Re: Found hacker's folder

From: Jonathan Martin (jmartin@srisk.com)
Date: 04/03/03 

From: "Jonathan Martin" <jmartin@srisk.com>
Date: Thu, 3 Apr 2003 11:05:53 -0500

http://internic-whois.com/
http://www.arin.net/tools/whois_help.html

Both above will tell you who the IP address is registered to and who the ISP
is. In the event that the hacker, if it is a hacker, doesn't have a static
IP, it will still display the ISP's name. When you call their abuse
department, they should be more than willing to help. After all, hacking is
considered by the Government as terrorism now. Go team.

Another helpful free tool is Neo Trace Express. Is has a very good whois
lookup tool. Check it out at the address below.
http://www.networkingfiles.com/PingFinger/Neotraceexpress.htm

As for the logs, that depends on your system. Since you posted in W2k AS
section, I know your general platform. However, W2k doesn't give a very good
security log. It's in the event viewer.

The logs I rely on are in my firewalls. Do you have any kind of security
hardware/software? That would be the place to look.

Here's another tool you may be interested in; Microsoft Baseline Security
Analyser. It will check out any system on your network and let you know what
to change. Another thing to look for is the IIS lockdown tool. Good stuff.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/Security/
tools/tools/MBSAHome.asp

"yazan" <yansoona@hotmail.com> wrote in message
news:06ce01c2f966$b7d33d90$2f01280a@phx.gbl...
> Love those ideas. Can you tell me where the whois database
> is? where the security logs are, how i can find his name
> through his iP and all the stuff? thanks I really want
> revenge because the guy keeps pinging then opening up 100
> processes of cmd.exe and net.exe
> >-----Original Message-----
> >First, find out your own IP address. Second, if you have
> an IP address, find
> >out who provides their service - which ISP. If you call
> and complain to an
> >ISP about there customer's hacking, they'll listen.
> >
> >You have what looks like an IP address? Are you familiar
> with the WHOIS
> >database? Search it out. It will tell you who that IP
> belongs to.
> >
> >Do you have any firewalls or other security devices? If
> so, check there
> >logs. Check your W2k security log.
> >
> >If you really want to have some fun, find out who they
> are, and this can be
> >done, and leave them a message with his/her's name on it
> in the hacker's
> >folder - put a fake virus in there aswell. Make every
> icon in that folder
> >link to the FBI's Cybercrimes devision:)
> >
> >"Yazan" <Yansoona@hotmail.com> wrote in message
> >news:067a01c2f95e$7b076740$3301280a@phx.gbl...
> >> I found a folder that i really suspect (99% sure) is
> being
> >> used by this hacker i don't know that is bugging me.
> >> There's a file called f***flood.txt (i sensored it), 3
> ini
> >> files, one remote.ini, another mirc.ini ( i never
> >> downloaded mIRC on this comptuer) and the last .ini is
> >> called aliases.ini. There's bnc.dll and moo.dll, another
> >> file called ie6.dat ( i have IE5) , a hidden file called
> >> kernel33.exe, 3 more, 1 called wi354.dat and one
> >> win32.dat, and the last one is psexec.exe. A question is
> >> should i delete all these files? Before christmas
> windows
> >> explorer wouldn't boot up, and i'd have to open task
> >> manager and open explorer.exe by myself. then somehow it
> >> stoppped, and now it's back again. the file
> f***flood.txt
> >> says it's the mIRC ITG terrorizing group. I also found
> >> their 'database' or somethign i think. pop.mircx.com. I
> >> want tips on how to stop these annoying hackers. And
> there
> >> are some weird variables in the INI files that mention
> >> some sites and servers; local=pc-62-31-122-47-
> >> ud.blueyonder.co.uk; twisted.ma.us.dal.net, and some
> other
> >> ones. I also found an IP in there, i'm sure it's not
> mine
> >> so i'm guessing it's the hacker's or hackers' ip, sorry
> >> for such a long post. Any tips on stopping the hackers,
> or
> >> should i delete the files and stuff, would be wonderful.
> >> Thanks
> >
> >
> >.
> >

Relevant Pages

  • [Full-Disclosure] Administrivia
    ... directly related to security concerns per se. ... I consider myself to be a hacker, ... >> was the motivation in days gone by. ... >> The idea that with great power comes great responsibility is one that I ...
    (Full-Disclosure)
  • Re: Mac OS X hacked under 30 minutes
    ... a Swedish Mac fan posted a web site that challenged all ... updated it to Mac OS X 10.4.5 and fixed some security issues. ... As there was no cash prize associated with the contest, ... The hacker, known only as "gwerdna," explained what he ...
    (comp.sys.mac.advocacy)
  • RE: 0-day exploit..do i hear $1000?
    ... security industry, then after money is confirmed deposited to fund, hacker ... Security firm 123 implement patches for brain dead clients. ... CUA codes the exploit ...
    (Pen-Test)
  • Re: Gallery 1.3.3
    ... I am forwarding this response from the Author of Gallery who posted ... Recently there was a post on BugTraq, that referred to a security hole ... was refers to is the fact that on a shared webserver it's possible for ... webserver is managing data for you via a web interface and your ISP ...
    (Bugtraq)
  • Re: A Challenge
    ... It is not a crime to be a hacker. ... > This section is called paranoia. ... > criminals as a result of the popular media. ... We didn't design some new security ...
    (comp.security.misc)