760 DCU2OC 2GB
Storage Crucial BX100 120GB | WD Blue 1TB x 2
Display(s) BenQ GL2450HT
Case AeroCool DS Cube White
Power Supply Cooler Master G550M
Mouse Intellimouse Explorer 3.0
Keyboard Dell SK-3205
Software Windows 10 Pro
#9
The images for sure weren't misplaced. They were found up on some website somewhere... we didn't put them there. My fiancee also says somebody was texting her friend on TextNow (an online texting service) while they were talking on Facebook... and she wasn't even on TextNow at the time. So there's definitely suspicious activity going on. We also have reason to believe there's a certain individual who may be behind it, as this person has had some issues with us and they don't like us very much...

@phanbuey I'm pretty sure it was my fiancee's laptop that was targeted, not my computer. As such I have no idea what might have happened that might give somebody access...
It's actually pretty good if someone is just out to mess with you. You don't want cryptoviruses, or someone making purchases in your name.

Reset passwords. All of them. Have she gotten mails about logins she does not recognize? If the photos exists on a cloud platform it is more likely the person has found out the password rather than compromised a computer. And how are her password habits?
 
Joined
Feb 22, 2016
Messages
230 (0.35/day)
Likes
72
System Name HP Elite 8200 SFF
Processor Intel i5 2400
Motherboard Q67
Cooling OEM
Memory OEM
Video Card(s) Nah brah
Storage 250GB 850 Evo + 1TB Toshiba
Display(s) HP f1905
Case OEM
Audio Device(s) Nah brah
Power Supply OEM
Mouse OEM
Keyboard OEM
Software W7 Pro
Benchmark Scores Massive 4080 multithreading CPUZ score!
#10
While you are beefing up on personal protection give some thought to keeping sensitive materials offline in a home safe that won't survive a fire. If the worst came that isn't the personal legacy you want to leave for your families to collect. :fear:
 
Joined
Oct 17, 2012
Messages
6,821 (3.63/day)
Likes
8,959
Location
Massachusetts
Processor i7 4790
Motherboard Asrock Z97 Extreme 4
Cooling Corsair H-110i GTX
Memory 16 Gb kingston Hyper X
Video Card(s) Nvidia Reference GTX 970 x2
Storage C:\Samsung 850EVO 500Gb & Samsung 850 evo 250Gb
Display(s) Dell Ultra Sharp Widescreen 24" 1200P
Case Phanteks Enthoo Pro M Acrylic
Audio Device(s) Realtech Edition X1789,Ver2.78
Power Supply EVGA 220-G2-0650-Y1
Mouse Logitech G502 spectrum
Keyboard AZIO MRGB Kaith Blue
Software Win 10 Professional 64 bit
Benchmark Scores Congrats USA!! on the Travel Ban.....
#11
The images for sure weren't misplaced. They were found up on some website somewhere... we didn't put them there. My fiancee also says somebody was texting her friend on TextNow (an online texting service) while they were talking on Facebook... and she wasn't even on TextNow at the time. So there's definitely suspicious activity going on. We also have reason to believe there's a certain individual who may be behind it, as this person has had some issues with us and they don't like us very much...

@phanbuey I'm pretty sure it was my fiancee's laptop that was targeted, not my computer. As such I have no idea what might have happened that might give somebody access...
OK that clarifies it quite a bit. I agree with the other posts saying you should enable firewall but also have your Internet provider replace your modem and router if their provided by them otherwise you can assign them new Mac addresses I've done it before to get around IP bans, I believe it was on the Netgear.

In my opinion ( for what it's worth ), The fact that it involves both your significant other and you , as well as personal images, makes me feel that this is a personal attack if the word attack fits.

And when I use the word personal, if I had to bet I want to say that it was someone who knew you.

Regardless of Who it was, it's totally invasive, and entirely inappropriate and I'm sure has left you feeling very insecure to say the least. I'd start by getting your firewall is turned on, getting new modem/router , and as much of a pain in the ass it's going to be change all your passwords.

