Ask MetaFilter questions tagged with hacked

Did my email get hacked? What to do now?

Anonymous — Sun, 10 Mar 2013 18:17:44 -0800

I think my old email just got hacked. I received some spam, from my old email address itself, (and the "From" part had my name and email, even though I didn't send it, as the spammer did) and about a dozen "unable to deliver" messages from my old email's "mailer daemon" (this is on yahoo). In those messages and the email that was successfully delivered to me on the old email and my newer accounts, it lists countless numbers of other people and contacts, including high school teachers, bosses, family, friends, potential employers, and even friends of exes. Most of these people aren't even in my contacts list, but I still have emails from them/to them (this is an old but relatively recent email that I've kept for nostalgic reasons). I am mortified that all of these people, none of whom I've spoken to recently in at least the past couple of years (and in some cases, longer), got this spam from "me" out of the blue. Should I delete this email address, in case it may be compromised by a hacker? Should I email these people to apologize, even though we no longer are in touch? I have already changed the password and don't know what to do. Any help would be so appreciated. It happened a couple of hours ago as I was checking my email on my phone, where I can see the new mail from all of my accounts, including personal, professional and the old account. I feel so mortified and embarrassed that all these people in my old account got spam from my old email, except the addresses that were unable to receive the emails (as noted by the failure messages). Some of the people it reached were bosses, employers and friends of an ex, as well as high school teachers and admissions reps at colleges. Not everyone that got spammed were on my Contacts list, so I'm thinking that the spammer or robot that did this found the email addresses through looking at past mail. I feel such an invasion of privacy.

I have no idea how this really happened, but I'm wondering, should I email any of these people to apologize? I am not in contact with any of them anymore, (some of whom I voluntarily estranged myself from, such as an ex-friend who had drug problems) so I feel really embarrassed this happened. I'm hoping the emails went straight to the spam folder, but just thinking about the possibility it didn't makes me feel worse.

What should I do now that this happened? Should I apologize to anyone, or just let it go, as none of them are in my life anymore? Should I delete the email and change all of my other passwords? Make sure there haven't been any illegal charges on my credit card, etc? What do you think happened here?

I am very confused, so any help would be much appreciated. Thanks so much in advance!

Hacked. Hope me.

kathrynm — Thu, 06 Dec 2012 05:18:34 -0800

Just found out my site was hacked. Can't figure out where. Site in question is in my profile. The google webmaster alert I got seems to make it out to be in example.net. Example.net is a wysiwyg made landing page (don't laugh too hard). I couldn't see anything in the page source. If you google my site, there's definitely link spam there.

How do I find it?

The whole site is a static page, wordpress (up to date in both software and add-ons, I check daily), a pigwigo photo site and a link to my youtube channel thing.

Talk to me like I'm 5. No better make that 95. Fibro makes it hard to understand and I might just move back to wp.com and find a image hosting site (recommendations welcome).

My Google results are being hacked.

wile e — Sun, 25 Nov 2012 10:21:20 -0800

Somehow my website's Google results are redirecting to another location. If you type in this website right into the url, you get the proper website. The Rock Delusion

But if you Google for the site, type in The Rock Delusion into Google search, it redirects to some hacked location. Why website doesn't appear to be hacked, nor my hosting. But I can't seem to figure out where or how this is happening. And it is not only this one site, but a few others as well.

1and1.com hosting and the sites are all Joomla created sites, if that matters.

Thanks.

Who was hacked?

amarynth — Fri, 23 Nov 2012 12:47:36 -0800

My dad got a spam email with my (unusual) full name listed as the sender, but from a random email address with no association to my name. Was his contact list compromised or was mine? The email address it was sent from has no relation to any of mine and doesn't use any part of my name. Just in case, I checked my sent mail and nothing was sent from my account.

His email account was hacked a few months ago and used to send spam to his contacts, but he has since changed his password and has had no other problems.

Recover hacked VPS logs

kithrater — Thu, 02 Aug 2012 21:30:53 -0800

Is there any way to recover data from a VPS that suffered a rm -rf? A kind, anonymous individual decided to solve my memory-storage problems on my virtual machine by way of rm -rf. According to the host, only the /dev and /proc folders remain. Fortunately, I have a server snapshot from the start of the month, so nothing significant will be lost.

