Sharks445

Reputable
Mar 10, 2014
168
0
4,690
2
So I run a web server, so my computer stays on all night. I also have RDP (remote desktop) on as well. So one day I wake up and see that some dude from Africa created a new account on my computer through RDP. I only had a guest account on, and my main one has a password, so I was wondering how the * did he create a new account? It gets worse. The new account he created was ADMIN. This dude made himself admin on my PC. So I figured maybe he cracked my password. So that day I deleted his account, turned off guest account, and changed my password. The next day I see this dude created a new admin account AGAIN. Unless he has some logging software, (which he doesn't on my PC) I am still trying to figure out how the * someone achieved a huge feat in hacking. Anyone got any ideas?
 

McHenryB

Admirable
Jan 31, 2015
2,021
0
6,460
439
There are several programs that will allow brute-force password attacks on Windows systems. Opening RDP to the Internet is the equivalent of leaving your front door open and inviting hackers to sit down at your computer and try to log on. Actually, it's worse than that because it's easier to run a brute-force attack over a network that sitting at a keyboad and doing the same thing.

I'd say that your password isn't complicated enough and your Internet security is non-existant. And, just as an aside, how can you say that the hacker hasn't installed logging software on your computer? It sounds as if he's a lot more astute when it comes to low-level attacks than you are, and he has had unrestricted access to your computer.

I would format your hard disk and reinstall Windows. Even that might not be enough against a good hacker.

Bottom line - it's not a "huge feat in hacking", it's something that the average script kiddie can do with the appropriate software.
 

McHenryB

Admirable
Jan 31, 2015
2,021
0
6,460
439
There are several programs that will allow brute-force password attacks on Windows systems. Opening RDP to the Internet is the equivalent of leaving your front door open and inviting hackers to sit down at your computer and try to log on. Actually, it's worse than that because it's easier to run a brute-force attack over a network that sitting at a keyboad and doing the same thing.

I'd say that your password isn't complicated enough and your Internet security is non-existant. And, just as an aside, how can you say that the hacker hasn't installed logging software on your computer? It sounds as if he's a lot more astute when it comes to low-level attacks than you are, and he has had unrestricted access to your computer.

I would format your hard disk and reinstall Windows. Even that might not be enough against a good hacker.

Bottom line - it's not a "huge feat in hacking", it's something that the average script kiddie can do with the appropriate software.
 

Sharks445

Reputable
Mar 10, 2014
168
0
4,690
2



But the thing is that my passwords are complicated enough for protection against any bruteforce attack. I even checked, my password would take thousands of years to crack, so password's not the problem. I also have firewall enabled, any logging alware won't be able to access the internet anyways
 

Sharks445

Reputable
Mar 10, 2014
168
0
4,690
2


Aside from him creating the accounts, he has not touched any file inside the system. I have his IP address, so I can just block him if he does something again.
 

Sharks445

Reputable
Mar 10, 2014
168
0
4,690
2


Simple, just block the IP range of his ISP. It's probably not a big ISP anyways, it's situated in Africa
 

Sharks445

Reputable
Mar 10, 2014
168
0
4,690
2


Security testing. Besides, I don't have important data on this server
 

McHenryB

Admirable
Jan 31, 2015
2,021
0
6,460
439
But the thing is that my passwords are complicated enough for protection against any bruteforce attack. I even checked, my password would take thousands of years to crack, so password's not the problem.
The facts would appear to prove that that is not true. Either that or what you are reporting happened didn't.

BTW, how do you know that he is from Africa? Do you have a room-mate? It could be a simple case of social engineering, or you've written the password down somewhere. If it's as complicated as you say, how do you remember it?
 

Sharks445

Reputable
Mar 10, 2014
168
0
4,690
2


His IP Address traces to a country in Africa. It might not be him, but could be a VPN server. As for the password, it's not very hard to create a password that is hard to brute-force.
check out the site : https://howsecureismypassword.net/
the password 'password12345' would take a thousand years to bruteforce
 

McHenryB

Admirable
Jan 31, 2015
2,021
0
6,460
439
As far as you know.

I have his IP address,
That's what you think. You may not be right.

so I can just block him if he does something again.
So block him and forget it.

 

McHenryB

Admirable
Jan 31, 2015
2,021
0
6,460
439

I'd say that must be a pretty useless website. You wouldn't even need to do a brute-force attack on that password. It's one of the first ones that any half-decent password-cracking program would try.

Your password looks like it might just be a word and a few digits. This is a very common pattern and would be cracked very quickly.
So, not a thousand years.
 

Sharks445

Reputable
Mar 10, 2014
168
0
4,690
2


My password contains 3 numbers and and 9 letters, and is uncommon, and it is almost impossible to bruteforce that in less than a day, which is what you're thinking the hacker might have done. And on top of that, he would be bruteforcing over the Internet, which is Orders of Magnitude slower than a local bruteforce.

If anything, I think we can leave bruteforce out of the possibilities.
 

Sharks445

Reputable
Mar 10, 2014
168
0
4,690
2

Even if he has, I have a firewall that prevents any applications other than those permitted, to access the internet. All anti-virus scans are clean.
I have now toughened security and I want to test it by leaving it open to hackers. Not much important data's in the server anyways
 

McHenryB

Admirable
Jan 31, 2015
2,021
0
6,460
439

OK. Despite the "thousand-year password that would in fact be crackable in a second or so, I'll accept what you say. In that case, the only logical conclusionmis that the guy has put a keylogger on your system. Obviously, he has hidden it so that it doesn't show in the list of processes - not difficult to do. Your system is compromised.

 

alpha27

Distinguished
Jan 1, 2014
97
0
18,660
5
hmm I had 42,000 hits in 1 week on my firewall a few yrs back in xp
lol ive seen some funny * happen to my pc
like symatec disabled be4 my eyes a few hrs after reinstalling everything
the one I like most was a hax on my pc where every where I clicked it said "access denied" even on the start bar... lmao
 

McHenryB

Admirable
Jan 31, 2015
2,021
0
6,460
439
To come back to social engineering, here's a little theoretical scenario:

Being a nasty sort of guy I want to capture people's passwords and IP addresses so that I can try hacking into their computers. But surely people aren't going to just give me their password, are they? :( So, being devious, I set up this web site that offers to check passwords to see how secure they are. And indeed, it does that, and does a very good job of it. But that's not all it does; let's look at what information I am now getting:

The IP address of a computer.
The operating system being used on that computer (from the http headers).
A password that is very likely to be set on that computer.

OK, so I won't hit the jackpot every time, but it's a nice little scheme. Who says people won't just give me their password? :)

Of course, no-one would fall for a scheme like that, would they? :??:
 

Sharks445

Reputable
Mar 10, 2014
168
0
4,690
2


Damn, I never thought of it that way. Surely this is a viable means of attack.

The NSA probably buys Google's and Facebook's data, including passwords, so really something like this is not unheard of.
 

ASK THE COMMUNITY

TRENDING THREADS