Any user of the VKontakte social network may sooner or later encounter such a problem as hacking of personal data. In this case, the user himself completely or partially loses control over the page: spam is sent to friends on his behalf, provocative or any other third-party information is posted on the wall, etc. That is why it is important to know in advance how to understand that you have been hacked on VK in order to respond to the situation in a timely manner.
Characteristic signs of hacking in VK
There are a number characteristic features, with which you can understand that:
- The status “Online” is displayed on the page at the very time when you are not online. You can record this moment with the help of friends who, at your request, will monitor the activity on your page;
- friends begin to receive spam or mailings supposedly from you that you did not actually send;
- new, unread messages, highlighted in bold, become read;
- You can understand that a VK page has been hacked, as in other social networks, from the settings, see the instructions below;
- I can't sign in using my own password.
Let's take a step-by-step look at how to find out that you have been hacked on VK using the “Settings” menu:
Even if you find out that your VKontakte page has been hacked, like other social networks, you will need to immediately change your password to a more complex one and take a number of other measures to protect your profile.
What to do if you are hacked
If you realize that you have lost control over your VK personal information, you must:
Reliable protection against hacking is provided by the “Login Confirmation” function. This means that each time you log in, you will need to enter a one-time code that is sent to your phone or other connected device. Read more about how to protect your page from hacking different ways, can be found in a separate article.
The first thing that might make you think about a possible hack is sudden debits of funds that you have nothing to do with. This is a clear sign that fraudsters may have gained access to your card information or have “hijacked” the account of one of the payment services you use.
If your funds balance is always at hand, you will notice suspicious activity quickly. If you rarely check your account and you don’t even have alerts via SMS or email enabled, it’s time to do it.
Messages with codes to confirm purchases that you, of course, did not make, should not be ignored under any circumstances. Regardless of whether you know the sender or not, you must immediately contact the bank.
2. Slowdown of the device
A malware that has infiltrated your computer or smartphone can require a lot of computing power. Therefore, if you notice a decrease in performance that is significant, unexpected and long-term, you must immediately scan your device for viruses and limit any network activity for this period. If no threats were detected, perhaps the reason for the slowdown is .
3. Disabling or interrupting the operation of security programs
If malware has found its way into a system and has taken up residence, it is possible that it will try to close or isolate all security measures that are dangerous to it. A reason to sound the alarm is an involuntary shutdown or inability to start an on-demand computer scan. Constant updating will allow you to avoid this situation. antivirus databases and download applications only from trusted sources.
If your device’s protection has missed at least one piece of malware, there may soon be significantly more of them. A threat that has taken root on a PC can initiate the download of additional attacker tools, which can be represented by both additional software and browser extensions.
You can check which software is active when the computer is running using the “Task Manager” on Windows (call it with the key combination Ctrl + Alt + Del) and “System Monitor” on macOS (found in the “Utilities” or “Programs” list). In the browser you are using, you need to open the list of all extensions and similarly check what is installed and what runs automatically.
5. Increase the number of pop-ups
Through the browser and some other applications, malware can bombard you with pop-ups asking you to scan your computer or check your account details. These windows often look quite authentic and do not arouse suspicion, but if they begin to appear much more often than before, then this is a reason to think about it.
Now modern browsers and operating systems in general do an excellent job of dealing with annoying pop-ups, but there is still a possibility that the initiator of displaying the next window or banner is malware that has made its way onto the PC.
Malicious software may well change system settings. The classic example is change home page your browser or search engine. If you see a completely new and at the same time rather dubious page when loading the same Chrome or Firefox, you should, of course, not follow the links on it.
Particular attention should be paid to requests to change system settings and granting permissions to new programs. The latter is very relevant in the case of smartphones, where seemingly elementary applications can require a whole list of rights to access the bowels of the gadget.
7. Uncontrolled device activity
If it sometimes seems to you that your computer or smartphone lives its own life, then it is likely that someone is controlling it remotely. This is done through a backdoor application that you may have downloaded along with recently downloaded content.
