[SmartKid]

Recently i have been concerned about the number of connections to my computer. Over the last week this ip has been hacking into my pc (the person uses a ip changer, but the tracking info is the same) I have a triple layer hardware firewall and a software firewall, i also have all the security sofwatre required. But i was really worried tonight! I went on and the usual tried then all of a sudden loads of other ips got in too! They are all hackers because they ping their ip all of the world. They have also tried to put trojans on. I need serious help, they are somehow remotely viewing my pc. I have scanned using everything, checked all the system settings and still nothing. I have tried my best but i seriously need help. Because i do some web developing and i have alot of sensitive documents on there! PLEASE HELP ME ASAP!!!!!!!!!!

[Advertisements]

I take it you've checked your Event Logs. Have they successfully logged on, or not? Many of these hackers are using other people's machines they've hacked into, it's an automated procedure using trojans, and they are looking for anything they can make money from, credit card nos. etc.

[Tyger]

I take it you've checked your Event Logs. Have they successfully logged on, or not? Many of these hackers are using other people's machines they've hacked into, it's an automated procedure using trojans, and they are looking for anything they can make money from, credit card nos. etc.

[SmartKid]

Yep i have they have been blocked trying to put trojans on, but i think they might of actually connected a few times maybe using brute force or DoS. I have currently banned their ips. But they are changing them all the time.

[SmartKid]

They are trying non-stop using all the different ports, 30 attempts in the last ten minutes, and no i dont store any credit cards on my pc or money making stuff

[Tyger]

They are trying non-stop using all the different ports, 30 attempts in the last ten minutes, and no i dont store any credit cards on my pc or money making stuff

That's what all the security issues with XP was about. I've had many attempts to enter my XP machine, but none to my knowledge succesful. Make sure you have all the security updates. The thirty attempts were made by a machine or trojan on someone's machine. Another thing is don't use common passwords like admin, or user because they always try them. Come up with something very novel.

[The one]

hmm web developing or something, doesnt sound an accurate description of a job title, web developer maybe anyway more to the point firstly report it to ur isp, take logs of the ips attempting to connect and report them to your isp im sure that the offisioul people will be more then happy to hear about this, another thing a router will automatically block all port like a firewall but a router is truely thre superior home security device in my oppionion atleast in my oppinion.

Edited by The one, 29 August 2005 - 03:36 PM.

[Doby]

I agree use a router then you have a hardware firerwall to block the ports and not relying on software, especially if you are relying on xp's sp2's builtin firerwall

[SmartKid]

I already have a wireless router None of their attempts have been successful but it is slowing down my MB connetion because they are trying so often. I would give all my ips but they change their ips every minute or so. Thanks very much for the advice And by the way i have McAfee Professional firewall 2005 on my pc. And i mean web developing by i am not old enough to get a full time job, so i do it for fun and make CSS, HTML,JS and alot of other stuff for people for free.

[SmartKid]

I have secure passwords normally 8-16 characters long,non-dictionary or nothing to do with my life.

[SmartKid]

I have experience in networking, i have done everything possible. But all they are doing is trying all the different ports lol there seems to be 4 different ip ranges invloved all of them trying differing ports. I will report them all to my ISP later today. Thank you very much for the help

[SmartKid]

