Ok, this is probably going to be very basic as these things go, but please bear with me as Im a bit lost and have limited knowledge on the subject.
We have 2 computers on a wireless connection at our business. My ex husband networked them. He had installed key log software for a time which I believe has now been removed.
Since our split, I changed all passwords related to any profiles, email accounts etc...even dormant ones, and pointed them to a new email account that he had no previous knowledge of.
It has come to light that he has still been able to access my emails. Even in the new account. I had my suspicions but he has also admitted it to his sister (who he thought wasn't talking to me).
My problem is, I can't find a key log on either of the computers and don't know how he's got hold of my new passwords...I don't see the point of changing them again if he has open access to my computer anyway.
Another issue. (I don't know if its related, maybe you can tell me) We have had static IP addresses for the last four years. Recently I was adding a new computer and discovered that the IP addresses have changed...oddly enough they can be traced back to the town where he works. I know this could just be a coincidence.
I need to know what steps I can take to freeze out someone who is very adept on computers. I don't have faith in just getting some guy to come round and have a look. My ex is smart and Im really not sure that a virus scan and a different firewall etc will do the job. I may be over estimating his abilities, but Im really fed up now.
I have deleted all my profiles and emails from the accounts, which has resulted in a few nasty phone calls asking ''what Im playing at". I would really like to be able to use the internet without this feeling that he would know my every move.
Any advice or opinions on this would be greatly appreciated.
Sorry to go on...especially on a first post. I just don't know what else to do.
Full Version: Basic security
Welcome to BISS tan79!
It's hard to tell what all has been done to your computers without actually looking at them. I would go and change all passwords on all online accounts from a third computer that hasn't been compromised, the same thing they tell you to do if your ID has been stolen. Assume everything you do from the original two computers can be observed by a 3rd party.
After that's sorted, obtain a malware scanner such as AVG-antispyware, maybe TrojanHunter (ask Kim here in the Malware Removal Support Forum)
http://www.bluetack.co.uk/forums/index.php?showforum=172
but something that will detect keyloggers. Install and update the programs on the two suspected compromised computers. Then shut the computers off (remove power for a minute even, to allow all electricity to drain from the memory).
Start the computers in Safe Mode and perform the scans. In Safe Mode there is no network so unless you are fighting a resident trojan/rootkit you are secure.
If it is resident (as in a rootkit) you will need to start the computers from CD or DVD and run the scans from the removable media. This can get complicated.
As far as static IP addresses for the networked computers you may wish to change that to dynamic for a time to try and add that confusion to the mix, but the IP of your router is the one you need to change. If you have a dynamic IP on it, then turning it off and back on after waiting at least 40 seconds should get you a new IP (as seen from the outside world). You need to login to your router and change the password on that as well.
Wait a bit and someone more knowledgeable than me will respond to you here. Aggravating that whatever you post (such as this!) may be read by this 3rd party until you start working from a new computer with new passwords. Might be worth renting a laptop even.
--CF
It's hard to tell what all has been done to your computers without actually looking at them. I would go and change all passwords on all online accounts from a third computer that hasn't been compromised, the same thing they tell you to do if your ID has been stolen. Assume everything you do from the original two computers can be observed by a 3rd party.
After that's sorted, obtain a malware scanner such as AVG-antispyware, maybe TrojanHunter (ask Kim here in the Malware Removal Support Forum)
http://www.bluetack.co.uk/forums/index.php?showforum=172
but something that will detect keyloggers. Install and update the programs on the two suspected compromised computers. Then shut the computers off (remove power for a minute even, to allow all electricity to drain from the memory).
Start the computers in Safe Mode and perform the scans. In Safe Mode there is no network so unless you are fighting a resident trojan/rootkit you are secure.
If it is resident (as in a rootkit) you will need to start the computers from CD or DVD and run the scans from the removable media. This can get complicated.
As far as static IP addresses for the networked computers you may wish to change that to dynamic for a time to try and add that confusion to the mix, but the IP of your router is the one you need to change. If you have a dynamic IP on it, then turning it off and back on after waiting at least 40 seconds should get you a new IP (as seen from the outside world). You need to login to your router and change the password on that as well.