Such remote access can be tracked by the device’s involuntary exit from sleep mode or sudden activity hard drive when the PC is idle and even during spontaneous movement of the mouse cursor. Fortunately, such blatant hacks are extremely rare these days, especially if you use exclusively licensed software.
In addition to activity within the system, the malware can cause a sudden shutdown or reboot of the device. This may well indicate partial control over the PC and attempts to destabilize the system.
You should panic here only when such outages have become more frequent and there were no prerequisites for this: you do not overload your PC with demanding games and control the heating. In such cases, it is again worth checking the active processes in the “Task Manager” and especially autorun.
9. Sending messages without your knowledge
If they gain access to your mail, attackers will try to spread their tentacles as far as possible. Sending spam on your behalf is the first thing you should pay attention to. Check not only your new mail every day, but also your sent emails folder. If you notice something suspicious, hurry to change it from of this account, and it’s better to do this through another device.
10. Suspicious online activity
You can become a source of spam not only in mail, but also on social networks. Moreover, attackers usually do not limit themselves to just sending messages. If this is, for example, Twitter, a mass of new subscriptions and comments under other people’s posts can indicate that your account has been hacked. And the trouble is that all this can only be discovered after some time, when your account has already been used to the maximum.
You can protect yourself from this only through vigilance, that is, periodically checking the main actions in each specific network. If you find dubious messages and comments that you could not leave even while drunk, be sure to change your password using another device.
11. Denial of access to your accounts
If, when authorizing in one of the services, your standard password suddenly didn’t work, it’s likely that the attackers, having gained access to the account, managed to change it. In the case of a large service or social network, there is no need to panic. You can use the form for recovering and changing your password via email or directly contacting technical support.
To increase the level of security for all your accounts and social networks, nessesary to use .
Bottom line
Even if you think that the danger has passed and your account data has not been affected, it is certainly worth playing it safe. Let us remind you once again that it always makes sense to periodically update your account passwords, especially if the same password is used in several services.
If any of your online accounts have been hacked, immediately report it to technical support. Even if you easily restored access, it’s still worth doing this, because you don’t know where the “hijacked” account was used.
On your PC, be sure to install a reliable antivirus with the latest databases, or at least systematically check the system with lightweight portable options. If for some reason you cannot install or run such software on an infected computer, you need to download the program through another device and then try to copy it.
It is possible that a system reset may be necessary for a complete recovery. In this case, you need to take care of the data that is important to you. Fortunately, it can now be done on any device, regardless of the OS.
What are the signs that my computer has been hacked via the network?
More signs of computer hacking.
You can notice it by indirect signs, such as an increase in traffic, HDD activity, processor load, etc. For ordinary users There is a danger: a script embedded in an attacker’s website or a website hacked by him can, using the same vulnerability, download a Trojan to the computer and launch it. The goal, as a rule, is to add a computer to the botnet. Prevention measures: do not sit under an admin account, do not climb dubious sites, regularly update your browser and system, keep your anti-virus monitor turned on. A radical remedy is to disable scripts, for example using a browser plugin (add-on) - noscript. I use it when I follow dubious links, although ideally I should set up a white list of sites in it and block all scripts on the rest.
Signs of a break-in computer system.
As a rule, a network attack or signs of hacking of a computer system can be detected with the naked eye. Events occurring on your computer will subtly warn you about this.
The appearance of various kinds of error messages can be found in event logs or in the operating system logs. One should be especially wary of unexpected changes in various system files or even their absence. It is also important to look at the state of various services that are running on the computer, as well as the logs of these services themselves.
Changing various system files and the registry. Here you need to first of all pay attention to the presence of suspicious processes running on the computer.
Unusual behavior computer system - unusual system overloads and even shutdowns, such actions are typical when a cracker has made changes to the system and is trying to make them take effect.
State file system- review carefully HDD for the presence of new files and folders, especially in system folders (Windows), this usually indicates the installation of Trojan programs, remote administration programs...
Changing user accounts - the appearance of new users in the system or the assignment of special rights to users with administrative rights. You should also pay attention to your inability to register in the system.
Can my home computer be hacked?