Also either reinstalling your operating systems or using back ups that are older just to be safe.

I know I've read about "hackers" using email hacks to reach out to peoples contacts, pretending to be the friend as a means of spreading their shit. But the posting of images doesn't seem to fit that category
 

Mussels

Moderprator
Staff member
Joined
Oct 6, 2004
Messages
46,096 (9.58/day)
Likes
13,522
Location
Australalalalalaia.
System Name Daddy Long Legs
Processor Ryzen R7 1700, 3.9GHz 1.375v
Motherboard MSI X370 Gaming PRO carbon
Cooling Fractal Celsius S24 (Silent fans, meh pump)
Memory 16GB 2133 generic @ 2800
Video Card(s) MSI GTX 1080 Gaming X (BIOS modded to Gaming Z - faster and solved black screen bugs!)
Storage 1TB Intel SSD Pro 6000p (60TB USB3 storage)
Display(s) Samsung 4K 40" HDTV (UA40KU6000WXXY) / 27" Qnix 2K 110Hz
Case Fractal Design R5. So much room, so quiet...
Audio Device(s) Pioneer VSX-519V + Yamaha YHT-270 / sennheiser HD595/518 + bob marley zion's
Power Supply Corsair HX 750i (Platinum, fan off til 300W)
Mouse Logitech G403 + KKmoon desk-sized mousepad
Keyboard Corsair K65 Rapidfire
Software Windows 10 pro x64 (all systems)
Benchmark Scores Laptops: i7-4510U + 840M 2GB (touchscreen) 275GB SSD + 16GB i7-2630QM + GT 540M + 8GB
#12
Well, someone has, somehow, managed to attack my network, and steal some personal images. Unfortunately, I know nothing of this sort of stuff. I know nothing about hacking, or how to defend against a hacker.

All I know is I'm pretty sure which computer was attacked. Is there any way I may be able to find out when it happened, how they got in, how to stop them from gaining access again, and who might have done it?

I thought my stuff was pretty reasonably secure until now. I use AES wifi encryption... the password isn't fantastic but strong enough. I don't even have any ports open/forwarded. We use OpenDNS, every computer uses Windows 10 (stays updated). On my machine, I don't use any AV or firewall (even disabled Windows firewall), as I find it's more of an annoyance than anything... not sure exactly how the other systems are set up. Is it possible for an attacker to have initially computerized my computer, and then attacked another from there?
can you give me details on your wifi network? B/G/N/AC? is pin based WPS active? Do you have network shares on your PC, is your PC always left on?
Were these images only on the PC, or other devices? (phone?)

Being hacked is very rare to be an external event, and VERY likely to have been done in person - someone gained access to the wifi password in the past, or a physical laptop in person for a few minutes (or even access to a phone or dropped USB stick, and quickly copied)
 
Joined
Nov 1, 2008
Messages
3,618 (1.09/day)
Likes
935
Location
Vietnam
System Name Gaming System / Laptop / HTPC
Processor i5 8600K @4.6Ghz / i5 540m / i7 970
Motherboard Z370 Aorus Ultra Gaming / Acer / Shuttle sx58j3
Cooling CM Seidon 120 XL / Laptop Cooling / SE-903
Memory T Group Nighthawk (3000 MHz)/ 4GB DDR3 / 12gb DDR3
Video Card(s) Colorful 1080Ti / G210m / 7870XT
Storage 750G MX300 + 3TB HDDs / 250G Ultra II /250G 850 EVO
Display(s) Dell U2515H + Asus VX239H/ 15.6" Laptop Screen / 720p 42" Plasma TV
Case Cooler master HAF 922 / Laptop Case / Corsair Air 240
Audio Device(s) On Board Realtek
Power Supply Andyson N700 Titanium / Laptop Power / ACBell 700 W
Mouse Logitech G700s
Keyboard CM Quickfire XT (Cherry MX Reds)
Software Windows 10 x64
Benchmark Scores 3DMark Firestrike = xxxxx Timespy = 9097 Heaven = xxxx
#13
If they ever had physical access to your fiancee's laptop, then malware is much more likely.
It may even have been a phishing kind of attack and your significant other clicked through an e-mail she shouldn't.

