Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home network acts like under hacking attemp?


  • Please log in to reply
7 replies to this topic

#1 HoSDo

HoSDo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 18 August 2012 - 11:02 AM

Hi guys!

Finally I've to post here for the first time to ask direct help. From yesterday evening I'm really concerned about what's going on here in my home network:

- 1 Linux ubuntu machine, release 10.04
- 1 Windows 7 laptop

Everything started as in the past, Msn not loggin in from the Win 7 laptop. Quite usual, tried to access www.hotmail.com from firefox and page was 404 not reacheble. Strange, did the attempt from linux and it worked perfectly.

I then tried to access google from the win 7 machine with https protocol and firefox answered with the expired certificates security warning. This started to be annoying, so I decided it was time to install hijackthis for a register check.

When I accessed hijackthis.de, the "direct download" link up left in the page showed a link to facebook, I was not fast enough to read it but I noticed a part aiming to "bleep please" profile. I then found a "Like" on that page that I never open before! On the second click attempt, I was redirected to the link to trendmicro's page but when I tried download HJT every click was a redirect to upper page. From the linux machine, I reached the right download but the file I downloaded was only 254 bytes long.

While all this was happening, my email box got filled by email alerts from my router's internal firewall, showing many attempts like TCP Fin, Vecna Scan, Smurf, UDP flood and so long. Through the WHois function in ubuntu, i discovered that many of the addresses were from my provider, akamai or even microsoft but some of them were also unknown to me.

I decided to close the open ports for emule and rise the security level of the firewall from medium to high just in case. I also deactivated the wireless function from my router and this (maybe a coincidence?) caused the ATM to go down and refresh.

Form that time forward I still couldn't open correctly the hijackthis.de page, facebook link come every time on the first seconds the page is open: to be specific on this, in the first 10 - 20 seconds the page acts like it is a whole link, like an image from malware pages. I took the hijackthis installation from the linux machine in a second time and run it on windows: nothing seemed strange.

If you have some clue on this because I don't really know what to do now, also the fact that linux machine seems to be affected by the same issue then the win 7 machine gets me a bit scared about what I'm I facing. I know that some scanning could happend on my address, but getting 10 alerts a time every hour is telling me that something weird is really going on!

Hope you have some answer for me!

BC AdBot (Login to Remove)

 


#2 HoSDo

HoSDo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 18 August 2012 - 11:14 AM

A pair of screenshots from Ubuntu


Posted Image

Posted Image

In the first I had the facebook page open, in the second not. And the link is loaded either.

Edited by HoSDo, 18 August 2012 - 05:06 PM.


#3 HoSDo

HoSDo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 18 August 2012 - 04:22 PM

Another guy reported on facebook that he experienced same issue as I am, hope he will post here too.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:22 AM

Posted 22 August 2012 - 03:09 PM

Something is not right with HijackTHis.de. I just went and its prompting me to enter a survey before allowing me into the site.

#5 HoSDo

HoSDo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 22 August 2012 - 03:30 PM

Honestly Monday seemed back to normal, perhaps they are under some kind of hacking attempt. But could it be that people accessing there get infected in some way? I noticed that my Ubuntu machine is generating wide amount of outbound traffic that gets stopped by my firewall, quite strange... I know ubuntu usually don't get infected, but it could get hacked some way.

And what about this, if I look for "Bleeping Computer" profile un FB I couldn't find it, I can access it only by writing the URL manually; also right now I got a notify for an answer to my post on the page but I couldn't even locate and read it....

Same here, I do have "notify new replies by email" but I received no email for your post!

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:22 AM

Posted 22 August 2012 - 04:50 PM

For notifications make sure you are set to immediate and not delayed. Delayed has always been buggy.

As for facebook, I am not sure what the story is there. In the search field, nothing comes up when you type Bleeping Computer or BleepingComputer?

As for hijackthis.de, I really really doubt your ubuntu machine was affected. If there is anything going on there it is purely coincidence.

#7 HoSDo

HoSDo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 23 August 2012 - 07:05 AM

As for facebook, I am not sure what the story is there. In the search field, nothing comes up when you type Bleeping Computer or BleepingComputer?


Many but not the Official BleepingComputer!

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:22 AM

Posted 23 August 2012 - 12:08 PM

Strange. I am not sure what to tell you. What browser are you using in Ubuntu?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users