[SLK]

Quote:

Originally Posted by sandeepmdas

SLK, I am not trying to "downgrade" your skills. It is a 99%-chance-case that someone has hacked into your account.

Hey absolutely... I am appreciate all suggestions.

Quote:

Originally Posted by sandeepmdas

Instead of looking at yahoo for answers I think you should take a look into your actions like:
- when was the last time you logged into your account?

say maybe 15 days back.
it wasn't my regular email a/c .. more of a ymsgr account.

Quote:

Originally Posted by sandeepmdas

- and from which PC?

There can be just 2... my home desktop or official laptop.

Quote:

Originally Posted by sandeepmdas

- you did a simulataneous login (both YM and yahoo mail)?

Yes, I think so...

Quote:

Originally Posted by sandeepmdas

- which browser you used?

IE 6 SP1 or Firefox

Quote:

Originally Posted by sandeepmdas

Chances this could be a work of some little SW that logged your keystrokes straight to home- Argentina in this case. If this happens again, you need to format ur PC.

I quite sure thats not the case... b'coz
I don't type the password since its saved in the messenger.

Quote:

Originally Posted by sandeepmdas

Before that, download and install some tool that can resolve all request/ response from/to your PC. Then launch your default browser and go to yahoo mail. type some crappy UID and password. look at the tool's log for any anomaly. Try with YM too.

You mean a protocol analyser?... I can try that.. i have such things in my PC always.


The interesting part is that why my yahoo!... I use gmail all the time and do login by typing the password. I have a hotmail which noone hacks!!

and the BEST PART.... all my bank accounts had the same password as my yahoo account as the password was fairly strong... why would someone not hack that.

Thats why I suspect either its that someone broke in through my secret answer... or yahoo has a security flaw somewhere.

[wolfinstein]

@ SLK , IP address can be changed or bypassed at random, For example if you log onto the internet using Reliance Phone Wireless- The IP is routed to a Mumbai based exchange and Delhi does not figure in the code. Many trackers now log IP, but its still not 100 % accurate.
I suggest clean the account once yahoo reverts back and make sure you also change the password question.
Get yourself McAfee Enterprise Edition Virus Scan / Zone Alarm Fire wall / Ad-ware SE to remove spyware and ad's..If you're using Limewire or Arez...change it de-install them and go for Utorrent torrent based clients..!

[SLK]

Quote:

Originally Posted by wolfinstein

@ SLK , IP address can be changed or bypassed at random, For example if you log onto the internet using Reliance Phone Wireless- The IP is routed to a Mumbai based exchange and Delhi does not figure in the code. Many trackers now log IP, but its still not 100 % accurate.

Agreed... .. if u are able to use an anoynomus SOCKS proxy you can bypass all IP trackers.
And there are sites on the net providing you with lists of such proxies.

But my point is... Argentina means a sure-shot hack ... as it couldn't have automatically routed through argentina

Quote:

Originally Posted by wolfinstein

I suggest clean the account once yahoo reverts back and make sure you also change the password question.
Get yourself McAfee Enterprise Edition Virus Scan / Zone Alarm Fire wall / Ad-ware SE to remove spyware and ad's..If you're using Limewire or Arez...change it de-install them and go for Utorrent torrent based clients..!

Yup, I'll change to 18-20 character passwords from now on.
I have Symantec Corp edition .... Zone alarm.... and utorrent...

I do very seriously configure zone alarm......

[SLK]

MAN... what is this happening!!
I am under attack...
someone was started a dictionary attack on my PC... at the ftp server.
User name he chose to attack... administrator
LOL.. there is no such user!

attacker's IP: 210.217.95.19
guess what !!... IP address this time belongs to Korea!

[Surprise]

Yup, I too lost my password for hotmail account.

Quote:

Originally Posted by condor

If it was within India, you could have got help from the cyber crime branch police to try get back to your account by finding who did it.

Request you to let me know how that's possible

[shuvc]

Same thing happened to me.
Account got locked out 4/5 years back. However I could reset the password and receive it at my alternate id. I repeated this process at least 25 times over those years. It seemed that the hacker had broken my secret answer and changed it.
Everything else in the account was untouched - profile et al.

I corresponded with Yahoo to change my Question. They were very rigid - even though I was sending the mail from that very account !! They said, without the correct existing answer they would not change. Maddening.

Then late last year, I guess the hacker thought enuff is enuff - this time the alternate email id seems to have been changed. I am completely locked out now.

My second and currently only Yahoo account has thankfully been untouched till date.