Just to show some of their attempts, this is some examples, if you want a full log with loads in i will post it later (on the 24th August was their best day trying a few trojans and lots of ports.)Anyway here is a bit of a log:
2005/08/30 09:52:22 66.249.93.104:80 192.168.0.2:1253 Port 1253 (TCP)
2005/08/30 09:51:47 66.249.93.99:80 192.168.0.2:1251 Port 1251 (TCP)
2005/08/30 09:51:14 66.249.93.99:80 192.168.0.2:1247 Port 1247 (TCP)
2005/08/30 09:28:19 66.249.93.99:80 192.168.0.2:1221 Port 1221 (TCP)
2005/08/30 09:05:59 66.249.93.99:80 192.168.0.2:1098 RMI Activation
2005/08/30 09:10:52 66.249.93.99:80 192.168.0.2:1123 Murray
2005/08/30 09:13:27 66.249.93.99:80 192.168.0.2:1130 Port 1130 (TCP)
2005/08/30 09:17:10 66.249.93.99:80 192.168.0.2:1149 Port 1149 (TCP)
2005/08/30 09:17:19 66.249.93.99:0 192.168.0.2:0 ICMP Ping
2005/08/30 09:20:52005/08/30 09:27:08 66.249.93.104:80 192.168.0.2:1217 Port 1217 (TCP)
1 66.249.93.99:80 192.168.0.2:1200 SCOL
2005/08/30 09:06:20 66.249.93.104:80 192.168.0.2:1100 Port 1100 (TCP)
2005/08/30 09:11:13 66.249.93.104:80 192.168.0.2:1124 Port 1124 (TCP)
2005/08/30 09:13:48 66.249.93.104:80 192.168.0.2:1131 Port 1131 (TCP)
2005/08/30 09:17:30 66.249.93.104:80 192.168.0.2:1153 Port 1153 (TCP)
2005/08/30 09:21:12 66.249.93.104:80 192.168.0.2:1202 caiccipc
2005/08/30 09:06:23 207.46.196.55:80 192.168.0.2:1102 Port 1102 (TCP)
2005/08/30 08:51:03 207.68.178.16:80 192.168.0.2:1456 DCA
2005/08/30 08:51:04 207.68.178.16:80 192.168.0.2:1457 Valisys License Manager
2005/08/30 09:31:51 212.58.226.50:80 192.168.0.2:1230 Port 1230 (TCP)
2005/08/29 20:43:08 66.249.93.99:80 192.168.0.2:3012 Trusted Web Client
2005/08/29 20:47:52 66.249.93.99:80 192.168.0.2:3034 Osmosis AEEA
2005/08/29 21:25:34 66.249.93.99:80 192.168.0.2:3379 SOCORFS
2005/08/29 21:03:11 66.249.93.99:80 192.168.0.2:3231 Port 3231 (TCP)
2005/08/29 21:18:16 66.249.93.99:80 192.168.0.2:3330 MCS Calypso ICF
2005/08/29 20:48:34 66.249.93.99:80 192.168.0.2:3036 Hagel DUMP
2005/08/29 21:18:49 66.249.93.99:80 192.168.0.2:3332 MCS Mail Server
2005/08/29 20:57:23 66.249.93.99:80 192.168.0.2:3152 Port 3152 (TCP)
2005/08/29 20:18:43 66.249.93.99:80 192.168.0.2:2706 NCD Mirroring
2005/08/29 21:19:31 66.249.93.99:80 192.168.0.2:3341 OMF data h
2005/08/29 21:20:22 66.249.93.99:80 192.168.0.2:3346 Trnsprnt Proxy
2005/08/29 21:21:04 66.249.93.99:80 192.168.0.2:3348 Pangolin Laser
2005/08/29 20:51:03 66.249.93.99:80 192.168.0.2:3045 ResponseNet
2005/08/29 21:21:17 66.249.93.99:80 192.168.0.2:3350 FINDVIATV
2005/08/29 20:51:48 66.249.93.99:80 192.168.0.2:3049 NSWS
2005/08/29 20:55:22 66.249.93.99:80 192.168.0.2:3103 Port 3103 (TCP)
2005/08/29 20:42:25 66.249.93.99:80 192.168.0.2:3008 Midnight Technologies
2005/08/29 21:21:59 66.249.93.99:80 192.168.0.2:3355 Ordinox Dbase
