Board/user anomilies
http://bb.bbboy.net/support-viewthread?forum=1&thread=3036
Powered By BbBoard - http://bb.bbboy.net

JimJ
17:07:40 Tue
Feb 25 2003
Board/user anomilies
Many problems associated with my user ID.
I have Cable. I have been user a different loggin name for the past several weeks to see if our anomilies stop. They have. I log in under my original name and they're back. I close down my Explorer at night and at approx 5:am PST somebody logs in/roams around under my name and is shutting off our donation link. There are only two people with Admin. status.
I know for a fact it isn't me. I am sleeping at the time it is occuring. My wife is sleeping at the time it is occuring. My 5yo is sleeping while it is occuring. The only thing running at the time is my computer. All windows are closed.
On the board our names are lised in two places. On the top of the board when I click it, it gives me an error 404. This is supposed to log me off. On the bottom of the board I click my name and it log's me off, when it is supposed to give me my bio. After I'm logged off I can go back into the site and click my name that is still present and then get my bio.
The first problem is really the big problem. Any suggestions? This has also occured when I have shut my system off for the night. It has stopped when I logged out and had cookies turned off.

JimJ
www.blue-oval-diesel.com
Admin.
pnoon is the other ADMIN on the board.


BbAdmin
20:49:11 Tue
Feb 25 2003
Re: Board/user anomilies
I remember this situation from pnoon's reporting this. The only thing I can think of is that somehow your system has been compromised because the log clearly showed your name doing the donation disabling. Do you run some form of internet security program? Or have a firewall? If not Jim I highly suggest you get something in place immediately because that is the only way if you're asleep and no one else in your home is using the computer-that is the only thing I can think of that could explain this repeated appearance of your username doing things you would not want done. If you have the program or one like it-PC anywhere, I would suggest you uninstall it and never use it again because that is one way 'hackers' can infiltrate your system. This is not something on our end I'm sorry to say, it just can not be a random action logged without a person behind the username performing the logged action-just not possible. Let us know if we can help you-but I suggest you look at your own system to find the culprit and doorway that someone is using to disrupt the Blue Oval board. :ohwell:

BbAdminMod
20:49:41 Tue
Feb 25 2003
Re: Board/user anomilies
Hi JimJ.

Taking the donation issue first, it was established in late January that it was indeed you that was disabling this feature - there are log entries that prove that and they all emanate from your IP#.

At the time we thought maybe you were doing it without realising it. However, in view of what you say about difficulties with your account, I'm wondering if there is some connection.

By the way, I can assure you that nobody else is accessing your account. Between the dates January 24th and February 25th, your account was not used at all and all actions logged under your username come from the same IP#.

From the symptoms you describe, I believe the problem is likely to be at your end - with either your browser or computer settings. If you could tell us what OS and browser you are using, that might help us pin down the problem. :smile:

BbAdminMod
21:01:16 Tue
Feb 25 2003
Re: Board/user anomilies
One thing you should defintely do is to delete any Best Boards cookie(s) on your system (they may have become corrupted). A new one will be generated as soon as you log in again. You will find these in the Windows/Temp/Cookies folder.

If you're not having any difficulties with the alternate username you've been using, it's just possible that the "JimJ" account has become corrupted. If that proves to be the case, it would be best to abandon it and use your other one permanently - you or pnoon can easily assign admin powers to it. :smile:

BbAdminMod
21:25:47 Tue
Feb 25 2003
Re: Board/user anomilies
Just re-reading your original post:

Quote:

On the board our names are lised in two places. On the top of the board when I click it, it gives me an error 404. This is supposed to log me off. On the bottom of the board I click my name and it log's me off, when it is supposed to give me my bio. After I'm logged off I can go back into the site and click my name that is still present and then get my bio.
The first problem is really the big problem. Any suggestions? This has also occured when I have shut my system off for the night. It has stopped when I logged out and had cookies turned off.


The top link where it says "Welcome, JimJ" is indeed the logout link - if you are getting a 404 error, that would tend to suggest that you don't have javascript enabled on your computer. Yet you say you have no problems with your other account. Have you perhaps changed some settings?

The name at the bottom of the board is actually a link to your profile in the "Who's Online" box - it would always be accessible, whether you were logged in or not.