However, I would really like to know how this kind, anonymous individual managed to execute the command. Is there any relatively easy way to recover enough data from a virtual machine being hosted by a third party, in order to reconstruct the logs at the time of the attack?

Please recommend a secure and affordable WordPress host

parrot_person — Thu, 12 Jul 2012 21:41:50 -0800

What web host for a small business WordPress site would you recommend as being secure and affordable? Clients of mine have just had their WordPress site hacked. They were hosted on HostMonster, and found the response of HostMonster to this incident to be... less than stellar. They now want to switch hosts. What hosts play well with WP, are relatively affordable, and have top-notch security, including accessible, polite and helpful customer service if something goes wrong? They are probably looking at a shared environment, I doubt they would spring for a dedicated box.

As a bonus, if you have any non-common recommendations to make as to how to secure a WP site, I'd love to hear them. (I know about standard advice such as avoid suspect plug-ins, update WP, use secure passwords, etc. etc.) Note this site used a custom theme that I did not write and don't know much about. The person who wrote the theme says that it is secure and seems familiar with security risks and specific vulnerabilities to avoid (such as not using timthumb).

Someone is inserting ads into my Firefox Google SERPs

Elminster24 — Sun, 03 Jun 2012 19:22:17 -0800

Something is hijacking my Firefox and stealthily inserting ads into my Google SERPs (and god knows what else). How do I figure out where its coming from? I noticed not too long ago that when I'd search for something on Google, the ads wouldn't display immediately at the top, and when I'd go to click something up there, or after a brief delay, they would pop in.

Now, I manage paid search at an agency for a living so I was wondering if this is something new Google was testing--they test this kind of thing all the time. I could see them testing that because it was timed in a way that would increase the rate of accidental clicks on ads.

But then I noticed something...the URLs were odd.

In Chrome, when I search for say, "lawnmowers" I get the following from one of the ads:

http://www.google.com/aclk?sa=L&ai=C9MZ2-BjMT86vNuSZsgKV__j6BvGJmOkDkZeF4FGqotYHCAAQAygDUO3p58UHYMmG_4fwo-wSyAEBqgQcT9DJnjpJ_Vn8luLujYZ9QimnmQr1PhzoXAMsKw&sig=AOD64_02j6mNPV2dJmzXIozqtZwpup40Tw&ved=0CB4Q0Qw&adurl=http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers/h_d1/N-5yc1vZbxcf/h_d2/Navigation%3FcatalogId%3D10053%26cm_mmc%3DSEM%7CTHD%7CG%7CSTO%7CDSK%7CD28I%7CLawnMowers%7CTractors%26skwcid%3DTC%7C14776%7Cyard%2520tractors%7C%7CS%7Cb%7C21840481289&rct=j&q=lawmowers

However in Firefox, where I've been noticing the issue, I instead get the following:

http://google-co.com/xml/click/?m=60860&f=444184&r=748108021&p=0&h=homedepot.com

A little sleuthing shows the following info for the google-co.com domain:

Registrant:
DDD
230 4 st
ny, ny 10012
US

Domain name: GOOGLE-CO.COM

Administrative Contact:
davis, danny
230 4 st
ny, ny 10012
US
+1.8776936215 Fax:

Technical Contact:
davis, danny
230 4 st
ny, ny 10012
US
+1.8776936215 Fax:

Registrar of Record: MISK.COM
Record last updated on 2011-Dec-19.
Record expires on 2014-Dec-19.
Record created on 2011-Dec-19.

Domain servers in listed order:
NS.WEBAIR.NET
NS2.WEBAIR.NET

I sent this person a somewhat casual email saying I'm an internet marketer and was curious how he was doing that--don't expect a response though.

In any event, clearly NOT Google. So how do I trace what is happening here and figure out where it is coming from? Spybot didn't find anything...

The day after the hacking...?

