How to tell if you are being hacked?

[jasonxxx102]

Is there anyway to tell if you are under attack or being hacked? Like signs or anything?

[ayu]

Well, Big-E told me about this a while ago

http://www.ossec.net/

Try it out =)

Dunno if the server is available on Windows though....

Anyway, signs you say..... well that could be anything...

When someone for example would get a reverse shell to your comp, the only thing i can think of that you would notice would be to check if there are any "suspicious" open connections.

Like open the command prompt and check netstat -n (or wtf the line was, can't check because i don't have windows installed on any machine atm)

Anyway, get yourself an intrusion detection system =) should do the trick, at least to catch the "not so discrete 'hackers'/worms"

[jasonxxx102]

Thanks Cats... The only problem with that software is you need an authentication key and I cant seem to find 1... But currently I have Fort Knox security installed and it moniters all incoming and outgoing connections.

[Nerdz]

How I notice I'm not being hacked...

I run processexplorer and watch all of them...
I run tcp view and check all the connection
I run hijackthis...

[nightkid]

signs...
the people who are going to hack you and cause damage are usually script kiddies so have a anti-virus & firewall. pay attention to files being sent to you and any errors when you open the file, look at the file extension, if they say it's a pic and has the extension .exe, their lying.

[ayu]

signs...
the people who are going to hack you and cause damage are usually script kiddies so have a anti-virus & firewall. pay attention to files being sent to you and any errors when you open the file, look at the file extension, if they say it's a pic and has the extension .exe, their lying.

yes well those would be skiddie signs

Let's say that an actual pro gets into your computer, he wouldn't send you a file. He may simply use a vulnerable service running on your computer.

Well, this is rare ^^ but you never know!

[bad_brain]

well, if you want to have professional information about attack attempts and suspicious activities against/on your system go for Snort, it is the #1 IDS on servers, and it's even for free.
assuming you use Windows:
http://www.snort.org/dl/binaries/win32/
this is a professional tool, so don't expect a shiny "click here"-GUI, you have to know at least the basics of networking to be able to analyze the logs...but it's not that hard and an opportunity to learn...

[DNR]

For one, if you have just a regular desktop PC, you don't have any services running. Its not a server, its not set up for mail, web hosting, or file sharing. You should have file and services sharing disabled. You should have a host-based firewall running.

Its all too easy to blame computer problems on some hacker, but many times it is bad administration of your box or just a virus or malware you DL'ed - and that is not quite the same as having a hacker in your box.

The only way you will know if you have an attack or intrusion is by understanding your firewall and running an IDS - this provides clear, factual, proof of an attack or intrusion.

DNR

[ImABitch665]

in my opinion the best way to no whether or not you've been hacked is if your computer says "YOU HAVE BEEN OWNED BY -DICK- OF DICKHEADS.COM"

then its a pretty safe bet that you've been hacked....you could "almost" bet your life on it =]

[Lyecdevf]

Run up to date AV and anti-spyware. Have all of your sensitive data encrypted or password protected! Use a program called threatfire! Use a good firewall like BlackICE! Disable the services you do not need. Surf the web on a limited account....

[Arcticpheonix]

in my opinion the best way to no whether or not you've been hacked is if your computer says "YOU HAVE BEEN OWNED BY -DICK- OF DICKHEADS.COM"

That would do it!

Also if you've recently pissed off someone who may have the skills needed to hack your system, and then find that stuff suddenly stops working properly, theres a good chance you were hacked.

As for how to know if you're BEING hacked, the only way I can think of has already been said: a good AV and/or some kind of intrusion detection.