Wait a bit and someone more knowledgeable than me will respond to you here. Aggravating that whatever you post (such as this!) may be read by this 3rd party until you start working from a new computer with new passwords. Might be worth renting a laptop even.
--CF
I won't offer any advice since I'm a total noob in security stuff.
But I really feel the need to ask a question that hasn't been even mentioned here...shouldn't you call the police for this kind of intrusion?
I'm not trying to be smart here, I'm asking this, because I find it interesting that the police wasn't mentioned here, so I wonder if this kind of intrusion doesn't "suffice" for someone to be dealt with (by the law) :?
I don't really know how all this works, but aren't there digital fingerprints all around, if he was "hacking" your email accounts and other stuff?
But I really feel the need to ask a question that hasn't been even mentioned here...shouldn't you call the police for this kind of intrusion?
I'm not trying to be smart here, I'm asking this, because I find it interesting that the police wasn't mentioned here, so I wonder if this kind of intrusion doesn't "suffice" for someone to be dealt with (by the law) :?
I don't really know how all this works, but aren't there digital fingerprints all around, if he was "hacking" your email accounts and other stuff?
You might actually consider the erase and rewind solution if he is computer savvy , which you say he is . If he had physical access to the computers , there was no real need for him to have resorted to ready-made malware to hack the machines , viral scanning might just prove pointless . And yes , by erase and rewind i mean wipe OS partition clean 
and then set it back up again . And no , i`m not kidding . It`s drastic , but it does provide peace of mind at the end of the day . Also , if there are any hardware modems/firewalls/routers/wi-fi gizmos , walk them through the password erase and rewind routine as well . Good luck
and then set it back up again . And no , i`m not kidding . It`s drastic , but it does provide peace of mind at the end of the day . Also , if there are any hardware modems/firewalls/routers/wi-fi gizmos , walk them through the password erase and rewind routine as well . Good luck
Raimi - I did think about that. But I'm looking at this from the angle of an business that just lost a malicious IT person, rather than any more personal angles. Hopefully you wouldn't lose your IT person (or horrors; outsource your IT), but if you did you should immediately change all your passwords. Like a responsible landlord would re-key the locks on the apartment for the new tenants.
Tan79 would probably have a case against her ex, but dragging the law into it might get messy. And "the government" doesn't seem to have it's own IT act together very well. The detective and her ex may be best buds and the detective might be able to somehow rationalize his behavior. Who knows? IANAL. Despite being morally reprehensible "this kind of intrusion" might not be illegal. If he destroys data or sabotages her business that's one thing, but "snooping" might be a gray area.
I'm certainly not in a very good position to be advising anyone either, but the fact that Tan79 is here and asking the right questions gives me a good feeling that she'll be able to get this fixed herself and learn about computer security in the process.
Tan79 - I might suggest that you boot up one of your computers using a Ubuntu live CD or one of the other Linux distributions. A local computer fixit shop may have the free CD or you could download one of the distributions and burn it to CD. That would make any keylogger I know of (except hardware ones in-line with the keyboard - might have a look) ineffectual. Then login to your router/modem/gateway (?) and change the password for administration and "have a look around" to see if the firewall is enabled, the DMZ and Universal Plug and Play (UPnP) are disabled, and so on. Then go out on the 'net and change all your accounts' passwords. You still have to "clean" the local (I presume) Windows installations of any malware before you use the new accounts from Windows, depending on what you find.
Good luck.
--CF
Tan79 would probably have a case against her ex, but dragging the law into it might get messy. And "the government" doesn't seem to have it's own IT act together very well. The detective and her ex may be best buds and the detective might be able to somehow rationalize his behavior. Who knows? IANAL. Despite being morally reprehensible "this kind of intrusion" might not be illegal. If he destroys data or sabotages her business that's one thing, but "snooping" might be a gray area.
I'm certainly not in a very good position to be advising anyone either, but the fact that Tan79 is here and asking the right questions gives me a good feeling that she'll be able to get this fixed herself and learn about computer security in the process.