Anonymous — Sat, 21 Apr 2012 07:04:34 -0800

My website was hacked. What now? I have a small ASP project website that I run on a shared server using a third-party hosting provider. Upon visiting the other day, I find that the front page content had been replaced by a lovely hacked-by-so-and-so message. Based on file timestamps, it looks like this happened about March 23rd and I discovered it Wednesday (the 18th).

There appear to have been about eight files uploaded to the main site directory and the content of index.asp was changed. The new files appear to be all manner of ASP scripts designed to glean information about the other pages on the site, access to system files, etc. I can restore the original content, and I'm not as worried about the changes that were actually made. So far, it looks like none of the files in any of the important subdirectories were modified. I've already changed my password.

My questions are about the following;

1) Should my hosting provider be expected to help out or bear some responsibility for this? I called as soon as a noticed what had happened and was told to write an e-mail to technical support. The reply came the following day and basically said that I had waited too long to report the issue, that they don't have any logs remaining that would show what had happened, that they couldn't provide me with any details about whether the attacker had somehow gotten my password, and that I should change my password immediately — in other words, nothing of any use.

Is it reasonable for them to take any more responsibility or do any more to help me investigate the issue? Without more cooperation from them I can't determine what happened, so it's possible that they're at fault here. Should I demand that they look into it in more detail? Ask for my money back? Badmouth them to all my friends and clients? Or is this just the way it goes with third-party hosting?

2) Without the help of my hosting provider, how do I determine what happened?. The front page runs on ASP and AJAX — one ASP page uses AJAX to call static content from another ASP page based on the contents of a GET request. Where can I read up on AJAX vulnerabilities? What sorts of things should I look at to prevent this from happening again — if, indeed, it was my fault? With only those technologies in use, how, conceptually, might one have hacked the page? Anyone care to speculate?

How can something send mail without logging in?

bottlebrushtree — Wed, 21 Mar 2012 20:52:21 -0800

How did my Yahoo mail get hacked to send spam without showing any login in recent history? Tonight I saw a spam/virus message apparently from my dormant Yahoo mail account show up in a low traffic mailing list I am on.

I immediately logged in to Yahoo mail and was presented with the page that says my account has been dormant too long and I needed to answer some questions to turn it back on.

I then changed my password to something very tough to guess.

When I checked my sent mail I see ONLY one message was sent and that was the one to the mailing list. In my inbox there were some bounce messages to some random addressees.

When I checked the recent activity page I only see some log ins for my flickr account from a week ago and then my NEW activity since I decided to log in to see what was going on.

No activity was logged from earlier when the mail was sent (even though there is a out going message in my sent mail)

How do you think this happened?

Does Yahoo allow people in past the "your account has been dormant too long" without clearing that message the next time you come in?

Does Yahoo not log activity in that case?

Wordpress Hack Prevention

netbros — Thu, 15 Mar 2012 15:35:43 -0800

I am running a Wordpress installation on my own domain. It was hacked. For an admin fee, my web host is restoring prior to the hack. What are my best practices going forward to prevent this from happening again? Whether it be security, administration, product knowledge, etc. — please share your helpful tips for Wordpress users who have been hacked. I'd like to avoid the same hacker making the same hack after I've had the site restored.

Assume for the time being I have no desire to change to a different content management system. That may be a future AskMe question.

How do I find out if a keystroke logger has been installed on my Mac?

MexicanYenta — Thu, 09 Dec 2010 07:48:00 -0800

My nephew believes his gmail and facebook accounts have been hacked by a coworker. Hacker may have had physical access to nephew's Mac laptop. Is there a (simple) way to detect if a keystroke logger has been installed? And/or is there any anti-spyware software you can recommend? Is there something other than a keystroke logger that we should be looking for? Please keep answers as dumbed-down as possible - while I'm pretty PC literate, I've never used any Apple products other than an iPod/iPhone, plus I'm halfway across the country from Nephew. He's also new to Mac's, and he doesn't know what operating system he's running on it. We can find that out, though, if it's needed. The computer was new this past Spring, if that's helpful.

I've seen some of the previous questions here, but most of them are old enough that they're probably outdated. This one is helpful, but mostly is suggestions of how to retrieve your gmail account, which is not an issue here. He has not been shut out of his account, he's just having his privacy invaded.

