Support

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? yes, looked for some anyway, can't find
Have I searched the tickets before posting? somewhat
Have I read the documentation before posting (which pages?)? you bet
Joomla! version: 2.5.6

Description of my issue:

Hey Nick -- quick question -- if I want to change the htaccess password I applied with the "Password Protect Administrator" feature, do I just enter a new username/password there? I wasn't sure if it would automatically rewrite the htaccess/htpasswd or not. I hunted in the docs, but it doesn't say one way or the other, about changing the password.

Thx!
Andria

Ok, good deal -- thanks!!

Andria

Argh. You just wouldn't believe how this fool hacker has been messing with me. Since all this hacking business started, especially since my cPanel got hacked, I've been paying close attention to all the logs available on cPanel, and I noticed that what appeared to be MY IP was attempting to access the administrator page, and getting 0 bytes -- odd in itself -- but that this was happening, on Friday night, WHILE I WAS COOKING DINNER!, not on the computer at all. So I figured this fool is spoofing my IP now -- when he hacked my cPanel, he got my logs, so got my IP. So I've spent the last 2 days trying to figure out how to change my IP. Today I finally called Comcast's security center and discussed it with them, and the very helpful fellow asked me about my router, did it have a setting for "Clone my PC's MAC", and it does, so he said I could use that, then reset my modem, and that would give me a new IP -- except I could NOT get it to work, it just kept giving me the same old IP. So I finally had the brainstorm to try the same technique, from a different computer on my home network -- and it WORKED! So I finally have a new IP, and have notified my host to block the old one. They naturally haven't even replied yet, like my security is just no biggie to them at all, or maybe they're as tired of this #$%&^#$% so-and-so as I am.

The main thing I can't figure out is why anyone would go to this much trouble to hack websites that have so little to offer anyone -- no money, no cash flow, ok, a little soft-core porn that he could probably find on a hundred different sites -- it just begs belief.

Andria

Oh you bet, I've got that WPA2, and as I mentioned, the password is 20 digits that mean something to me, but would be impossible for someone who didn't know both me as a child -- born here in Atlanta 51 yrs ago -- and my husband as a child -- born in Indiana 60 yrs ago -- and our nicknames then, as children, plus the year we married -- to guess. I'm not sure what you mean about wireless client isolation -- I'm not using it as wireless, but hardwired with ethernet cable, and I have all the settings active that have anything to do with security. If there's some further way to isolate it, please let me know.

I guess those other "uses" of a domain name are obvious only to those with ill intent, and those who fight them -- an honest person never thinks that way. The teenager or college kid who just does it to prove he can, was actually what I had considered -- everytime I do anything that makes it more difficult -- like when I first got Admin Tools -- he seems to step it up, like "oh yeah, bitch? you won't keep ME out!" kind of attitude. You know, one of those guys who's 100 lbs overweight, can't get a date, and thus has FAR too much time on his cheetos-orange hands.

I also figure that when I look up an IP on Honeypot, and it says it's from X-country, it's not really; it's some goober with way too much technical ability reflecting and redirecting all over the globe, and probably spoofing other honest folks' IPs as well.

But the site that's at the heart of all this, my main site in public_html of my hosting acct, I started using the secret word parameter -- and after that was when I started seeing the clues that he was spoofing my IP to try to get back in to my cPanel. The password I changed to, for cPanel, would be hard to guess, but I'm going to start changing it weekly or monthly until this fool decides to go away and bother someone else. I did take your advice about using words instead of random alphanumerics; Joomla and htaccess will even let me use spaces between the words, though cPanel won't, I had to use underscores.

A long time ago, over a decade now I'd estimate, a techie friend of mine gave me something that I wish I still had; it was one of those "URL bombs" that when you click it, it starts opening IE windows faster than you can click them shut -- the only way to turn it off is to power-off the computer. I really do wish I had that, and that I could somehow send it to this ****head. :)

Andria

if you have two devices connected on the same AP then one can not send information to the other.

That would seem to utterly defeat 50% of the reason for having a home network in the first place, so we can share files, music, etc, along with sharing the internet connection. Or maybe I'm not really understanding what you mean, since my grasp of networking is far from even "middling" -- I had to get a book called "Home Networking for Dummies" before I could even manage to get them speaking to each other, and sometimes they still don't, though I've figured out that unplugging/resetting the router generally clears that up.

Then turn off its WiFi features entirely. No need to have a potential entry point if it serves no useful purpose.

On reflection, I remembered that our DirectTV (satellite TV) box is using the wireless feature to pull programming info from the net -- so I kinda need that functionality, or I lose some of the most valuable functionality of having DirectTV -- which is rather expensive (our son got us into a 2 yr contract that we can't break or face crippling penalties), so I like keeping as much functionality as possible.

The hackers I've met were skinny, did get dates (albeit not the kind of girls I'd like to be associated with) and almost chronic insomniacs. It seems that they were spending too much time perfecting their craft, at the cost of sleep deprivation.

ROFL! That sounds a great deal like ME, back in 1999 when I first got on the internet and was struggling madly to learn HTML/CSS -- but for purposes of trying to acquire a new revenue source, not digital breaking-and-entering. I guess the main thing I have that they don't is an understanding of ethics, and karma -- I have sufficient bad karma already without actually TRYING to make more.

At least you'll know that a perfect guess of such a password means that you have a malware-infected PC or a man in the middle attack.