Tan79 - I might suggest that you boot up one of your computers using a Ubuntu live CD or one of the other Linux distributions. A local computer fixit shop may have the free CD or you could download one of the distributions and burn it to CD. That would make any keylogger I know of (except hardware ones in-line with the keyboard - might have a look) ineffectual. Then login to your router/modem/gateway (?) and change the password for administration and "have a look around" to see if the firewall is enabled, the DMZ and Universal Plug and Play (UPnP) are disabled, and so on. Then go out on the 'net and change all your accounts' passwords. You still have to "clean" the local (I presume) Windows installations of any malware before you use the new accounts from Windows, depending on what you find.
Good luck.
--CF
Thanks guys, thats going to keep me busy for a bit...
I haven't thought of going to the police as I really wouldn't expect there to be any proof of anything directly illegal. Im not even sure that reading emails is illegal as say, opening someones mail, its just if things are tampered with...he knows that...hes not daft (just obsessive
)
I have a feeling this forum is going to be useful for a while. Now...to work!
I haven't thought of going to the police as I really wouldn't expect there to be any proof of anything directly illegal. Im not even sure that reading emails is illegal as say, opening someones mail, its just if things are tampered with...he knows that...hes not daft (just obsessive
)I have a feeling this forum is going to be useful for a while. Now...to work!
It IS illegal to crack any password that "protects" your e-mail account.
It is also illegal to steal these passwords btw ..
You have a serious security-breech. Becuse your ex has had physical
access to the computer(s) it is almost impossible to tell what he has done without a thorough forensic examination of the computer(s) .
You MUST wipe,reformat and re-install the system if you want to be certain
that he is "out of your house" ..sorry, I wish I could suggest something easier
It is also illegal to steal these passwords btw ..
You have a serious security-breech. Becuse your ex has had physical
access to the computer(s) it is almost impossible to tell what he has done without a thorough forensic examination of the computer(s) .
You MUST wipe,reformat and re-install the system if you want to be certain
that he is "out of your house" ..sorry, I wish I could suggest something easier
God youre probably right. Im not happy. We've had a guy out to look at it in the end cause I messed up the router (d'oh) and needed to be back online quickly.
Im going to have to get a bit more knowledgable though. Going to keep ploughing on with my bits of research
)
Im going to have to get a bit more knowledgable though. Going to keep ploughing on with my bits of research
)
OK, new problem. Please help.
When we were together we took on a website for a local youth thing. Its a registered charity and since we could get the domain and hosting for next to nothing we said we'd run it for free.
When we split up he said he didn't want to do it anymore. So I logged on to the hosting account, changed the password and rerouted the email to a new address.
For some inexplicable reason the site has started going over its bandwidth, at a cost to me of 35quid. I upgraded but it still wasn't enough so I let the payment lapse and the website went down. (all apologies to my friends at the club but they understood)
About four days ago the website reappeared. I went to view the account with the hosting company but couldn't log on. Its possible Ive got my passwords mixed up so I requested one sent by email... it hasn't arrived with me.
The site used to recieve about a dozen spam to the guest book a week. Yesterday my sister (admin) removed 36 pages of spam...today Ive removed over 50. Ive since logged into the back end and just taken the book off altogether.
There are five admin altogether. Myself, husband, sister and two friends. The website has members, but as its a youth club we always verify with club members that a prospective newbie is actually known personally...to keep it an online arm of a flesh and blood community. But in the last three weeks seven new members have been 'approved' and they just look suspect.
I need to take the site down as its my bank details on the host account but can't do a damn thing about it...its not a direct debit, the details are just there for one off payments, so I can't cancel it from my bank.
I could contact said husband idiot boy but really dont think its a good idea. Its probably what he's trying to provoke anyway.
Im considering ringing my bank and changing account numbers etc. Its at times like these I really wish web based companies had a phone number
When we were together we took on a website for a local youth thing. Its a registered charity and since we could get the domain and hosting for next to nothing we said we'd run it for free.
When we split up he said he didn't want to do it anymore. So I logged on to the hosting account, changed the password and rerouted the email to a new address.