Thank you in advance...

Is Microsoft really gonna make me pay for piracy?

defmute — Sat, 02 Oct 2010 22:20:40 -0800

Am I really gonna get busted for using a pirated copy of windows 7? I just sold this guy on ebay a toughbook i put windows 7 on (pirate of course). that was a week ago.
today, the man emails me and tells me that "the windows 7 on this laptop is saying it's counterfeit" and asked for the validation code. so i sent him the two serial cracks the windows 7 torrent came with. he said both of them were denied and says that "if [he] cannot validate, microsoft is consiering it counterfeit and are requesting source of the software".
so, what are the consequences of this man reporting that i put a pirated copy of windows 7 on his computer to microsoft? will they even give a shit? will ebay or anyone else give a shit?

in terms of trying to give this guy what he wants,
the computer i sold him came with xp originally but i don't have the discs anymore (but i still have a warranty with them).

the dell laptop i bought after that, however, did come with windows 7 and i DO have the discs for that.

legally, can this man use my legal copy of windows 7 (from my new laptop) on a different computer i legally purchased (the ebay laptop) or
should i just get the man a new copy of the original xp discs that the machine was born with?

thanks for all the help, all.

Help my Mum & Dad get their emails back.

djstig — Thu, 09 Sep 2010 13:21:30 -0800

I received a weird email from my Mum a couple of days ago, which was obviously from a hacked account, but I just thought that it was from a fake address as happens sometimes. However it wasn't. Please help! My Mum & Dad have had the same Yahoo email account for 5-6 years with no problems, but there seems to have been an attack on this email and now they can't get back into it. I have tried to explain procedures (via the phone) but they seemed not to be getting anywhere. I tried to login myself today, and also got nowhere.

The problem is that they also apparently had a MSN email that was their secondary account that has never been used, and all the information is being sent there. Yep you've guessed it, they are also locked out of this account.

I am trying to sort this out but coming up against a brick wall with both accounts being locked out there seems no way of getting either or even one of them opened again. The problem I (and they) have encountered is that the Yahoo account asks them to come back in 24 hours to answer a secret question, but this question is never asked and instead it seems to send the details back to the MSN account!!
I have posted on the WindowsLive site to see if that helps, but this seems to not be working either.

Is there anyway that they can get in touch with Yahoo via the phone (UK) or a direct email to help with this? Or has this happened to anyone else who knows where to find the "secret question"?

Thanks very much, and sorry for the rambly nature of this post, I hope I have explained myself well enough, my head is scrambled trying to sort this out.

How do I keep hotmail from sending spam from my closed email acct.

let444 — Wed, 01 Sep 2010 18:42:43 -0800

How can I get hotmail to stop sending spam to all of my contacts even though I have closed the acct.? I searched the older questions but they seemed gmail specific. I closed my hotmail acount and people are still getting spam (or something else) from it. I have not had any luck from customer support. I'd appreciate the help.

My accounts have been hacked

helios410 — Sat, 28 Aug 2010 08:24:50 -0800

My Gmail and Facebook accounts have been hacked. I am aware of this thread. So, what I need to find is software that locates malware on macs, or any other suggestions on how to fix this mess. Please help!

WTF Gmail?

grumblebee — Sun, 27 Jun 2010 10:38:32 -0800

Why am I getting all these "Mail Delivery Subsystem," error-message emails sent to my gmail account? Like many people, I have several gmail accounts. They all forward messages to one main account, which is the only one I check. Let's say it's called allmymail@gmail.com.

Starting yesterday, about half the emails I send and receive trigger another email to get sent to me. It looks like this:

Mail Delivery Subsystem to me

show details 1:11 PM (15 minutes ago)

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

allmymail.bak@gmail.com

Message will be retried for 2 more day(s)

Note the line I italicized. It refers to my email address but with ".bak" appended to the username part.

Have I been hacked in some way? Or is gmail just having problems? This morning, I changed the passwords on all my accounts. I'm still getting the odd emails. Note that I don't get them when I send mail to -- or receive mail from -- any particular person. I seem to get them randomly. And I get them when emails are sent to or received from any of my accounts.