2005/08/29 20:57:15 66.249.93.99:80 192.168.0.2:3151 NetMike Assessor
2005/08/29 21:22:41 66.249.93.99:80 192.168.0.2:3361 KV Agent
2005/08/29 20:45:26 66.249.93.99:80 192.168.0.2:3023 magicnotes
2005/08/29 21:23:23 66.249.93.99:80 192.168.0.2:3365 Content Server
2005/08/29 20:46:07 66.249.93.99:80 192.168.0.2:3028 LiebDevMgmt_DM
2005/08/29 20:47:11 66.249.93.99:80 192.168.0.2:3031 AgentVU
2005/08/29 20:01:22 66.249.93.104:80 192.168.0.2:2525 MS V-Worlds
2005/08/29 21:03:32 66.249.93.104:80 192.168.0.2:3234 Port 3234 (TCP)
2005/08/29 21:02:51 66.249.93.104:80 192.168.0.2:3229 Port 3229 (TCP)
2005/08/29 20:59:46 66.249.93.104:0 192.168.0.2:0 ICMP Ping
2005/08/29 21:20:42 66.249.93.104:80 192.168.0.2:3347 Phoenix RPC
2005/08/29 20:48:55 66.249.93.104:80 192.168.0.2:3037 HP SAN Mgmt
2005/08/29 20:50:42 66.249.93.104:80 192.168.0.2:3042 journee
2005/08/29 20:51:27 66.249.93.104:80 192.168.0.2:3048 Sierra Net PC Trader
2005/08/29 20:42:45 66.249.93.104:80 192.168.0.2:3009 PXC-NTFY
2005/08/29 20:43:29 66.249.93.104:80 192.168.0.2:3014 Broker Service
2005/08/29 21:19:09 66.249.93.104:80 192.168.0.2:3336 Direct TV Tickers
2005/08/29 20:48:13 66.249.93.104:80 192.168.0.2:3035 FJSV gssagt
2005/08/29 20:45:46 66.249.93.104:80 192.168.0.2:3025 Arepa Raft
2005/08/29 21:19:52 66.249.93.104:80 192.168.0.2:3342 WebTIE
2005/08/29 21:22:19 66.249.93.104:80 192.168.0.2:3358 Mp Sys Rmsvr
2005/08/29 20:47:31 66.249.93.104:80 192.168.0.2:3032 Redwood Chat
2005/08/29 21:23:02 66.249.93.104:80 192.168.0.2:3364 Creative Server
2005/08/29 21:21:37 66.249.93.104:80 192.168.0.2:3352 SSQL
2005/08/29 21:09:49 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:3277 AWG Proxy
2005/08/29 20:01:55 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:2568 SPAM TRAP
2005/08/29 20:37:39 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:2922 CESD Contents Delivery Data Transfer
2005/08/29 20:37:46 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:2926 MOBILE-FILE-DL
2005/08/29 20:37:48 198.41.3.54:0 (whois.crsnic.net) 192.168.0.2:0 ICMP Ping
2005/08/29 20:39:13 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:2922 CESD Contents Delivery Data Transfer
2005/08/29 20:39:46 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:2938 SM-PAS-1
2005/08/29 20:41:21 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:2938 SM-PAS-1
2005/08/29 20:53:53 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:3089 Port 3089 (TCP)
2005/08/29 20:53:55 198.41.3.54:0 (whois.crsnic.net) 192.168.0.2:0 ICMP Ping
2005/08/29 20:54:14 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:3094 Port 3094 (TCP)
2005/08/29 20:54:55 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:3099 Port 3099 (TCP)
2005/08/29 20:55:27 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:3089 Port 3089 (TCP)