Unfortunately, this is quite possible and quite simple. Every time you join a provider, you take a risk. In the previous question you can find out how this happens. Naturally, the risk is higher if the connection is permanent (for example, a cable modem), and lower when the connections are short-lived (as usually happens with a modem connection).
The real danger is if an uninvited guest can log into the system using any account he can pick up (or find out) - and gain “root” rights. This is usually possible if you're really a newbie administrator and/or your machine isn't really security oriented (you're at home, right - why worry about security!).
To protect yourself, you should not allow strangers to break into your computer. Use long and complex passwords for ALL accounts on your computer. Change your passwords regularly. To force the correct password policy on all users on your computer, run (as “root”, for example in RH6.0) linuxconf and under “password and account policies” change the minimum password length to 6 or more characters, the minimum number of non-alphabetic characters to 1 or 2, the number of days after which the password must be changed to something like 90 or less, and set the password aging warning to 7 days before aging. For other information about passwords, see here (FAQ2.htm#pass_security). Absolutely NEVER create accounts without a password or with weak passwords. Don't run your computer as “root” - if you run a program with security holes as “root”, someone may find an opportunity to hack your computer. Older Linux distributions had known security holes, so use newer versions, especially if your computer could be used by untrustworthy people, or if your computer performs server functions (such as ftp or http server).
It's also a good idea to regularly review all the files that record all user logins: /var/log/secure (most recent log) /var/log/secure.1 (older) /var/log/secure .2 (even older), etc. Also /var/log is useful. Check them from time to time. The most common “warnings” relate to port scanning on your computer - repeated attempts to log in from some IP address to your telnet, ftp, finger or other port. This means that someone wants to know more about your computer.
If you are not using a remote connection to your machine, it is a great idea to restrict the rights to use “server-side” network services (all network services are listed in the /etc/inetd.conf file) to your machines home network. Access is controlled by two files: /etc/hosts.allow and /etc/hosts.deny. These access control files work as follows. When someone from outside requests a connection, the /etc/host.allow file is scanned first and if one of the names contained in it and the name of the computer requesting the connection match, access is allowed (regardless of the contents of the /etc/host.deny file). Otherwise, the /etc/host.deny file is scanned, and if the name of the machine from which the connection is being requested matches one of the names in the file, the connection is closed. If no matches are found, permission is granted.
B. Staehle (Linux Modem Guru) advised me not to install network services at all. “If your network services are not installed correctly, your computer can be hijacked by any script writer. Beginners _SHOULD NOT_ allow services (ftp, telnet, www) to the outside world. If you "must" install them, make sure you only allow access from machines you can control.
The /etc/hosts.deny file should contain
ALL: ALL
and /etc/hosts.allow should contain
ALL: 127.0.0.1
to allow login only from this computer. Do not use names (only IP addresses)!“.
Indeed, my /etc/host.deny, as advised, contains (ALL: ALL), but my /etc/hosts.allow contains two more computers with full access, and another one for telent and ftp logins :( IP addresses are fictitious):
ALL: 127.0.0.1, 100.200.0.255, 100.200.69.1
in.telnetd, in.ftpd: 100.200.0.2
In the above examples, “ALL: ALL” means “ALL services, ALL computers,” that is, “a connection from all computers to all network services” coming from “any computer.”
For more information, see the excellent “Linux Network Administrator Guide,” which, of course, comes with your distribution. For example, I even printed out this book.
To check which network services on your computer are accessible from the outside world, you can use special WEB tools.
For security reasons, it would be a good idea not to advertise operating system and the version you are using. I changed the contents of the /etc/issue and /etc/issue.net files, which on my computer looked like this:
Red Hat Linux release 6.2 (Zoot)
Kernel 2.2.14-5.0 on an i586
To something like:
WARNING: THIS IS A PRIVATE NETWORK
UNAUTHORIZED USE IS PROHIBITED AND ALL ACTIVITIES ARE LOGGED
IBM S/390 LINUX
This joke may slightly (slightly) increase (I hope) the security of my system.