Here's some more of the message (I altered my email address. It's not really allmymail@gmail.com. Otherwise, this is exactly what I keep receiving.)

----- Original message -----

Received: from mr.google.com ([10.224.87.214])
by 10.224.87.214 with SMTP id x22mr3384871qal.72.1277658708656 (num_hops = 1);
Sun, 27 Jun 2010 10:11:48 -0700 (PDT)
Received: by 10.224.87.214 with SMTP id x22mr1643148qal.72.1277567954544;
Sat, 26 Jun 2010 08:59:14 -0700 (PDT)
X-Forwarded-To: allmymail.bak@gmail.com
X-Forwarded-For: allmymail@gmail.com allmymail.bak@gmail.com
Delivered-To: allmymail@gmail.com
Received: by 10.224.53.195 with SMTP id n3cs236786qag;
Sat, 26 Jun 2010 08:59:13 -0700 (PDT)
Received: from mr.google.com ([10.213.27.206])
by 10.213.27.206 with SMTP id j14mr1049416ebc.3.1277567951138 (num_hops = 1);
Sat, 26 Jun 2010 08:59:11 -0700 (PDT)
Received: by 10.213.27.206 with SMTP id j14mr718401ebc.3.1277567951108;
Sat, 26 Jun 2010 08:59:11 -0700 (PDT)
X-Forwarded-To: allmymail@gmail.com
X-X-Forwarded-For: grumblebeemail@gmail.com allmymail@gmail.com
Delivered-To: grumblebeemail@gmail.com
Received: by 10.213.8.71 with SMTP id g7cs13889ebg;
Sat, 26 Jun 2010 08:59:10 -0700 (PDT)
Received: by 10.142.8.21 with SMTP id 21mr847516wfh.175.1277567947538;
Sat, 26 Jun 2010 08:59:07 -0700 (PDT)
Return-Path: <>notification+aymra2yn@facebookmail.com>
Received: from mx-out.facebook.com (outmail008.snc1.tfbnw.net [69.63.178.167])
by mx.google.com with ESMTP id f4si23082968wfg.42.2010.06.26.08.59.05;
Sat, 26 Jun 2010 08:59:06 -0700 (PDT)

There's more, of course. I can post the rest if anyone thinks it's important.

Note that the this email got routed from my Facebook account to my grumblebeemail account (which is linked to my Facebook account) to my global account -- and then to the weird .bak version of my global account.

But it's not a Facebook issue. This is happening with non-Facebook exchanges, too.

As far as I can tell, people are getting the emails I send them and I am getting theirs. So that's not the problem. The problem is all these weird .bak emails I keep getting.

Who hacked my amazon acount?

TheJehosephat — Mon, 31 May 2010 18:36:56 -0800

My amazon account got hacked. (besides the password) What should I change? I also know the person who hacked it has the email: vika_bbb@hotmail.com. Anyone know this guy?

I'm really not in London...

non-kneebiter — Wed, 14 Apr 2010 06:58:32 -0800

Help! My Gmail and Facebook accounts have been stolen and the passwords changed. Someone I know just called to tell me that he got an email saying that I'm in London in a hospital and need money immediately. What do I do?

They HaX0r3D my PHP!

yellowbkpk — Mon, 11 May 2009 17:34:27 -0800

I discovered that my DreamHost account appears to have been "hacked". What does this PHP code do and what's a good way to get rid of it? When I was playing around with my websites tonight I noticed tons of PHP files that weren't there before. This link is an example of one of the files that I found.

In general, it appears that it takes any file matching *.(php|html|phps), renames it to filename<random alpha in A-Za-z>.php and sticks something similar to the above-linked PHP doc in it.

I notified Dreamhost of the problem, hoping that they could dig through my backups and let me know when these files were created, but I'm not holding my breath.