2005/08/29 20:55:49 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:3094 Port 3094 (TCP)
2005/08/29 20:57:35 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:3154 Port 3154 (TCP)
2005/08/29 20:59:09 198.41.3.54:43 (whois.crsnic.net) 192.168.0.2:3154 Port 3154 (TCP)
2005/08/29 21:08:00 207.46.0.86:1863 (baym-cs66.msgr.hotmail.com) 192.168.0.2:3160 Port 3160 (TCP)
2005/08/29 20:01:47 207.46.0.93:1863 (baym-cs349.msgr.hotmail.com) 192.168.0.2:2479 SecurSight Event Logging Server (SSL)
2005/08/29 21:15:10 207.46.0.144:1863 (baym-sb4.msgr.hotmail.com) 192.168.0.2:3194 Port 3194 (TCP)
2005/08/29 21:17:10 207.46.0.144:1863 (baym-sb4.msgr.hotmail.com) 192.168.0.2:3194 Port 3194 (TCP)
2005/08/29 21:07:51 207.46.0.144:1863 (baym-sb4.msgr.hotmail.com) 192.168.0.2:3194 Port 3194 (TCP)
2005/08/29 21:09:30 207.46.0.144:1863 (baym-sb4.msgr.hotmail.com) 192.168.0.2:3194 Port 3194 (TCP)
2005/08/29 21:11:10 207.46.0.144:1863 (baym-sb4.msgr.hotmail.com) 192.168.0.2:3194 Port 3194 (TCP)
2005/08/29 21:13:10 207.46.0.144:1863 (baym-sb4.msgr.hotmail.com) 192.168.0.2:3194 Port 3194 (TCP)
2005/08/29 21:07:59 207.46.0.154:1863 (baym-sb14.msgr.hotmail.com) 192.168.0.2:3242 Port 3242 (TCP)
2005/08/29 21:09:43 207.46.0.154:1863 (baym-sb14.msgr.hotmail.com) 192.168.0.2:3242 Port 3242 (TCP)
2005/08/29 20:31:24 207.46.0.165:1863 (baym-sb25.msgr.hotmail.com) 192.168.0.2:2892 SNIFFERDATA
2005/08/29 20:03:01 207.46.0.183:1863 (baym-sb43.msgr.hotmail.com) 192.168.0.2:2497 Quad DB
2005/08/29 20:01:22 207.46.0.183:1863 (baym-sb43.msgr.hotmail.com) 192.168.0.2:2497 Quad DB
2005/08/29 18:18:25 207.46.6.169:1863 (baym-sb177.msgr.hotmail.com) 192.168.0.2:2179 Port 2179 (TCP)
2005/08/29 21:12:35 207.68.178.16:80 192.168.0.2:3256 Port 3256 (TCP)
2005/08/29 21:07:54 207.68.178.16:80 192.168.0.2:3241 Port 3241 (TCP)
2005/08/29 21:12:35 207.68.178.16:80 192.168.0.2:3257 Port 3257 (TCP)
2005/08/29 21:07:49 208.175.188.62:80 192.168.0.2:3246 Port 3246 (TCP)
2005/08/29 20:02:28 213.200.94.67:80 192.168.0.2:2545 sis-emt
2005/08/29 20:01:27 213.200.94.67:80 192.168.0.2:2545 sis-emt
2005/08/27 17:03:09 62.26.220.2:80 (ad1.adsolution.de) 192.168.0.2:1224 Port 1224 (TCP)
2005/08/27 17:01:55 62.26.220.2:80 (ad1.adsolution.de) 192.168.0.2:1224 Port 1224 (TCP)2005/08/25 13:24:37 62.26.220.5:80 (red.as-eu.falkag.net) 192.168.0.2:1501 Satellite-data Acquisition System 3
2005/08/28 19:31:52 62.163.195.44:3528 (a195044.upc-a.chello.nl) 192.168.0.2:1243 BackDoor G Trojan / SubSeven Trojan/Apocalypse Trojan
2005/08/27 17:01:49 64.40.103.77:80 (monsterhost.net) 192.168.0.2:1200 SCOL
2005/08/25 13:25:40 64.233.183.99:80 192.168.0.2:1481 AIRS
2005/08/28 18:32:48 66.54.16.45:80 (www.dnps.com) 192.168.0.2:1561 facilityview
2005/08/25 13:24:37 66.150.87.2:80 192.168.0.2:1502 Shiva
