Giving away accounts

[Avogadro]

@argos

Okay, I understand I made it sound like "this is a simple thing" and all, but in all honesty it normally IS a simple thing. If this guy got into her computer he did it in one of three ways:
1) he got physical access to the system
2) he got her to run something that gave him access to the system, or
3) he managed to get a program on to her system using a buffer overrun or similar technique for drive-by infections.

I'd bet you money he did not do 3.

This whole "hackers can just log into the internet and go on your computer" thing is a movie plot. It normally requires physical intervention on the target computer side, 99% of the time accomplished by either tricking the user with administrator rights into making it happen or being on the machine physically. It's possible using some sort of software bug that allows code to execute on the machine, but highly unlikely. Unless this guy is some sort of super-genius and has discovered a method to buffer overrun RO, he's not likely to be sending code down to her machine. And honestly, judging by the sounds of her problem and the stuff this guy's doing, he's not. I don't know many people capable of doing things like that who are so immature. And even on the unlikely chance that he IS doing that, that's why you buy a hardware firewall and run nothing as administrator.

And if he's in the HeRO box (and really, I'm pretty sure any GM will agree that no, there are no viruses or backdoors on the HeRO server) he'd still have to find a way to get software on her machine again. Knowing someone's IP gets you virtually nothing, unless you have some reliable way of forcing code to run on their system. Think of it as your IP address is just like a street address. You can't break into someone's house just by knowing their street address.

And in case I haven't made myself clear, forcing code to run from remotely is not a trivial thing to do if you take some precautions.

Now I realize that credentially speaking, I'm not a career security professional, but I do have a degree in CS and am not just some cranky old man. But the things I recommend have proven themselves to me to prevent 99.999% of viruses and spyware from getting in, and things like not running as admin by default are the reason that, for example, it's more difficult to write an OSX virus or why Vista constantly brings up those black-screen-intervention boxes. If you have to log to admin or at least approve any software installation, it means you know what's being installed or at least means that nothing gets on without an operator knowing. And a hardware firewall. I can't say it enough. They are worth their weight in gold. All those "you'll get viruses if you put an unpatched windows machine on the internet" rumours are seriously diffused with a hardware firewall. It's not windows. It's just a firewall. Now if you want to get really paranoid, set up your wireless connection as a mac address whitelist so that NOTHING logs in without you explicitly allowing it, and in the worst case, set the firewall to respond to nothing. Not even ping. It's how our VPN at work is set up.

But what I see here is someone who is in a bind, and the obvious solution is being missed in favour of the unpleasant solution of "just give up this thing you obviously love". I just want to try and diffuse some of the despair here.

[Général_Argos]

It's not about "just give up this thing you obviously love", but about "just give up this thing you obviously love until things get fixed."

All yours "Things aren't so bad" is why servers get hacked. Underestimating is a major flaw.

[n3xus]

avo, thanks for trying to help teot.??it was a pretty detailed list.??but there were several things u failed to mention such as antivirus, etc.??

there's several different possibilities out there.??i'll just talk about a few.??there's pdf exploits and all u gotta do is open a pdf file.??granted this requires user intervention, but it's real EASY to trick someone to open a pdf file if he's someone u know, as in her case.??(btw, adobe patched this with their latest version).??how about the flash exploits???u go to any sites like myspace or any other pages that allow flash on there???No intervention except going to the website.??there's tons of tools out there.??even point-and-click exploits that your average run-of-the-mill script kiddie can use against unpatched systems.??there were even .avi exploits a couple of years ago. there goes downloading clips off the internet if you're unpatched =/

Quote:And honestly, judging by the sounds of her problem and the stuff this guy's doing, he's not.??I don't know many people capable of doing things like that who are so immature.??And even on the unlikely chance that he IS doing that, that's why you buy a hardware firewall and run nothing as administrator.