Well, as I said in the email I sent you, after a 16 1/2 hr scan of over 660,000 files, no real problems showed up -- some old trojans in attachments, which I had never opened (I never do!), and one that caused me a slight concern but has since been dealt with, and no, it hadn't really infected my PC, it was just present -- it's not anymore, and I've ascertained that it's not hiding in my registry, so it doesn't resurrect when I reboot -- it's gone. But what is a "main in the middle" attack? I've never heard of that one. Apparently I need a PhD in hacking just to defend myself from the lowlifes.

This is as much use against a hacker as a firecracker against an armed burglar.

Oh, I know... but it's aggravating as hell, and I'd dearly love to aggravate this bastard with more than just changed passwords, IPs, and secret words. I'd REALLY love to aggravate him with a jail cell and a wife named Bruno. :)

Andria

The day that an 100% accurate scanning method is invented I can die happy. In the meantime, the lack of a perfect scanning algorithm is what allows malware to exist.

True. However I did go over the registry pretty thoroughly with 3 different tools -- Glary, AutoRuns, and HiJack This. It appears to be clean. And as noted, I *never* open attachments -- even from friends, I generally call them up and say, hey, what's this attachment you sent me? Also, I haven't mentioned this because it's so ever-present that I usually forget about it until it pops something at me, but I have Spyware Terminator running, with the real-time shield, and a daily scan, every morning. This protects me so well that when I have to do a Windows update, it always pesters me about about the MRT.exe. I had to set that up because of that last really nasty attack, back in 2008, which overwrote one of my system files, and had installed itself in the background, without my even being aware of it -- that sort of thing won't happen again.

Commonly abbreviated as MITM. Wikipedia has you covered.

Ok, read that. It's too bad that my cPanel isn't behind an SSL, or it might have caught the bastard that got in and deleted all my stuff. I've never felt that I really needed to go to the expense of an SSL, because I DON'T have any kind of mission-critical anything; even with that subscription thing I setup, I use Paypal -- just because I don't want to pay for an SSL. But an SSL for cPanel would be a real boon, given all this malarkey I've been dealing with lately.

As for aggravating, I'm absolutely sure that I CAN'T outsmart him; all the security precautions I've taken have been "fingers in the dike", mainly just hoping he'll get bored with me and go find an easier target, or hit a target that's prepared to find him and prosecute him. I haven't had time to spend on ANY designing for a couple weeks now, just chasing this asshat around. *sigh*

Andria

Excellent info. What exactly would they be giving me, with the "signature?" Some info I need, or a file, or... what? I just hate to write to them about it, and sound like a total idiot. ;)

Thx!
Andria

Ok, I use Firefox, but it has a lock icon also, and it shows me the akeeba security credential when I click it, so I guess it's analogous. I have Chrome, which I use if my cookies in FF are acting weird, but it's so... plain. I really like all the gizmos and gimcracks in FF, got quite a few that I couldn't live without, so I put up with how slow it is to load -- also I finally started using Thunderbird rather than Opera for mail, and the mailto links, and links in emails, work right, since they're both Mozilla.

I had another brainstorm for a bit more security; for years I've left all my sites with "default indexing" just because it's more convenient for me that way, but I've decided that convenience be damned, it's time to get more paranoid (PAST time!), so I'm turning off indexing in my public_html dir, and in the dirs that correspond to my other sites (addon and subdomains). No idea if that will really help anything, but I've heard that it's far more secure that way, so at the moment, I'm all for that. :-[

Andria

Yeah, that feature in Admin Tools would have been zero help after that butthead deleted everything. So I turned off indexing with cPanel, so that even with all CMS and apps gone, there still won't be any indices.

I too have noted FF's flakiness with Javascript; my main site, for a while there, kept giving me "this script has failed" msgs, because of my slideshow thingie in the header. It hasn't done that for a while, so maybe they've fixed that "feature." My FF just got updated a few days ago, it's at v14.0.1 now. Sheesh, I started using it when it was version 3 or something -- and had to wait that long because my old computer was so slow that it was just plain painful to use FF at all, but they've messed up IE so thoroughly, I have stayed with IE 6 for like, forever -- later versions, ugh, can't stand 'em. Plus I did a bit of reading and IE is just NOT industry-standard in how it renders ANYTHING, and since I try to design templates for as broad a base as possible, it makes no sense at all to use IE myself. Fortunately the design tool I use, Artisteer, also creates supplemental CSS files for IE, for those who haven't yet jumped off the Microsoft train.

Anyway, we've been off-topic of Admin Tools for pretty much this whole thread, so maybe it's time to shelve it. If this wasn''t your own forum, someone would have slapped us by now. :)

Later!
Andria

IE6, well no, it's kinda irrelevant since the only time I use it is if some website INSISTS that it must be used in order to see their site properly -- and that's only if I can't find some site for the same thing that isn't so anal.

For Artisteer, yes I would like to know, especially if it has some impact on site security. Bear in mind that I don't do "default" designs -- mine are all custom, I just use Artisteer to create the php and css files, which I then generally modify, sometimes quite heavily. But if there is some inherent security flaw in Artisteer's designs, I guess that would give me even more motivation to just give up on all this, go to bed and never get out of it again -- I've already lost 8 out of 10 domains I used to own, thanks to the economy and being unable to afford them.

Andria

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.