If you are "turning cookies off", that might also contribute to the problem. Anyway, as suggested earlier, if you can tell us your OS and browser type and version, that might give us some clues. :smile:


pnoon
22:27:55 Tue
Feb 25 2003
Re: Board/user anomilies
I think I can shed some light on OS and Browser. I actually visited his house and looked at his computer. He is running Win 98 and is using I.E 6.0. He is on a cable modem. I do not beilieve he has any of the PC anywhere programs installed on his pc. We completely cleared all of his cookies and reset his web browser to default settings to include Java Script. JimJ will correct me if I am wrong, but I think this info is right. He had no issues with the other user id because I did not give him Admin rights on that account, therefor the disable link would not have been accessable to him under that user id. Next thing we can try is to grant admin under his other id and watch to see what happens.

Phil

BbAdmin
22:31:38 Tue
Feb 25 2003
Re: Board/user anomilies
That might be a good way to test this out pnoon. Do you know if he has any type of security system set up? Norton Internet Security, a firewall of some kind? If he does then I would think it would have caught any potential 'intruders' to his system. :wink:

BbAdminMod
00:05:48 Wed
Feb 26 2003
Re: Board/user anomilies
pnoon, since that "housekeeping" was done, has the donations box been disabled again? :smile:

JimJ, you mentioned this:

Quote:

I close down my Explorer at night and at approx 5:am PST somebody logs in/roams around under my name and is shutting off our donation link.


How do you know that it happens at that time?

I'm sure someone has already mentioned this to you, but just in case they didn't, you do realise that just clicking on the text that says "Disable" will do just that - it's not necessary to go into the Admin Center to disable it. Often people click a link and don't realise at the time that they did something by doing so. For instance, if you click on "Vis" it will change your status to "Anon" and vice versa. :smile:



TrueDreamBinder
00:08:35 Wed
Feb 26 2003
Re: Board/user anomilies
hmm this is a bit out of my league but if this is happening would it be possible for that person to insert packet sniffers in there? I'm hoping not.

Dark Magician Girl
00:13:25 Wed
Feb 26 2003
Re: Board/user anomilies
I don't know what a packet sniffer is-but if you're asking can someone stick in something on someone's system UNRELATED TO BBBOARD-I am referring to hacking a unprotected system, then yet-someone can stick backdoor crap and trojans you name it! That is why I was asking about Security programs. :wink: There is no way someone would or COULD do that here on a board and access someone's computer-just nto possible. BbAdminMod and BbBoy will attest to that-our security here is very tight. :lol:

**This is Pamster/BbAdmin in my Yugioh name**

TrueDreamBinder
00:24:47 Wed
Feb 26 2003
Re: Board/user anomilies
I wasn't asking about his board. I'm wondering if someone can get access to his computer (if I'm understanding the conversation correctly) if they can put a sniffer in there. I believe those can detect passwords of anything on the computer when used. ?? I think.

BbAdminMod
01:27:14 Wed
Feb 26 2003
Re: Board/user anomilies
JimJ, if you haven't got an antivirus program installed on your computer, then you should get one asap, as well as a firewall, for your own protection. There are some nasty viruses and trojans out there. Running those programs will find a trojan if there's one on your computer.

Having said that, I really doubt that a hacker has gained access to your computer, because as far as we know, all that has happened is that the donations box has been disabled. It would take a pretty odd sort of hacker to restrict his actions to something as minor (comparatively speaking) as that! :smile:



Dark Magician Girl
02:06:46 Wed
Feb 26 2003
Re: Board/user anomilies
Sorry TDB, I wanted to make sure anyone reading this after us knew what was and is not possible. :wink:

pnoon
14:23:51 Wed
Feb 26 2003
Re: Board/user anomilies
I do believe that JimJ is running Zone Alarm for a firewall and yes he does have Mcafee Antivirus installed...I also installed Ad Aware...this is a program that identifies snooper software on your system and then allows you to clean/rid your system of them. We have been trying everything to identify this problem on our own, then yesterday I ask JimJ to post it here. Again, I will have him use his alternate ID and see what happens with that. Thanks for all the input!!

Phil

pnoon
14:27:40 Wed
Feb 26 2003
Re: Board/user anomilies
One more thing....there was a question asked about if this was still happening after the houskeeping was done...the answer is yes.

Phil

BbAdmin
18:55:47 Wed
Feb 26 2003
Re: Board/user anomilies
Ok pnoon, we will look into this deeper for you and Jim. :smile:

BbAdminMod
19:49:46 Wed
Feb 26 2003
Re: Board/user anomilies
I think under the circumstances, it might be an idea to abandon the JimJ username and use the other one, at least temporarily. If that name operates (with admin powers) with no problems, then it will prove the original is somehow corrupt.