1. Has anyone seen these before? They're quite hard to search Google for since it's almost completely random data.
2. What does it do? I'm assuming it's some sort of bot net drone code of some sort.
3. It appears to have only created copies of files that are accessible from a Google search. e.g. I have a few "private" web pages that have obscure directory names that only I know. These files were not modified (but are clearly read/writeable with PHP).
4. How do I clean it up nicely? I don't see any modifications to existing files, so I think I can just delete the files that were created. File sizes, names, etc. are all different.

Thanks in advance!
Sorry for the meta-question. I'd be able to narrow it down to one more specific question if I could Google it.

Can I use htaccess to deny certain non-existent directories to avoid going through my Drupal site?

kosmonaut — Fri, 02 Jan 2009 12:12:00 -0800

Can I use htaccess to deny certain non-existent directories in order to avoid going through my Drupal site (which requires connecting to my database)? My Drupal site was hacked, though my content was not touched (which is why it went unnoticed for a while). I eventually noticed and cleaned up several extra directories that had had thousands of subdirectories with spammer linking content. The whole site is fresh and fixed but now I am getting a huge amount of 404 errors from all over the world, with people trying to access these old spam directories. In Drupal, each time this happens, the 404 page is generated and the 404 error is logged, which means accessing the database, which means my database is straining just to issue all of these 404 denials.

I just want a simple apache 404 page instead (but only for these spammer urls!).

The former pages and subdirectories were all contained within three base directories (I'll call them spam1, spam2, spam3), and so I would like to use htaccess to simply deny any request for (e.g.):

mysite.com/spam1/
mysite.com/spam1/item34/spam.php
mysite.com/spam2/item23/item5/anotherspam.php
...

And any other permutation.

I don't know how to do this when the directories don't actually exist. That is, I can recreate an empty folder called "spam1" and deny mysite.com/spam1/ requests with Apache, but this wouldn't deny any of the thousands of subdirectories -- as I said, Drupal steps in and takes over the 404 duties when the directory does not exist.

Is there some way to do the kind of denial I want, to pre-empt Drupal and the database connections? I do not control the server so htaccess may be my most powerful option.

(Otherwise, maybe I have to reconfigure Drupal in some way?)

SEO word salad pornography?

jepler — Thu, 18 Dec 2008 19:49:39 -0800

What in the world is going on with this website (subject of a recent askme)? Have a look at these google results: site:carolscookies.com inurl:locator. Is this an indication that the website's been hacked, or is this the kind of disgusting behavior that passes for SEO these days? I tried to google the site for nutrition information to answer the original question, but my query turned up all these pages. Rather than derail the original thread, I'm asking a fresh question.

They hacked our Joomla, help!

wile e — Thu, 04 Sep 2008 00:43:42 -0800

We've been hacked! We were just about to upgrade the Joomla version, and then we get this. Looks to be a ransom page, but we obviously want to reverse the hack. How do we do this? We can still access the administrative panel, but obviously our user/pass doesn't work. They were able to manipulate the hole in the older version 1.0.x (I forget the exact version it was, and can't check now) so can we do this as well? I don't want to publish the site name here, but if someone has valid reasons for requiring it, I can PM it.

Not sure what other info is relevant, but I will be watching all day so ask away.

Thanks.

Someone hacked my… something... somehow

studentbaker — Tue, 05 Aug 2008 11:05:14 -0800

What do you do when you think you've been hacked, but don't know how? This morning, when I tried to check my gmail with my iPhone, I got an error that the username/password combination was wrong. I was connected to my home network at the time. I re-entered the password in the iPhone settings and tried check it again. I got the error that the connection to the server “imap.gmail.com” failed. Feeling funny, I went to my Macbook and changed my gmail password in the google account settings.

At lunch, I checked gmail from my work PC and noticed a spam message that got through which I found strange since gmail has been very good lately at blocking spam. The spam was sent from my account. I know that it’s easy enough to spoof this, but I did check my sent mail and there it was. Someone sent the email from me, to me. The email subject was: “Anjelina Jolie Free Video”. The content was: “The password on archive anjelina”. There was an attachment: Angelina_Jolie.rar which I did not open. It was sent at 12:32 pm. I was definitely at my desk during that time.