2005/08/28 21:13:18 66.235.212.146:80 (st46.startlogic.com) 192.168.0.2:2887 aironet
2005/08/28 21:13:12 66.235.212.146:80 (st46.startlogic.com) 192.168.0.2:2876 SPS Tunnel
2005/08/28 21:13:18 66.235.212.146:80 (st46.startlogic.com) 192.168.0.2:2888 SPCSDLOBBY
2005/08/28 21:12:45 66.235.212.146:80 (st46.startlogic.com) 192.168.0.2:2863 Sonar Data
2005/08/28 21:13:13 66.235.212.146:80 (st46.startlogic.com) 192.168.0.2:2878 AAP
2005/08/28 21:12:28 66.235.212.146:80 (st46.startlogic.com) 192.168.0.2:2855 Port 2855 (TCP)
2005/08/28 21:12:20 66.235.212.146:80 (st46.startlogic.com) 192.168.0.2:2835 EVTP-DATA
2005/08/28 21:12:28 66.235.212.146:80 (st46.startlogic.com) 192.168.0.2:2854 InfoMover
2005/08/28 18:32:36 66.249.93.99:80 192.168.0.2:1568 tsspmap
2005/08/28 18:32:46 66.249.93.99:80 192.168.0.2:1540 rds
2005/08/29 17:40:44 66.249.93.104:80 192.168.0.2:2037 Port 2037 (TCP)
2005/08/29 17:40:44 66.249.93.104:80 192.168.0.2:2039 Port 2039 (TCP)
2005/08/28 21:46:07 80.212.1.237:51194 (ti112210a080-0493.bb.online.no) 192.168.0.2:3106 Cardbox HTTP
2005/08/25 13:24:38 81.22.32.114:80 (vrp1.lhr.xpc-mii.net) 192.168.0.2:1491 anynetgateway
2005/08/25 13:26:59 81.22.32.114:80 (vrp1.lhr.xpc-mii.net) 192.168.0.2:1491 anynetgateway
2005/08/25 13:28:08 81.22.32.114:80 (vrp1.lhr.xpc-mii.net) 192.168.0.2:1491 anynetgateway
2005/08/28 18:32:36 82.71.193.165:80 (www.femalefirst.co.uk) 192.168.0.2:1564 Pay-Per-View
2005/08/28 18:34:49 82.71.193.165:80 (www.femalefirst.co.uk) 192.168.0.2:1565 WinDD
2005/08/28 18:33:41 82.71.193.165:80 (www.femalefirst.co.uk) 192.168.0.2:1564 Pay-Per-View
2005/08/28 18:32:36 82.71.193.165:80 (www.femalefirst.co.uk) 192.168.0.2:1565 WinDD
2005/08/28 18:36:49 82.71.193.165:80 (www.femalefirst.co.uk) 192.168.0.2:1565 WinDD
2005/08/25 13:24:37 193.149.47.53:80 192.168.0.2:1500 VLSI License Manager
2005/08/26 17:14:19 206.24.192.252:80 192.168.0.2:1127 Port 1127 (TCP)
2005/08/27 17:01:49 206.169.136.21:80 (m45) 192.168.0.2:1197 Port 1197 (TCP)
2005/08/29 17:37:40 207.46.0.50:1863 (baym-cs30.msgr.hotmail.com) 192.168.0.2:1676 netcomm2 / netcomm1
2005/08/28 21:44:59 207.46.0.142:1863 (baym-sb2.msgr.hotmail.com) 192.168.0.2:3234 Port 3234 (TCP)
2005/08/28 21:45:58 207.46.0.142:1863 (baym-sb2.msgr.hotmail.com) 192.168.0.2:3234 Port 3234 (TCP)
2005/08/29 15:09:17 207.46.0.143:1863 (baym-sb3.msgr.hotmail.com) 192.168.0.2:1306 Port 1306 (TCP)
2005/08/29 17:43:02 207.46.0.148:1863 (baym-sb8.msgr.hotmail.com) 192.168.0.2:2030 Port 2030 (TCP)
2005/08/29 17:37:33 207.46.0.148:1863 (baym-sb8.msgr.hotmail.com) 192.168.0.2:2030 Port 2030 (TCP)
2005/08/29 17:36:11 207.46.0.148:1863 (baym-sb8.msgr.hotmail.com) 192.168.0.2:2018 Port 2018 (TCP)
2005/08/29 17:39:17 207.46.0.148:1863 (baym-sb8.msgr.hotmail.com) 192.168.0.2:2030 Port 2030 (TCP)