Afaik, if you are using strong passwords and DD-WRT it's pretty tough to gain access to your network (WAN or otherwise).
 

Kursah

Moderator
Staff member
Joined
Oct 15, 2006
Messages
10,936 (2.68/day)
Likes
5,045
Location
Missoula, MT, USA
System Name Kursah's Gaming Rig - Haswell Edition | Spartan Home Server 2015
Processor i7 4790k 4.0/4.8 @ 1.26v | i7 4790k 4.0/4.4 @ 1.18v - Both delidded w/CLU
Motherboard Asus Z87-Pro - BIOS 2103 | Asus Z87-Pro - BIOS 2103
Cooling Noctua NH-U14S Push-Pull | Cooler Master 212 EVO Stock - Using NT-H1 and AC MX-4
Memory 16GB (2x8) Corsair Dominator DDR3 2400 CL11 | 32GB (4x8) G.Skill DDR3-1600 CL9
Video Card(s) MSI GTX980 Ti Gaming 6G LE @ Stock | Onboard Intel HD 4600
Storage 850EVO 250GB SSD, 960GB SSD, 1x2TB | 840 120GB SSD, RAID10 6x2TB (6TB) + 8TB Backup
Display(s) Samsung 32" TV IPS 1080p, Dell 23" U2312HM IPS 1080p | 19" 4:3 Dell LCD..mostly RDP.
Case Corsair 600C - Stock Fans on Low | Lian Li Lancool PC-K7 - Cougar fans
Audio Device(s) Aune T1 mk1 > AKG K553 Pro + HiFiMAN HE-350 (Equalizer APO + PeaceUI) | Realtek ALC1150
Power Supply EVGA 750G2 Modular + APC 1500VA UPS | EVGA KR500 80+ Bronze + CyberPowerPC 1000VA UPS
Mouse Logitech G502 | Dell USB Laser Mouse
Keyboard Logitech G15 rv2 | Dell USB Keyboard
Software Windows 10 Pro x64 | Windows Server 2012 R2 (GUI Core,Hyper-V + VMs)
#14
It could've been a browser or OS exploit, something planted if this individual is able to get near you guys.

Getting through that kind of wireless encryption is doable, but someone really will want to do it. Check your other service accounts for suspicious activity ASAP. Change passwords, use a hidden SSID if you can...though if this person cracked your wireless password out of WPA2 a hidden SSID won't be anything. But to someone else it might be enough to make em go elsewhere. Hidden SSID's still send a ping out, just not as frequently as a broadcasted SSID.

You could also just run a guest network if you need no file sharing. Most routers feature it. You can manage bandwidth limitations on many as well. Another good reason for this is because then your devices all run in isolated mode...meaning they have Internet access but not LAN resource access. So they can't see other devices.

Have you disconnected the culprit PC from the network? With Windows 10 you can spoof the MAC address for your wireless NIC pretty easily, I'd start there before reconnecting it.

I'd enable Windows firewalls as well. What kinda router you running? Might be time to look into something capable of doing some IDS/IPS for you if this keeps up.

Another option is to disable wireless and run Ethernet. You'll have a different MAC address for the Ethernet NIC, and can simply unplug it if you feel there's been a compromise.

Depending on what you have and want to do about it, there's options. As-far-as tracing down who-dun it and how now...that would take some work, time and advanced network abilities and comprehension. Better to lock things down, restrict shares and access, increase security...what were the share permissions for that folder?

Another good idea is to kill your wireless when you're not home or using it, which is doubly handy when using a hidden SSID because it'll be harder to scan for between not being on and when on, not being broadcast frequently.

You could always setup a honey pot to lure and monitor for someone hacking your network, give them something that looks like what they want. Track what they're doing, and where they're doing it from and add that IP to your blacklist.