I quickly changed my password again, and I made sure the new one was very strong. But, what now? Check my home and work machines for keystroke programs? Check to see if my home network has been hacked? How would I go about doing this, anyway? I feel like I need to change all my passwords now – bank, social networks, etc. – but what if they are watching me… Right Now!?!

Mr. All-knowing Super-hacker/psychologist Mefite, I need your help securing our IRC conversations...

Anonymous — Wed, 16 Jul 2008 23:47:24 -0800

Some really important info was leaked from our private IRC channel on our own server. Luckily, it was something that most people wouldn't believe without real proof, which the leaker didn't really have. So we're glad to have not been in a real shit-hit-the-fan situation yet. Can you find the weak link, or atleast offer suggestions on how to stop this from happening again? A little bit of info about our setup... We own our own dedicated server which runs a public IRCD (UnrealIRCD latest stable version if you're curious). On this network, we have our own invite-only private channel which only about 10-14 people have access to. The channel is +i and +k with a large enough key that cannot be bruteforced. On top of that, we use FiSH encryption (blowfish) inside the channel. The key for the channel is exchanged/given to others after initiating a PM session which is also blowfish encrypted after a Diffie-Hellman 1080 key-exchange. So we're pretty sure that our encryption key hasn't been sniffed at any point. Plus, even having the dedicated server rootkitted/trojanned wouldn't compromise our encrypted talk since it's only forwarding encrypted packets. All of us connect using one of the two clients - mirc and xchat.

The only way to get something from this channel that I can think of is either someone leaking the info by mistake or on purpose, or people with trojans or keyloggers. We're pretty sure none of us are infected after running multiple scans for rootkits, viruses/trojans and checking outgoing/incoming connections and processes. But it obviously cannot be ruled out since none of the tools are 100% trustworthy when it comes to detection. About someone leaking info from here, well, I'd like to think it's impossible. All of us have been a part of this channel for upwards of a year now, would trust each other, and have had access to a lot more important stuff than what was leaked. If someone wanted to make a profit off it, they could have done so quite a long time ago... Again, not ruling it out, but if there is another explanation for this leak, I'd put my faith in it being that one instead of the theory of a leaker.

The info was posted on a bunch of public forums. We're friends with the admins of all those public forums and had access to the poster's ip. Unfortunately, all of them were known TOR ips, so we cannot really find out who it was.

So, super-hacker mefites, find our weak link, and offer me suggestions on how I/we can make it even more secure. If you're a super psychologist (or is it psychiatrist?), you can even offer suggestions on how I could find the leaker by observing behavior patterns. Thanks!

anonymous throwaway mail for this question: mefitempmailacc@gmail.com

What happened with my cell phone Saturday night?

palegirl — Mon, 30 Jun 2008 14:05:33 -0800

Did someone hack my cell phone or somehow use my number? Do I need to worry about my phone being compromised or something? Someone left a voicemail for my friend and there's no outgoing call on my phone nor would anyone have had access to it (it was at my house, we were asleep.) When I checked my phone log, I found that a few minutes earlier I had a missed call from someone who does not have my number and denies having called me. Both of these calls happened just after 2:30am saturday night/sunday morning. Our entire social group was at a party Saturday night including the girl who got a message from me and the guy who I have a missed call from. My girlfriend and I went home around midnight. My phone was locked in our car while we were at the bar, and was in a semi-private room (although anyone could have access to it) while at the earlier event.

The girl's voicemail message says starts out "I'm calling you from [palegirl]'s phone..." and goes on to talk about how "I know you've never liked me but I don't know why!" drama-drama. It's a female voice that we can't identify, but they used nicknames and clearly are members of our social group.

The missed call I got is from my current girlfriend's ex-boyfriend. My girlfriend recognized his number when we were investigating the voicemail my friend got. He was at the party too. He and I aren't friends, and my gf and I don't even know if he knows the nature of our relationship. My girlfriend called him today and asked him if he called me and he denies it and she believes him.

We think someone is messing around with us. Is this possible?

It's a true fact that no one made a call from my phone to leave my friend that voicemail, but her phone shows my phone number as the received call, and the voicemailer explicitly says she's calling from my phone.

Do I need to change my number and or get a new phone or anything else?