2005/08/29 17:41:02 207.46.0.148:1863 (baym-sb8.msgr.hotmail.com) 192.168.0.2:2030 Port 2030 (TCP)
2005/08/28 21:51:00 207.46.0.154:1863 (baym-sb14.msgr.hotmail.com) 192.168.0.2:3224 Port 3224 (TCP)
2005/08/28 21:46:58 207.46.0.165:1863 (baym-sb25.msgr.hotmail.com) 192.168.0.2:3238 Port 3238 (TCP)
2005/08/28 21:48:11 207.46.0.165:1863 (baym-sb25.msgr.hotmail.com) 192.168.0.2:3239 Port 3239 (TCP)
2005/08/28 20:15:14 207.46.0.166:1863 (baym-sb26.msgr.hotmail.com) 192.168.0.2:2463 Symbios Raid
2005/08/29 17:37:42 207.46.2.155:1863 (baym-sb61.msgr.hotmail.com) 192.168.0.2:2025 Port 2025 (TCP)
2005/08/29 15:12:19 207.46.6.141:1863 (baym-sb139.msgr.hotmail.com) 192.168.0.2:1257 Port 1257 (TCP)
2005/08/29 17:35:21 207.46.6.153:1863 (baym-sb161.msgr.hotmail.com) 192.168.0.2:1854 Port 1854 (TCP)
2005/08/27 17:02:11 209.59.174.194:80 192.168.0.2:1234 Ultors Trojan / Infoseek Search Agent
2005/08/27 17:01:06 209.67.78.4:80 192.168.0.2:1102 Port 1102 (TCP)
2005/08/27 17:01:55 209.67.78.4:80 192.168.0.2:1225 Port 1225 (TCP)
2005/08/27 17:01:58 209.208.193.226:80 (ad.yieldmanager.com) 192.168.0.2:1232 Port 1232 (TCP)
2005/08/28 16:33:36 209.225.0.34:80 192.168.0.2:1184 Port 1184 (TCP)
2005/08/26 17:14:07 209.225.0.34:80 192.168.0.2:1123 Murray
2005/08/28 16:33:35 209.225.0.34:80 192.168.0.2:1183 Port 1183 (TCP)
2005/08/29 17:37:43 212.58.226.53:80 (newssearch01.thdo.bbc.co.uk) 192.168.0.2:2041 Port 2041 (TCP)
2005/08/29 17:39:01 212.58.226.53:80 (newssearch01.thdo.bbc.co.uk) 192.168.0.2:2041 Port 2041 (TCP)
2005/08/27 17:01:59 212.113.31.48:80 (oas-eu.247realmedia.com) 192.168.0.2:1239 NMSD
2005/08/27 17:01:04 212.158.8.164:80 192.168.0.2:1101 Port 1101 (TCP)
2005/08/25 13:24:38 213.161.82.31:80 192.168.0.2:1484 Confluent License Manager
2005/08/25 13:24:36 213.161.82.35:80 192.168.0.2:1497 rfx-lm
2005/08/25 13:26:25 216.35.123.100:80 (media.theforce.net) 192.168.0.2:1403 Prospero Resource Manager
2005/08/25 13:26:25 216.35.123.100:80 (media.theforce.net) 192.168.0.2:1404 Infinite Graphics License Manager
2005/08/25 13:26:25 216.35.123.107:80 (www2.acvault.com) 192.168.0.2:1396 DVL Active Mail
2005/08/28 18:32:36 216.39.69.76:80 192.168.0.2:1567 jlicelmd
2005/08/25 13:27:00 216.183.112.221:80 (cheatcc.com) 192.168.0.2:1416 Novell LU6.2
2005/08/28 18:32:41 216.239.59.103:80 192.168.0.2:1543 simba-cs
2005/08/28 18:33:12 216.239.59.103:80 192.168.0.2:1542 gridgen-elmd
2005/08/25 13:26:06 216.239.115.135:80 (c10-gs-xw-lb.cnet.com) 192.168.0.2:1382 Port 1382 (TCP)

(I decided to only go back a few days, but it has been going of for a while)
My ISP is Tiscali, and i cant find a email address for this sort of thing. Should i phone them?
(since i posted this i have had quite a few more)

Edited by SmartKid, 30 August 2005 - 02:57 AM.