For some inexplicable reason the site has started going over its bandwidth, at a cost to me of 35quid. I upgraded but it still wasn't enough so I let the payment lapse and the website went down. (all apologies to my friends at the club but they understood)
About four days ago the website reappeared. I went to view the account with the hosting company but couldn't log on. Its possible Ive got my passwords mixed up so I requested one sent by email... it hasn't arrived with me.
The site used to recieve about a dozen spam to the guest book a week. Yesterday my sister (admin) removed 36 pages of spam...today Ive removed over 50. Ive since logged into the back end and just taken the book off altogether.
There are five admin altogether. Myself, husband, sister and two friends. The website has members, but as its a youth club we always verify with club members that a prospective newbie is actually known personally...to keep it an online arm of a flesh and blood community. But in the last three weeks seven new members have been 'approved' and they just look suspect.
I need to take the site down as its my bank details on the host account but can't do a damn thing about it...its not a direct debit, the details are just there for one off payments, so I can't cancel it from my bank.
I could contact said husband idiot boy but really dont think its a good idea. Its probably what he's trying to provoke anyway.
Im considering ringing my bank and changing account numbers etc. Its at times like these I really wish web based companies had a phone number
Hi tan, yep I would wipe it and start again too.. especially if someone has been playing around with keyloggers etc, you'll never know 100% whats really still left on the system.
For your website, if you still have admin access do you know if can you put it offline somewhere in the site configuration settings.
Do you know what kind of content management system the site is running on ?
If you have FTP access you can go in and disable the sites files , rename the index file to .bak etc or replace them with blank index files.
Also through your FTP Program or your web hosts online file manager, you could change all the permission for the sites files [ CHMOD - http://www.ss64.com/bash/chmod.html - http://en.wikipedia.org/wiki/Chmod ] to 000 so no one can access them.
Do you have large or lots of images on your site ?
Someone may be leeching them and driving your bandwidth usage up, there are ways to stop this depending on what kind of server your host uses.
With Apache servers you could use .htaccess files to prevent hotlinking and also to cut down on the spammers by blocking them from the site.
-
Also using a .htaccess file [ Apache servers only ] you can block everyone by their IP address from accessing the site and just allow your own IP address for however long you need it to be closed down for.
-
If your webhost hasn't sent you your password yet, I would email them directly and request it to be sent to your email address.
There are some handy security scripts you can run on your site to block bots/spammers/hackers as well if you decide to keep the site going in the future.
If you need help with any of this let us know and I'm sure someone will be able to give you more advice.
It's also good idea to check the sites logs regularly if you can, or get someone to look for any signs of your site being compromised, people hacking the admin section etc , and if any new admin accounts have been made.
For your website, if you still have admin access do you know if can you put it offline somewhere in the site configuration settings.
Do you know what kind of content management system the site is running on ?
If you have FTP access you can go in and disable the sites files , rename the index file to .bak etc or replace them with blank index files.
Also through your FTP Program or your web hosts online file manager, you could change all the permission for the sites files [ CHMOD - http://www.ss64.com/bash/chmod.html - http://en.wikipedia.org/wiki/Chmod ] to 000 so no one can access them.
Do you have large or lots of images on your site ?
Someone may be leeching them and driving your bandwidth usage up, there are ways to stop this depending on what kind of server your host uses.
With Apache servers you could use .htaccess files to prevent hotlinking and also to cut down on the spammers by blocking them from the site.
-
Also using a .htaccess file [ Apache servers only ] you can block everyone by their IP address from accessing the site and just allow your own IP address for however long you need it to be closed down for.
CODE
order deny,allow
allow from 111.222.333.444
allow from 111.222.333.444
-
If your webhost hasn't sent you your password yet, I would email them directly and request it to be sent to your email address.
There are some handy security scripts you can run on your site to block bots/spammers/hackers as well if you decide to keep the site going in the future.
If you need help with any of this let us know and I'm sure someone will be able to give you more advice.
It's also good idea to check the sites logs regularly if you can, or get someone to look for any signs of your site being compromised, people hacking the admin section etc , and if any new admin accounts have been made.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.