from what she posted, i can see why u think that.??i did at first also.??but she gave me more details that gave me different opinions.??it's pretty hard to stop a determined hacker.??especially if u're a regular home user and not someone who is into security.??i use both a hardware firewall and a software firewall and still see things get through. for example, if things line up correctly, a normal website link can possibly reset your router's password if they were left at default rofl. then take it a step further and give yourself access and boom, hardware firewall is down.

i'm just saying they are out there and it's not as hard as u make it out to be.??doesn't matter if it's not run as administrator.??all the hacker needs is an initial point of entry and then use point-and-click tools to try and escalate privileges to admin.??

i am a career security professional.??i've even had to track down evidence against hackers before.??and the only thing i've learned is that the internet is a scary place if u piss off the wrong people lol.??makes me even more paranoid.??for the most part, your suggestions are great.??they're just lacking a few extra things, especially if u've been targeted. hackers that know what they're doing usually don't go after individuals. there's no real motivation (or money xD) unless u make them angry.

[Fruityla]

Somehow all this makes me slightly paranoid @_@

[Teot]

Hey Avo! Thanks so much for the advice. I have formatted and done many of the things on the list. The hacker does come on the forum and read all this stuff so I cant say much. I do know the hacker is playing on the server because thanks to Broadcast of characters created, I was able to see the name log on the server, it was too coincidental. I had already asked someone to do an IP check and it indicated that it is that person I know hacking me, who is living in california. that person is sneaky and kniving. The hacker can gain my IP by just knowing that I play on ANY RO. I know it because that person did it in my past server and I had stopped for a few months (formatted in between) and then started playing RO on another server again and it found me (most likely bc I used the same nick name Teot). The Hacker has access to my chats and that of a friend whom we had spoken together, which puts keyloggers aside since the hacker had my friend's chat too who also plays RO.
My Hacker does not have access to my PC physically. The hacker lives in another country than me. I know who the hacker is because the mother of the person who is having access to my chat admitted that it is the person I know it to be and how it got my chats. But I have protected myself. I only log onto RO when I'm on a public computer at libraries. My PC is protected with antivirus with the guidance of Nex (Machi) who is a big help as Avo too. I hope to return once the detective calls me back and we put my hacker back in place. I have proof, that my hacker has been in my pc but I cant give this information bc my hacker is reading this now. I miss you all. Imma log on Hero now, just to say hi to everyone. I'm on a public pc ^_^

[Fruityla]

Sounds like your hacker is about to get noobed

Although I still can't think of any reason for someone to go after you like that o_O; but I don't know the details of it either.

[mahawirasd]

well beauty is in the eye of the beholder...

and longing for some1 may drive ppl to stalk (either physically or electronically) the object of adoration...


-w-

PS: to avo and n3xus, try a nifty little software called "norton Ghost"... does wonders...

just install everything (including all necessary software, etc), set all the detailed setting, etc.
then restart...
back-up everything on startup with the norton ghost, and use the computer anyway you like... (DO NOT save work files on the same drive as the OS, as they are NOT backed-up)

whenever you feel your computer is slowing down or a hacker is present, or whatever, use the norton ghost... saves you from having to reinstall everything from scratch... takes less than 15 mins!!!
then update everything, and make a new back-up (just overwrite the old one) and repeat... have fun

[HunnyCakes]

sigh.. what an idiot. some people gotta have lives.

i dunno the real story but i suggest not not to react on what this person does to you, dont speak or show any sign that he is really getting to you because this will keep them going. they dont care what kind of attention they get as long as its attention.they feel more empowered when they knew they are getting what they want from you.the more you feed this, the bigger it will get (im sure they're flattered by this post) and the more pain and suffering they can cause, the better they feel about themselves. stalkers make it personal-u keep it impersonal. i know its easier said than done. but things u can do to deal with it imho. im not a computer savy so id just suggest to get top of the line internet security to make it almost impossible for them to get thru your system! +1 to machi and avo for trying to help you in terms of that. but if everything else fails and he threatens to get physical, equip urself with a peacemaker and keep it loaded all the time XD. im sorry you're going thru this i hope u settle all of this soon and not give up what u love doing.