I change the contents of the /etc/issue and /etc/issue.net files on every boot (when /etc/rc.local is executed). To make the changes permanent, I can make these files read-only for all users by running (as “root”):
chmod a=r /etc/issue*
Instead of the last command, I could edit (as “root”) the /etc/rc.d/rc.local batch file and comment out the 5 lines using ### so that the significant part contains:
# This rewrites /etc/issue on every boot. Making a few changes
# necessary so as not to lose /etc/issue on reboot
### echo “” > /etc/issue
### echo “$R” >> /etc/issue
### echo “Kernel $(uname -r) on $a $SMP$(uname -m)” >> /etc/issue
### cp -f /etc/issue /etc/issue.net
### echo >> /etc/issue
Another good security measure is to turn off ping. Ping is a system that responds to a request sent from another computer. It is very useful during installation and debugging network connections to check that your machine is accessible over the network. It can also be used to probe and/or attack it with overloading ping requests (“ping of death”). To block ping requests from the network, I use IP masquerading. I have taken, slightly modified, the following commands, along with explanations from
Ipchains -A input -p icmp -icmp-type echo-request -i ppp0 -j REJECT -l
(1) (2) (3) (4) (5) (6) (7)
Explanation of ipchains flags: 1. Add a new rule.
2. Specify the scope of the rule; in this case, the rule will be applied to incoming packets.
3. The protocol to which the rule will apply. In this case - icmp.
4. ICMP type, in this case the icmp echo response to the request will be blocked. “Echo reply (ICMP echo)” means ping.
5. Interface name. In this case it is the first telephone connection, ppp0.
6. The purpose is what we will do with the request packets.
7. Mark all packages according to some criteria in the system log file.
IP masquerade is described in more detail in the Masquerading chapter of this guide.
Other precautions. I check from time to time to make sure that someone hasn't installed a “root kit” on my system. I use “chkrootkit” (very small, 25k, downloaded from ).
After downloading:
su
cd /usr/local
tar xvzf /home/my_name/chkrootkit.tar.gz
cd /usr/local/chkro
make
./chrootkit
Last command is designed to search for “root kit” on my system. “Rootkit” are programs that leave a backdoor for anyone who has once acquired “root” rights, installed for the purposes of listening, browsing, protecting their access, etc.
Today, hacker attacks are on everyone's lips and everyone is worried about the security of their data. To prevent theft of passwords and other important information, you should pay attention to any changes in your computer.
We suggest checking the checklist of signs that your computer has been hacked. And if your fears are confirmed, we will tell you what to do.
1. Antivirus is disabled
If you haven't disabled it yourself antivirus program, but noticed that it was turned off, this is a sure sign that the computer has been hacked. It cannot turn off on its own. The first thing hackers do is get rid of your antivirus to make it easier to access your files.
2. Passwords don't work
If you haven't changed your passwords, but they suddenly stop working and you can't log into your Accounts, it’s time to be wary - most likely, the computer has been hacked.
3. The number of friends has increased sharply
4. New icons on the toolbar
When you open your browser and notice new icons in the toolbar, this may indicate that malicious code has infiltrated.
5. The cursor moves on its own
If you notice the mouse cursor moving on its own and highlighting something, this is a sure sign of a hack.
6. Unusual printer behavior
Signs of hacking affect not only the computer itself, but can also appear when working with the printer. For example, when it refuses to print or prints files that you did not send for printing.
7. Redirection to other sites
If your browser keeps redirecting you to other sites, it's time to be wary. Same thing if you enter search query, but no results appear Google search or Yandex, and other pages. The frequent appearance of pop-up windows also indicates hacking.
8. Files were deleted without your participation
If you notice that some programs and files have been moved to the trash bin or deleted completely, but you did not do this, there is no doubt that your computer has been hacked.
9. There is your personal information on the Internet that you have not disclosed.
Check this with a search engine: look for information about yourself that you definitely haven’t disclosed online. If you were able to find it, it means your computer was hacked to steal information.
10. Fake antivirus messages
If windows pop up on your computer warning of a virus infection, but they look different than usual, this is a sign of hacking. You should also be wary if a new antivirus appears on your computer.
If your computer takes too long to perform the simplest operations, and your Internet connection noticeably slows down, this may also be a sign of hacking.