In reality though, someone probably either got onto the machine physically, or if they were capable and desired enough to do so, got into that laptop through an exploit of some sort...more likely than hacking your wireless unless they knew the password or it was easily guessed. Sorry this happened to you, but hopefully we can get you confident in your network and its security again!

:toast:
 
Joined
Aug 13, 2009
Messages
1,962 (0.64/day)
Likes
659
Location
Czech republic
Processor Core i7 3770K
Motherboard Gigabyte Z77X-UD3H
Memory 16GB
Video Card(s) Sapphire Radeon Rx 580 Nitro+ 8GB
Display(s) Dell U2415
Audio Device(s) Creative Sound Blaster ZxR
Power Supply Seasonic 550W
Software Windows 7 x64
#15
So you obviously know little to nothing about computers (or at least about networking), and yet
I don't use any AV or firewall (even disabled Windows firewall), as I find it's more of an annoyance than anything...
You deserved to be hacked (or whatever it really was) then.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
18,523 (4.59/day)
Likes
3,156
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i5 2400 :: Athlon II x4 630
Motherboard MSI H67-G43-B3 :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 4x2GB DDR3 1333 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: GT720
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) X-Fi Titanium Fatal1ty Pro - iLive IT153B Soundbar (optical) :: None
Power Supply Corsair CX600w :: Unknown
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
#16
well even if they broke through your wireless they would still have to get access to the share, so it's most likely she downloaded something... if thats the case then it will show up on an app that monitors your/her pc's network activity. find it, see if you can trace it back to that person, kill it, and have her change her passwords.

there are a ton of ways to get hacked... but most of them involve getting a hold of a commonly used password.

Do you have a static IP?
I plan on checking her laptop, making sure firewall is on and AV is installed and working. I recall installing Panda on it at some point, but I'm not sure if it's on there now. Maybe I'll try a hijackthis log, though I admit I don't understand all of it...

IP isn't static, but it rarely, if ever, changes. I could force it to change if I spoof my router's MAC...

1- Enable Windows firewall
2- To find when you were hacked you could check your router logs, but it can be a real pain in the ass to find anything relevant.
3- Reset your router and use a new password
4- Scan your computers with MBAM and with an antivirus. If you don't want to install one you can download Kaspersky Virus Removal Tool. You should also do a scan with an AV before Windows starts. You can use Kaspersky Rescue Disk to do so.

If you find proof that you were hacked by someone you know, you can report them to the police. It is illegal to hack a network without the owner's permission.
But it's unlikely that you were actually hacked.

If you were actually hacked it's probably IMO with a backdoor.
1. Gonna do that
2. Looked there, nothing of value or interest... last entry is from December 12th. :wtf:
3/4. Yeah, I plan on doing that too.

Router through the cable company and rented? If so tell them you need a new one.

If it is just someone being a jerk I wouldn't worry much past actually securing the network, changing passwords and turning on firewalls.
Nah, I own it. Gonna do what we can to secure our shit.

It's actually pretty good if someone is just out to mess with you. You don't want cryptoviruses, or someone making purchases in your name.

Reset passwords. All of them. Have she gotten mails about logins she does not recognize? If the photos exists on a cloud platform it is more likely the person has found out the password rather than compromised a computer. And how are her password habits?
Not sure about that one. I'll tell her she'll have to change her passwords.

While you are beefing up on personal protection give some thought to keeping sensitive materials offline in a home safe that won't survive a fire. If the worst came that isn't the personal legacy you want to leave for your families to collect. :fear:
We might do that too.

OK that clarifies it quite a bit. I agree with the other posts saying you should enable firewall but also have your Internet provider replace your modem and router if their provided by them otherwise you can assign them new Mac addresses I've done it before to get around IP bans, I believe it was on the Netgear.

In my opinion ( for what it's worth ), The fact that it involves both your significant other and you , as well as personal images, makes me feel that this is a personal attack if the word attack fits.

And when I use the word personal, if I had to bet I want to say that it was someone who knew you.

