This site is overun with hackers or worse!!!

zatoichi2

Well-Known Member
Since joining 3 months ago, my PC has become a disaster. Somehow rootkits are being planted on user's PC's. Used Malwarebytes which removed about a dozen, and had to use TDSSKiller, to get the last one, which was trying to go out to 5 addresses in Herndon Va, home of the FBI.

Visited this site today, and Malwarebytes blocked another rootkit from being planted, as soon as I posted a reply to a post. Was using XP, switching to an obscure Linux, if I visit here again.

You need to setup a SNORT IDS sensor, and honeypots or honeynets, to catch the bastards!!!!
 

stickyicky0420

Well-Known Member
yea same thing keeps happinging to me someone keeps hacking on my comp and my blocker tells me only happens when im on this site
 

zatoichi2

Well-Known Member
If you use an obscure Linux, and can change the directory structure, no one will infect you.

Honeypots (and honeyD, which creates numerous virtual pc's to be attacked), honeynets, and honeywalls, are advanced pro-active intrusion detection.

Willing to help those in need, to sharpen skills.
 

zatoichi2

Well-Known Member
How bout macs?

How do you find out if this is happening?
My computer was brutally slow, I googled malware detection, and found Malwarebytes, for free and downloaded from c-net, which has been safe for decades. As soon as I installed, it had pop-ups about outbound connections it was preventing. Ran a scan and it removed all it could find. Rebooted and it started to try to connect to 4 addresses in Herndon VA, home of FBI. Needed TDSSKILLER to get rid of that. Mac's were not targeted much in the past, but who knows now. I have zero Apple experience.
 

zatoichi2

Well-Known Member
After installing Malwarebytes, I got outbound connection attempts from UAE, New Delhi, Netherlands, Turkey, and Leningrad. Ran their scanner which found 15 malicious trojan/rootkits, and removed. After that I got attempts to 4 addresses in Herndon Va, home of FBI. TDSSKiller also on c-net killed that. WIll install some honeypots/honeynets, to see if there are any other problems.

Willing to help any with problems!!!!
 

zatoichi2

Well-Known Member
Can a moderator comment on what is being done about this. If servers are hosted in-house, you are responsible. If you use an ISP, it is their responsibility.

I will setup an IDS and honeypots/honeynets, for you, all public domain (just cost of PC's).
 

keepitcoastal

Well-Known Member
how do i setup an ids and honeypots for myself. i would rather the fbi not have my address and shit although if all this true its probably too late. i think id like to get them off before they can build anymore of a case on me lol
 

zatoichi2

Well-Known Member
how do i setup an ids and honeypots for myself. i would rather the fbi not have my address and shit although if all this true its probably too late. i think id like to get them off before they can build anymore of a case on me lol[/QUOTE,

First, Install the software I have recomended, and run full scan. If you get messages about attempted outbound connections, let me know, and I will help. If it can clean any, let it do it. I had one that required additional removal, with TDSSKiller. That was the one pointed to 4 addresses in Herndon VA.
 

zatoichi2

Well-Known Member
how do i setup an ids and honeypots for myself. i would rather the fbi not have my address and shit although if all this true its probably too late. i think id like to get them off before they can build anymore of a case on me lol[/QUOTE,

First, Install the software I have recomended, and run full scan. If you get messages about attempted outbound connections, let me know, and I will help. If it can clean any, let it do it. I had one that required additional removal, with TDSSKiller. That was the one pointed to 4 addresses in Herndon VA.
Sorry, look at whitehats.ca, the seeker/shadow sensor for awesome IDS. You can configure internal and external interfaces to monitor for direction, I found major flaws at a LARGE pharmaceutical, by declaring all traffic dangerous, not just outside to inside. Someone installed a modem in Brazil, inside, attacking 50,000 PC's, worldwide.
 

zatoichi2

Well-Known Member
how do i setup an ids and honeypots for myself. i would rather the fbi not have my address and shit although if all this true its probably too late. i think id like to get them off before they can build anymore of a case on me lol
Snort is whitehats.ca the seeker shadow project. Honeypots/nets/etc, are honeynet.org. They produce false targets, to see if miscreants are trying something. There should be no traffic to or from. Originals were PC's, now emulated PC's of your choice of configuration (OS, Patch level,etc).

Willing to help, to sharpen my skills. Have been out of it for awhile.
 
Top