[Jaggu]

lot of people in my company lost yahoo account, most of them received links with photo sharing on chat, from known people and when they submitted the password for login in, the account was hacked.. so make sure ur getting the message from right peroson before submitting any details, and always better to warn the people in ur address list to be vary about ur hacked account

[SLK]

This is how it ends finally... brainless drones .. these customer care guys.

Quote:

Hello *****,

Thank you for writing to Yahoo! Account Services.

Account security and privacy is an important concern of Yahoo!. One of the ways we protect accounts from unauthorized access is by denying account assistance to individuals who contact us but are unable to match the information that was entered during the registration process.

To date, our Yahoo! Account Security team has been unable to match the secret answer that you have provided when this account was created. We apologize for the inconvenience, but we must match each verification item before updating your account or providing additional login assistance.

Thank you again for contacting Yahoo! Customer Care.

Regards,

Joseph

This time my reply went a little too harsh to the drones....

[binz]

User name he chose to attack... administrator
LOL.. there is no such user!

HEy Slk,
there is an administrator account on every pc.Even if the only user account that shows on your screen is...say...slk,the admin account still exists on any windows based pc.So if someone tries to attack your admin account,pls take it very seriously...you might lose really sensitive info...

binz

[ECM]

Just would like to ask some queries if you dont mind on the issue of your PC security.
*When you opened any attachments in yr email?That email must have come via a fake id to your inbox and that fake id must be of your friend or those who are in the address book.
*Has the zip code changed by the hacker for your account?
*No one can change your secret question so dont worry as that part is not replacable in any case,prob is he/she changed zip and your b'date hence you are not seeing the secret question which u used while signing for yr account.
*As you have just said you get attacks fm Korea via ftp,I advise you to contact your ISP(who is yr isp btw?)and tell him to check traffic on his router and block this i.p.In most cases yr isp will be in a position to see his real IP if it is not sub masked.Depends on the hacker's skill and how dumbo yr isp is LOL.
*Besides firewall and crap AV which u used(I never use Nortan which in my opinion is fully faltoo)do u use any anti spy wares?
*Open your ZA firewall and look for this file SVHOST.EXE,now this is for windown update but virus sits in your p.c exactly make a replica of it so just tell me during last 20 days anytime your firewall asked for a permission of above file with a warning the file contain has been modified or changed?
I shall advise almost pakka security for you when u reply to my queries,all the best and if possible do not use netbanking till this prob resolves.

[SLK]

Quote:

Originally Posted by ECM

Just would like to ask some queries if you dont mind on the issue of your PC security.
*When you opened any attachments in yr email?That email must have come via a fake id to your inbox and that fake id must be of your friend or those who are in the address book.

HOW would an attachment hack my account?...
BTW I did not open any attachment on yahoo account as it was not my main mail account. (I don't receive mails there except for my own mails)

Quote:

Originally Posted by ECM

*Has the zip code changed by the hacker for your account?
*No one can change your secret question so dont worry as that part is not replacable in any case,prob is he/she changed zip and your b'date hence you are not seeing the secret question which u used while signing for yr account.

My zip code and birth date are unchanged.... Secret question has been changed.
I can see the question... but the answer is not what I had set.

Quote:

Originally Posted by ECM

*As you have just said you get attacks fm Korea via ftp,I advise you to contact your ISP(who is yr isp btw?)and tell him to check traffic on his router and block this i.p.In most cases yr isp will be in a position to see his real IP if it is not sub masked.Depends on the hacker's skill and how dumbo yr isp is LOL.

ISP doesn't have a role to play!.... I took care of it!

Quote:

Originally Posted by ECM

*Besides firewall and crap AV which u used(I never use Nortan which in my opinion is fully faltoo)do u use any anti spy wares?

Symantec CE 10 has antispyware.... .. its not norton.. its symantec.. there's a lot of difference.

Quote:

Originally Posted by ECM

*Open your ZA firewall and look for this file SVHOST.EXE,now this is for windown update but virus sits in your p.c exactly make a replica of it so just tell me during last 20 days anytime your firewall asked for a permission of above file with a warning the file contain has been modified or changed?

No nothing has changed!... its the original one.

Quote:

Originally Posted by ECM

I shall advise almost pakka security for you when u reply to my queries,all the best and if possible do not use netbanking till this prob resolves.

I actually.. believe my computer to have bullet proof security... so... I AM SURE that its some yahoo vulnerability that has got my account hacked.

Quote:

Originally Posted by ECM

there is an administrator account on every pc.Even if the only user account that shows on your screen is...say...slk,the admin account still exists on any windows based pc.So if someone tries to attack your admin account,pls take it very seriously...you might lose really sensitive info...