Regardless of Who it was, it's totally invasive, and entirely inappropriate and I'm sure has left you feeling very insecure to say the least. I'd start by getting your firewall is turned on, getting new modem/router , and as much of a pain in the ass it's going to be change all your passwords.

Also either reinstalling your operating systems or using back ups that are older just to be safe.

I know I've read about "hackers" using email hacks to reach out to peoples contacts, pretending to be the friend as a means of spreading their shit. But the posting of images doesn't seem to fit that category
Yeah, it it's who we think it is, it's definitely someone who knew us... and now doesn't like us anymore.

can you give me details on your wifi network? B/G/N/AC? is pin based WPS active? Do you have network shares on your PC, is your PC always left on?
Were these images only on the PC, or other devices? (phone?)

Being hacked is very rare to be an external event, and VERY likely to have been done in person - someone gained access to the wifi password in the past, or a physical laptop in person for a few minutes (or even access to a phone or dropped USB stick, and quickly copied)
Not likely to have been done in person at all. This guy showed up at the door one day, and we, wanting nothing to do with him, shut the door in his face... he never stepped foot in the house. Give it about a week and bam, this happens. Anyways... the router runs two SSIDs, one for 2.4 and one for 5, B/G/N mixed. No WPS, WPA2-AES only.

The images were only on PC (mine and hers). Network file sharing is enabled, but these images weren't in any shared location.

If they ever had physical access to your fiancee's laptop, then malware is much more likely.
It may even have been a phishing kind of attack and your significant other clicked through an e-mail she shouldn't.

Afaik, if you are using strong passwords and DD-WRT it's pretty tough to gain access to your network (WAN or otherwise).
No physical access. I'd imagine it would be tough to guess our passwords, as well.

It could've been a browser or OS exploit, something planted if this individual is able to get near you guys.

Getting through that kind of wireless encryption is doable, but someone really will want to do it. Check your other service accounts for suspicious activity ASAP. Change passwords, use a hidden SSID if you can...though if this person cracked your wireless password out of WPA2 a hidden SSID won't be anything. But to someone else it might be enough to make em go elsewhere. Hidden SSID's still send a ping out, just not as frequently as a broadcasted SSID.

You could also just run a guest network if you need no file sharing. Most routers feature it. You can manage bandwidth limitations on many as well. Another good reason for this is because then your devices all run in isolated mode...meaning they have Internet access but not LAN resource access. So they can't see other devices.

Have you disconnected the culprit PC from the network? With Windows 10 you can spoof the MAC address for your wireless NIC pretty easily, I'd start there before reconnecting it.

I'd enable Windows firewalls as well. What kinda router you running? Might be time to look into something capable of doing some IDS/IPS for you if this keeps up.

Another option is to disable wireless and run Ethernet. You'll have a different MAC address for the Ethernet NIC, and can simply unplug it if you feel there's been a compromise.

Depending on what you have and want to do about it, there's options. As-far-as tracing down who-dun it and how now...that would take some work, time and advanced network abilities and comprehension. Better to lock things down, restrict shares and access, increase security...what were the share permissions for that folder?

Another good idea is to kill your wireless when you're not home or using it, which is doubly handy when using a hidden SSID because it'll be harder to scan for between not being on and when on, not being broadcast frequently.

You could always setup a honey pot to lure and monitor for someone hacking your network, give them something that looks like what they want. Track what they're doing, and where they're doing it from and add that IP to your blacklist.

In reality though, someone probably either got onto the machine physically, or if they were capable and desired enough to do so, got into that laptop through an exploit of some sort...more likely than hacking your wireless unless they knew the password or it was easily guessed. Sorry this happened to you, but hopefully we can get you confident in your network and its security again!

:toast:
I'm thinking it has to be some sort of exploit or sneaky virus... the kind that might be hidden in something else (like an image). Apparently there's spooky things going on with that laptop that sounds like remote control to me. I have an RTN66R. I'm sure it's capable of nifty things with a custom firmware... but most of that stuff is over my head, at least at this time.