What to do:
- Warn your friends and recipients Email that you have been hacked. Tell them not to open messages from you or click on any links in them.
- Notify your bank about a possible breach of your personal data. Find out from them how to protect your funds.
- Remove all programs that are unfamiliar to you, as well as those that will not start.
- Install reliable antivirus and scan the system. Some companies release free versions.
- Change passwords on all your accounts.
- If you feel that the problem has not been solved, contact a specialist.
Hackers are either good or bad. The latter must be protected from. If you think your computer has been hacked, take immediate action. Hackers can get into your computer in numerous ways, but you need to learn how to spot the signs of a hack.
Steps
Part 1 of 2: Signs of a break-in
Unusual computer behavior. If a computer is “acting strange,” this may indicate its age, or a failed component, or a hack:
- Programs and files will not launch or open.
- Files that you did not delete are placed in the trash bin (or deleted altogether).
- Passwords don't work.
- Programs that you did not install end up installed on your computer.
- The computer connects to the Internet in your absence.
- Changes have been made to files without your knowledge.
- The printer refuses to print or prints something you did not send to print.
Connect to the Internet. Here are possible signs that your computer has been hacked:
- You can't log into your accounts because the passwords don't work (check them on several sites). Have you responded to phishing emails (fraudulent emails asking for personal information and/or password)?
- The browser redirects you to other sites.
- Additional browser windows open (without your participation).
- After paying for the domain name you purchased, you cannot access it.
Here are possible signs that your computer is infected with malware:
- False messages about the presence of a virus. If you do not have an antivirus, such messages will appear regularly. If you have an antivirus, be sure to find out what your antivirus's message windows look like (to distinguish them from fake ones). Do not click buttons in fake windows and do not provide any financial information (most importantly, do not panic after a message appears about the presence of a virus).
- Toolbars unknown to you have appeared in the browser. (The browser only has one toolbar.)
- Pop-up windows open.
- Your antivirus and other security programs refuse to work or are completely disabled. Task Manager and/or Registry Editor do not open.
- Your email is sending emails without your knowledge.
- Money disappears from your bank account, or you receive bills for purchases you didn't make.
If you do not control the operation of your computer, then most likely it has been hacked. For example, if the mouse cursor moves across the screen without your participation, then someone has received remote access to your computer. (If you've ever worked remotely on any computer, then you know what we're talking about).
- Search the Internet for your personal information that you have not disclosed. (Do this regularly.) If you easily found it through a search engine, then the information was stolen by hacking your computer.
Part 2 of 2: What to do
Disconnect from the Internet immediately. Thus, you will interrupt the hacker's connection with your computer.
- To reliably turn off the Internet, it is best to unplug your modem from the power outlet.
- Print or save this article to your computer so you can access it when you are offline.
Restart your computer and boot into safe mode(check your computer's manual if you're not sure what to do).
Look for "unknown" programs (that is, programs installed without your intervention) or programs that won't start. If you find such programs, remove them. If you don't know how to do this, seek help from a professional.
Scan your system with a reliable antivirus, such as Avast Home Edition, AVG Free Edition, Avira AntiVir. If you don't know how to do this, seek help from a professional.
If the above steps do not lead to positive results, please make a backup important files, restore the system and update it.
Warn your bank and any other organization about possible problems with leakage of personal information. Ask them for advice on your next steps to protect your funds.
Warn people on your email list that they may receive malicious emails from your address. Ask them not to open such emails or click on links in these emails.
- Store backups important files (for example, family photos, documents) on an encrypted USB drive.
- The best way to prevent a hack is to prepare for it in advance.
- When you are not working on your computer, disconnect it from the Internet.
- To restore your system to the point before the hack, use System Restore.
- Regularly back up your files and your entire system.
Warnings
- If none of the programs start, and just a picture is displayed on the screen, then you need to reinstall the system (or restore it, unless the hacker got to the system recovery files).
- Your computer can be used to attack other computers/networks and commit illegal activities (without your knowledge, of course).
- If you don't check your computer for possible hacking, you'll end up having to reinstall the operating system or buy a new computer.