If, on the other hand, there are problems with the new name as well, that will point to problems on Jim's computer. :smile:

BbAdmin
20:14:01 Wed
Feb 26 2003
Re: Board/user anomilies
I agree BbAdminMod. I definitely think that using the new name for awhile and observing the days you're on and checking the log to see what happened if it happens again then reporting to us if this continues under the new name. :smile:

Guest [Unregistered]
18:39:25 Fri
Feb 28 2003
Re: Board/user anomilies
Aye Corrumba. Don't look in for a couple of days, and a plethera of activity. Thank-You Phil for keeping up on the activity in here. I would have to refer most of the tech issues to you anyway. For the most part to answer some of the question, If its broke I can't fix it. I have Phil stop by.
I have been pretty good about loging out while using my JimJ name, and it seems to be working. The odd thing about the hacker is it is typically happening at 05:00.
While using my new name it doesn't appear to happen at all. My new name doesn't have ADMIN authority though, so that isn't a big suprise.
Is there a way to make my login a cookieless log in each time without having to click on 'cookieless login'. I think this is the only board I have to click cookieless login to make sure I put in my password each time. Every other board has me click to place a cookie for login.

Thank-You,
JimJ

BbAdminMod
01:42:28 Sat
Mar 1 2003
Re: Board/user anomilies
Quote:

The odd thing about the hacker is it is typically happening at 05:00.


Two things, Jim:

(1) we are pretty sure it's not a "hacker" as it would be pretty strange behavior for him to just disable donations and not do any other mischief! :smile:

(2) How do you know the actions occurred at that time you mention? Sometimes times are recorded in the timezone of the server and sometimes in the timezone of the user.

It's been suggested that admin powers be given to your other name and that you abandon the current one, temporarily at least - I still think this is the best idea.

Quote:

Is there a way to make my login a cookieless log in each time without having to click on 'cookieless login'. I think this is the only board I have to click cookieless login to make sure I put in my password each time. Every other board has me click to place a cookie for login


"Cookieless login' is not recommended except in special circumstances - it will log you out any time you go to another board or even to your User CP. Whether you have to enter your password manually each time or whether it's entered automatically for you, is strictly a browser issue - not a cookie one.

Normally it's not necessary to log out at all - I never do, except if I need to test something with another username. It's perfectly safe to stay logged in, unless your computer could be accessed by someone else. In your case, as it's a home situation, it's OK.

There's another precaution you can take to make sure nobody else can log in with your username. You can check the box in the Security section of the User CP which says "Log me in only once". This means that if you are logged in, nobody, including you yourself, can log in as you from another location. :smile:





JimJ
07:31:59 Sat
Mar 1 2003
Re: Board/user anomilies
I'm gonna try this log in only once for a couple of days to see what happens.

The time is the recorded time of the occurence. I am assuming it is 05:00, since it is the time listed in the history. Once again it is an Assumption.

It does seem strange that is the only thing that a hacker would do. I can't explain any other circumstance. Phil noticed it and asked if I'd clicked it off. I told him if I did it was completely unintentional if I did. He reset it, and it hapened again the next morning. He told me the time it happened, and I was sleeping at the posting time in the history. A couple of times Phil had reset the donation and I hadn't been to the site and it had been toggled off. I believe one of the times I was away for the weekend. Kinda hard to dink around with the site with no access where I was at. I could only assume it was a hacker of some sort.

Most of my problems started after I made a mistake on a website name. I had to shut off my computer due to the agressive nature of the site. Problems started after that. Heres a hint to all, If it is an Organization like a Library, don't type in .com after the name use .org.

Thank-You,
JimJ

BbAdminMod
08:16:23 Sat
Mar 1 2003
Re: Board/user anomilies

Quote:

The time is the recorded time of the occurence. I am assuming it is 05:00, since it is the time listed in the history. Once again it is an Assumption


Actually, disabling the donations is not listed in the board logs, only in the server log. So there's no way you or anyone else could have known exactly what time(s) these actions occurred. :smile:

Quote:

I told him if I did it was completely unintentional if I did.