So you obviously know little to nothing about computers (or at least about networking), and yet

You deserved to be hacked (or whatever it really was) then.
Thanks... I admit I may have been a bit careless with my network security, but I'm no fool... however, despite your attitude, I still hope the same won't happen to you.
 
Joined
Nov 5, 2015
Messages
426 (0.56/day)
Likes
154
Location
Skopje, Macedonia
System Name The Tesseract Cube
Processor Intel Core I5 750 ( OC to 3.8Ghz)
Motherboard ASUS P7H55 USB3
Cooling Deep Cool Gammaxx 400, 4 X DeepCool WindBlade 120mm Case Fans
Memory 4 x 4GB Kingston Hyper X Black and Blue Fury 1600Mhz and 1866Mhz
Video Card(s) Sapphire Radeon R9 280x Vapor X OC 3GB
Storage Kingston V300 120GB (Boot Device), Western DIgital Caviar Blue 1TB (Games, Downloads)
Display(s) Samsung SyncMaster P2270
Case Deep Cool Tesseract SW
Audio Device(s) MB Integrated
Power Supply Corsair CX650M Modular 80+ Bronze
Mouse Verbatim Rapier V2
Keyboard A4Tech X7 G800V
Software Windows 10 Pro
Benchmark Scores CPUZ: Single Thread - 1370 Multi Thread - 5200 Cinebench: CPU - 462 score
#17
About the WiFi security, you can do a Mac filtering if your routher supports it, so that only those devices with MAC numbers that are in the routher database can access.
I had similar issue. Someone was stealing from my internet years ago, and i did this, and guess what, no more burgulars in my network.
 

Mussels

Moderprator
Staff member
Joined
Oct 6, 2004
Messages
46,096 (9.58/day)
Likes
13,522
Location
Australalalalalaia.
System Name Daddy Long Legs
Processor Ryzen R7 1700, 3.9GHz 1.375v
Motherboard MSI X370 Gaming PRO carbon
Cooling Fractal Celsius S24 (Silent fans, meh pump)
Memory 16GB 2133 generic @ 2800
Video Card(s) MSI GTX 1080 Gaming X (BIOS modded to Gaming Z - faster and solved black screen bugs!)
Storage 1TB Intel SSD Pro 6000p (60TB USB3 storage)
Display(s) Samsung 4K 40" HDTV (UA40KU6000WXXY) / 27" Qnix 2K 110Hz
Case Fractal Design R5. So much room, so quiet...
Audio Device(s) Pioneer VSX-519V + Yamaha YHT-270 / sennheiser HD595/518 + bob marley zion's
Power Supply Corsair HX 750i (Platinum, fan off til 300W)
Mouse Logitech G403 + KKmoon desk-sized mousepad
Keyboard Corsair K65 Rapidfire
Software Windows 10 pro x64 (all systems)
Benchmark Scores Laptops: i7-4510U + 840M 2GB (touchscreen) 275GB SSD + 16GB i7-2630QM + GT 540M + 8GB
#18
if the files were not shared, then they cant have been accessed by remote wifi hacking. I'm not convinced this was a wifi hack (i've hacked a few neighbours wifi networks in my time)

He clearly knows where you live, so perhaps there is some missing piece you dont know (could he have been let into the house without your knowledge? forgive the examples, but a daughter letting a guy in for relations, cheating spouse, etc etc)
Could he have got access to a laptop out of the house? broken into a car for example? Your partners workplace if a laptop is taken there?
 
Joined
Feb 27, 2008
Messages
4,209 (1.18/day)
Likes
3,545
System Name Ironic
Processor Intel 2500k 4.4Ghz
Motherboard ASROCK|Z68 PROFESSIONAL Gen 3
Cooling Corsair H60
Memory 32GB GSkill Ripjaw X 1866
Video Card(s) Sapphire R9 290 Vapor-X 4Gb
Storage Western Digital Caviar Black 2TB SATA 3 (6G/s)
Display(s) 22" Dell Wide/ 22" Acer wide/24" Asus
Case Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G9x, custom frame
Keyboard Roccat Ryos MK
Software Win 7 Ult 64 bit (with a side of XP64)
#19
So you obviously know little to nothing about computers (or at least about networking), and yet

You deserved to be hacked (or whatever it really was) then.
not really productive.....
 