.. oh.. man.. Mine is a Windows Server 2003 SP1 Enterprise Edition .. there is no welcome login screen as in XP .... I had renamed the administrator account the first day I installed it (thats a standard security practice)

Also I have all security patches released by MS till date applied... and yes my OS is legal.

[condor]

Quote:

Originally Posted by Surprise

Request you to let me know how that's possible

Surprise,
A person I knew had his acct hijacked. He created a new acct, and used a mail tracking service to send mails to his hijacked acct. The service showed the hijacked acct being accessed from an IP address in Chennai. Contacted the cyber crime branch in Bangalore, and they in-turn tracked the IP address to a cyber cafe, and caught the person who had hijacked the mail id ..

Basically, if you have an IT crime to report, and need help for, you could contact the cyber-crime branch police.

[ECM]

SLK one correction,this para was not in my post which u have quoted in your rply{Originally Posted by ECM
there is an administrator account on every pc.Even if the only user account that shows on your screen is...say...slk,the admin account still exists on any windows based pc.So if someone tries to attack your admin account,pls take it very seriously...you might lose really sensitive info...}
Now there is no way you can change your security question UNLESS you use a shopping with your credit card in Yahoo and I dont see any logic hacker had used his credit card to change your security question.He may not that much dumbo!You must be having another yahoo account so try and see if you can change your secret question or not!!!!!Just try.
I meant attchment in email which can be a virus in your case.Nortan/symantec whatever you call is a child of same parents with same bundeled exe in them so you keep your bet on it but before that just seach how efficient it is for trojans and spyware!When I see you showing lot of confidence on your p.c set up and the rest defence which u have like a.v,firewall etc.. there is no point I see to advise you on this issue.Just check one thing is there a remote assistance help kept "on" in your p.c?By default it is ON in your OS.Switch it off.Sorry if I am giving such advises to experts like you .
Sometimes when someone attempts too much for login yahoo blocks the login request and lock the account.Stop doing anything for 48 hours and see if you can manage to login.
Just check how efficient your security is by vising below link which will show your details to you.
http://www.pcmesh.com/ip-check.cgi
http://www.pcflank.com/art41b.htm
now in last link just see how good your p.c is,good luck.

[ECM]

SLK I am posting my results for a security tests done on my p.c a minute back,here it is............
Results of the test:
Check for vulnerabilities of your computer system to remote attacks
Safe!



Trojan horse check
Safe!



Browser privacy check


Safe!
We have sent following packets to TCP:1 port of your machine:

• TCP ping packet
• TCP NULL packet
• TCP FIN packet
• TCP XMAS packet
• UDP packet

Here is the description of possible results on each sent packet:
"Stealthed" - Means that your system (firewall) has successfuly passed the test by not responding to the packet we have sent to it.
"Non-stealthed" - Means that your system (firewall) responded to the packet we have sent to it. What is more important, is that it also means that your computer is visible to others on the Internet that can be potentially dangerous.

Packet' typeStatus TCP "ping" stealthed
TCP NULL stealthed
TCP FIN stealthed
TCP XMASstealthed
UDP unknown
Now my UDP is totally invisible here and not even showing stealth that means 101% security on my setup.Good luck for the rest of you for this test.

[SLK]

Quote:

Originally Posted by ECM

SLK one correction,this para was not in my post which u have quoted in your rply{Originally Posted by ECM
there is an administrator account on every pc.Even if the only user account that shows on your screen is...say...slk,the admin account still exists on any windows based pc.So if someone tries to attack your admin account,pls take it very seriously...you might lose really sensitive info...}

Oh.. sorry.. that was binz...

Quote:

Originally Posted by ECM

Now there is no way you can change your security question UNLESS you use a shopping with your credit card in Yahoo and I dont see any logic hacker had used his credit card to change your security question.He may not that much dumbo!You must be having another yahoo account so try and see if you can change your secret question or not!!!!!Just try.

Infact I just created a yahoo account for checking this... and you are right!
So where does that leave me!....
I can still see the question as even the birthdate can not be changed....
but none of my answers work!....

Quote:

Originally Posted by ECM

Just check one thing is there a remote assistance help kept "on" in your p.c?By default it is ON in your OS.Switch it off.

Yes its turned off...
But I have Remote Desktop turned on!... but it has been secured.
I also have VnC server ..
I do have to use these things... when I am out of town..

Quote:

Originally Posted by ECM

now in last link just see how good your p.c is,good luck.

Will do..