Is it at all possible that you did? It doesn't require you to go to the Admin Center, only that you click your mouse on the link that says "disable". The "anon" and "vis" links work the same way and you could easily "toggle" them without realising it. :smile:

I think it's extremely unlikely (though not completely impossible) that visiting a website, would cause your computer system to be compromised. I can assure you that you'd have lots more symptoms and problems than the one we're talking about here.

Anyway, let's try the suggestions I've outlined in my last post - give your other username admin powers and start using that one instead of your current one. Once you've done that, remove the admin powers from the JimJ name as a precaution. If all goes well with the new name, then that will be a satisfactory outcome. :smile:

JimJ
23:09:40 Sat
Mar 1 2003
Re: Board/user anomilies
I'm gonna try that now. It has been toggled off again. Like I mentioned before, it MIGHT have been possible once, but I made sure it was still active when I shut down for the night. There were times I was gone for the weekend playing weekend warrior, so I couldn't do it. Family not on while I was gone. I will modify my new name and deactivate the old one.
The only one person logon at a time didn't help.

JimJ

junglegirljlt
17:48:30 Sun
Mar 2 2003
Re: Board/user anomilies
FYI...I know for a fact that you can get a virus from going to a website, because it happened to me once ( and it wasn't already on my computer, because my computer checks for viruses at startup )...I have avg anitvirus, and I went to a website (about a movie star) and my whole screen went red and said that there was a virus, needless to say, it scared the you know what out of me!
I also can't use a firewall if I use IE6, I can't an error when I go to pages...I now use the Avant Browser (to avoid pop ups)...going to get me a new firewall right now! Thanks for the advice!

Thunderpants
17:57:57 Sun
Mar 2 2003
Re: Board/user anomilies
I`ve had that happen too Junglegirljlt, my comp just went blank and I had to get a new one as the damage was too bad, nothing could be retrieved.

junglegirljlt
18:09:25 Sun
Mar 2 2003
Re: Board/user anomilies
It's too weird, isn't it? freaked me out to say the least....

Thunderpants
20:28:54 Sun
Mar 2 2003
Re: Board/user anomilies
LOl how do you think I felt, my comp never recovered!

it`s bad that you go to a site and just get hit like that, I know who did what was done, they were from ******, should I say that? but it wasn`t an ****** site that it was on.

junglegirljlt
20:36:07 Sun
Mar 2 2003
Re: Board/user anomilies
Mine wasn't either, strange thing is that I was on google looking for something about a certain actor and I click on what sites google found and lo and behold...big red screen!

BbAdminMod
03:34:54 Mon
Mar 3 2003
Re: Board/user anomilies
You've mentioned viruses, and you can get some quite nasty ones from webpages, but what we're talking about here is a trojan, whereby a hacker is actually able to access the computer as if he were actually sitting in front of it. Trojans normally come via email. :smile:

I would hazard a guess, Thunderpants, that your problem might have been unrelated to viewing the website, but simply coincidental - it's more likely that you had a hardware failure. :smile:

junglegirljlt
04:05:19 Mon
Mar 3 2003
Re: Board/user anomilies
nasty trojans...

Thunderpants
09:46:18 Mon
Mar 3 2003
Re: Board/user anomilies
well all I can say is there are lots of explanations until you look at the goods.
I know what happened, but thanks for the input.

DarknessDivine
22:03:10 Mon
Mar 3 2003
Re: Board/user anomilies

Thought this info might help.I find it helpful at times..Hope it helps some JimJ :smile:

How often you will detect scans depends upon your connection type and how long you are connected.


cable-modemsScanned/attacked several times per day. It depends upon the cable-modem segment you are on, but some people are getting attacked as much as 20 times per day. We believe scans are so common because hackers know that virtually all cable-modems are in the range 24.x.x.x. We suspect that those in the low range of 24.1.x.x receive more than those in higher ranges (i.e. 24.94.x.x).
DSL modems
Varies widely, some are only about once per week, others receive a couple per day. We suspect that some DSL ranges are better known among hackers, and therefore get attacked more.
Dial-up modems
This varies widely, though you should see a scan against your system about once per month. It depends upon how often you are online, and what ISP you use. Since some hackers "camp" on IP addresses (waiting for people to dial-up), you are most likely to be scanned within a few minutes after you connect to the Internet.

The traditional hacker technique is to post Trojan Horse programs on the Internet in newsgroups, on websites, or within e-mail spam. The hackers then run 'bots (robots) that scan huge portions of the Internet in order to see who has been infected with their programs.