Joined
Jun 2, 2015
Messages
65 (0.07/day)
Likes
64
Location
Charleston, SC
System Name Echelon4
Processor Intel i7-5820K 4.0GHz
Motherboard MSI X99S Gaming 7
Cooling Corsair H115i (needs to be installed after new case is purchased)
Memory KLEVV Cras DDR4-3000 4x4GB; G.Skill Ripjaw DDR4-3000 4x4GB
Video Card(s) MSI GTX 1070 Gaming X
Storage Samsung SM951 120GB; Samsung 840 EVO 250GB; 2xSamsung 850 EVO 250GB; WD4003FZEX 4TB; ST2000DX002
Display(s) Qnix QX210 27" 1440P 60Hz; HTC Vive
Case Cooler Master Storm Scout 2 Advanced (marked to be replaced by Corsair Air 740 early 2017)
Audio Device(s) Integrated; SteelSeries Siberia 800
Power Supply Corsair RM650X; CyberPower CP1500PFCLCD
Mouse SteelSeries Rival 100; Logitech M570
Keyboard Corsair K70 RGB Gaming
Software Kubuntu 16.04 LTS; Windows 7 Pro x64
Benchmark Scores Time to run some new numbers I guess...
#20
OpenDNS pointing back to your home IP where all your personal devices are connected. No AV or firewall on your PC.

^^This would be my point of entry if you were my target. A quick nmap scan would reveal any open ports through the router's firewall straight to your machine. My guess is your PC stays on most of the time, making a john attack on your windows credentials viable. This is like 3/10 difficulty for an intermediate hacker.

My gut says that you were not targeted by someone you know, rather you were an easy test of some script kiddie on the other side of the country that happened across your domain name.
 
Joined
Oct 17, 2012
Messages
6,821 (3.63/day)
Likes
8,959
Location
Massachusetts
Processor i7 4790
Motherboard Asrock Z97 Extreme 4
Cooling Corsair H-110i GTX
Memory 16 Gb kingston Hyper X
Video Card(s) Nvidia Reference GTX 970 x2
Storage C:\Samsung 850EVO 500Gb & Samsung 850 evo 250Gb
Display(s) Dell Ultra Sharp Widescreen 24" 1200P
Case Phanteks Enthoo Pro M Acrylic
Audio Device(s) Realtech Edition X1789,Ver2.78
Power Supply EVGA 220-G2-0650-Y1
Mouse Logitech G502 spectrum
Keyboard AZIO MRGB Kaith Blue
Software Win 10 Professional 64 bit
Benchmark Scores Congrats USA!! on the Travel Ban.....
#21
not really productive.....
I know right?

I can understand the feeling of like "why would you disable firewalls and antivirus"!!?

But making someone feel s****y or brow beating them isn't helping.

If anything hopefully the OP will come away with this with a new respect for the firewalls and antivirus's "annoyanceS" and learn to live with them since they may be annoying when you don't need them but they're sure as hell nice to have when you do. Especially since most of the time you don't know when you need them.

Based on the type of activity and what was posted by the OP my guess is someone they know personally knew that their network and machines were vulnerable. They use that information to malicious ends.

I'd like to find someone if they did this to me .....in person omg, It would be so rewarding
:laugh:
 
Joined
May 2, 2013
Messages
178 (0.11/day)
Likes
67
System Name Echo
Processor Intel Core I5-6500
Motherboard Asrock H170-PRO4S
Cooling Stock cooler
Memory 2x8 GB Crucial DDR4 2133MHz CL16 (CT2K8G4DFD8213)
Video Card(s) Integrated (For the moment)
Storage SSD A-DATA Premier Pro SP920 (2.5, SATA3, 256GB MLC,) (ASP920SS3-256GM-C)
Display(s) Philips Brilliance 220SW
Case Zalman Z3 Plus
Audio Device(s) Integrated
Power Supply CoolerMaster V550S (550w, 80+Gold)
Software Windows 10 Pro 64bit
#22
Well, can't really give any concrete answers, but these might help in giving your PC a thorough clean of anything malware.

TDSSKiller run this first
RogueKillerX64 second
Emisoft emergency kit third
adwcleaner forth
JRT fifth

After that, do pretty much what others have said, new passwords for everything you use and maybe try to re-enable firewall.
 
Last edited:
Joined
Oct 17, 2012
Messages
6,821 (3.63/day)
Likes
8,959
Location
Massachusetts
Processor i7 4790
Motherboard Asrock Z97 Extreme 4
Cooling Corsair H-110i GTX
Memory 16 Gb kingston Hyper X
Video Card(s) Nvidia Reference GTX 970 x2
Storage C:\Samsung 850EVO 500Gb & Samsung 850 evo 250Gb
Display(s) Dell Ultra Sharp Widescreen 24" 1200P
Case Phanteks Enthoo Pro M Acrylic
Audio Device(s) Realtech Edition X1789,Ver2.78
Power Supply EVGA 220-G2-0650-Y1
Mouse Logitech G502 spectrum
Keyboard AZIO MRGB Kaith Blue
Software Win 10 Professional 64 bit
Benchmark Scores Congrats USA!! on the Travel Ban.....
#23
@hat
I just remembered, if I may be so bold. If you don't mind the wait of taking delivery of an actual physical copy, Malwarebytes pro 1 year license ( installs on up to three different PCs at once )
Is currently on sale the lowest I've ever seen it.

Just use promo code : Emcrbbc29

https://m.newegg.com/Product/Index?itemNumber=N82E16832562009

It ends up costing $15 after shipping charges of course that's dependent on what shipping method you choose and also email delivery is not available for this deal but if you can wait four days you can get it at this price for three of your PCs. I remember you mentioned you have more than one machine I recommend it highly

summarized product info:

  • Detects and protects against malware in real-time
  • Blocks hacking and phishing attempts
  • Schedules automatic scanning
  • Offers three flexible scanning modes
  • Advanced malware removal
 
Joined
Feb 27, 2008
Messages
4,209 (1.18/day)
Likes
3,545
System Name Ironic
Processor Intel 2500k 4.4Ghz
Motherboard ASROCK|Z68 PROFESSIONAL Gen 3
Cooling Corsair H60
Memory 32GB GSkill Ripjaw X 1866
Video Card(s) Sapphire R9 290 Vapor-X 4Gb
Storage Western Digital Caviar Black 2TB SATA 3 (6G/s)
Display(s) 22" Dell Wide/ 22" Acer wide/24" Asus
Case Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G9x, custom frame
Keyboard Roccat Ryos MK
Software Win 7 Ult 64 bit (with a side of XP64)
#24
@hat
I just remembered, if I may be so bold. If you don't mind the wait of taking delivery of an actual physical copy, Malwarebytes pro 1 year license ( installs on up to three different PCs at once )
Is currently on sale the lowest I've ever seen it.

Just use promo code : Emcrbbc29

https://m.newegg.com/Product/Index?itemNumber=N82E16832562009

It ends up costing $15 after shipping charges of course that's dependent on what shipping method you choose and also email delivery is not available for this deal but if you can wait four days you can get it at this price for three of your PCs. I remember you mentioned you have more than one machine I recommend it highly

summarized product info:

  • Detects and protects against malware in real-time
  • Blocks hacking and phishing attempts
  • Schedules automatic scanning
  • Offers three flexible scanning modes
  • Advanced malware removal
Excellent product, does really well. I recommend this with a side of an AntiVirus of your choice...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
19,188 (5.03/day)
Likes
4,795
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
#25
Turn off homegroup