Since any individual scanner is probing millions of potential victims, the likelihood is that the average user will get scanned every so often. However, most hackers want to compromise machines with fast, 24-hour connections like cable modems and DSL. Therefore, they target well-known address ranges, like 24.x.x.x, that support these high speed connections.

The most common TCP-based trojan horses detected by the intrusion-detection engine are listed below.
TCP port Trojan horse name
555 Phase Zero
1243 Sub 7
6969 GateCrasher
12345 Netbus (default port)
21544 GirlFriend
, 23456 EvilFtp
, 30100 NetSphere
54320 Back Orifice 2000 (default port)

BbAdminMod
05:31:45 Tue
Mar 4 2003
Re: Board/user anomilies
Thanks for posting that info, DD. :smile:

Just so that people don't get the wrong idea about scans - they in themselves are harmless - it's only if you have a Trojan on your computer that you have to worry, as a scan will detect its presence and then you're in trouble!

To protect yourself, do the following:
  • If you haven't got one, purchase an anti-virus program - do it today!
  • Either get the firewall accessory that's put out by your anti-virus program provider or get Zone Alarm (which is free for a personal, no frills version)
  • Never open an email attachment unless you are 100% certain it's from someone you know and you are expecting it.
  • Don't download freeware or shareware programs from the Net, unless you are 100% certain they are reputable - i.e. recommended by someone you trust
  • Don't allow strangers (or the neighbor's kids) to play with your computer - some people have strange ideas about what is fun!
  • If the website you've landed on looks at all suspicious, close the browser window immediately and run a virus check at once.
A simple website can't hurt you, but an executable on it can - java applet, javascript, etc.

If you follow the above guidelines and exercise normal, sensible care, you should be safe enough. Be advised that Hotmail is vulnerable to hacking (and probably MSN too, as they come from the same stable). It's far safer really to use your ISP's email account facility. If you travel a lot, fair enough - Hotmail is great. However most ISP's allow you to have some form of redirect if you are going overseas and will be staying in one place.

DarknessDivine
14:29:47 Tue
Mar 4 2003
Re: Board/user anomilies
Yes scans are simply done for the hacker to see which if any ports are open so they can intrude your system. Tipically they ping you to see if you have any service on your system that will respond to the ping but the first stage of any attack is "reconnaissance": scanning the victims looking for ways into their systems.
As stated above the "only" way to protect your PC is to get a firewall, a good one at that. If you don't want to purchase one then ZoneAlarm would be your best bet but I would recommend purchaseing a good one. They can be as cheap as $19.99 and have more features then the free versions. Never run any .exe or open attachments that are executable. Keep in mind also that even if you know the person they are coming from that that person may not know they have a virus and could be passing it to you. So use a firewall and a virus protection. And yes Hotmail and MSN are availabe for hackers, they love it actually..the messanger can also be used against you in MSN.
Not to panic anyone..just thought it might help with any questions to the whole hacking ideas that came up earlier.
Thanks,
DD

junglegirljlt
02:28:11 Wed
Mar 5 2003
Re: Board/user anomilies
can a firewall be used with Internet Explorer? Mine never did, nor will it work with the Avant Browser...

Thunderpants
12:14:42 Wed
Mar 5 2003
Re: Board/user anomilies
I have IE JG it works just fine :wink:

DarknessDivine
15:32:24 Wed
Mar 5 2003
Re: Board/user anomilies
Yes..I have IE and a great Firewall! They work fine 2gether. :wink:

junglegirljlt
23:36:16 Wed
Mar 5 2003
Re: Board/user anomilies
I always get page not found when I have my firewall up....

MelissaA
00:17:58 Thu
Mar 6 2003
Re: Board/user anomilies
I know with our firewall if you have it on the highest setting we will get that - you can't see any pages. We had to lower it to more of a medium level if that makes sense to be able to still access what we were after.

junglegirljlt
02:27:54 Thu
Mar 6 2003
Re: Board/user anomilies
why, thank you! I'll have to check and see what setting I have it on....

DarknessDivine
02:32:37 Thu
Mar 6 2003
Re: Board/user anomilies
Oh yeah..and if it's set waaaaaaay high then sometimes you get kicked off line when your ISP makes contact with your firewall...Had that happen b4.



Board/user anomilies
http://bb.bbboy.net/support-viewthread?forum=1&thread=3036
Powered By BbBoard - http://bb.bbboy.net