How to understand that you have been hacked on VK (Vkontakte). Massive hacking of mailboxes: how to avoid getting into the hackers' password database One of the main signs of a computer being hacked

Any user of the VKontakte social network may sooner or later encounter such a problem as hacking of personal data. In this case, the user himself completely or partially loses control over the page: spam is sent to friends on his behalf, provocative or any other third-party information is posted on the wall, etc. That is why it is important to know in advance how to understand that you have been hacked on VK in order to respond to the situation in a timely manner.

Characteristic signs of hacking in VK

There are a number of characteristic signs that can help you understand that:

• The status “Online” is displayed on the page at the very time when you are not online. You can record this moment with the help of friends who, at your request, will monitor the activity on your page;
  
• friends begin to receive spam or mailings supposedly from you that you did not actually send;
  
• new, unread messages, highlighted in bold, become read;
  
• You can understand that a VK page has been hacked, as in other social networks, from the settings, see the instructions below;
• I can't sign in using my own password.
  

Let's take a step-by-step look at how to find out that you have been hacked on VK using the “Settings” menu:

Even if you find out that your VKontakte page has been hacked, like other social networks, you will need to immediately change your password to a more complex one and take a number of other measures to protect your profile.

What to do if you are hacked

If you realize that you have lost control over your VK personal information, you must:

Reliable protection The “Login Confirmation” function provides protection against hacking. This means that each time you log in, you will need to enter a one-time code that is sent to your phone or other connected device. Learn more about how to protect your page from hacking different ways, can be found in a separate article.

Hackers are either good or bad. The latter must be protected from. If you think your computer has been hacked, take immediate action. Hackers can get into your computer in numerous ways, but you need to learn to spot the signs of a hack.

Steps

Part 1 of 2: Signs of a break-in

1. 
   Unusual computer behavior. If a computer is “acting strange,” this may indicate its age, or a failed component, or a hack:
   
   
   • Programs and files will not launch or open.
   
   
   • Files that you did not delete are placed in the trash bin (or deleted altogether).
   
   
   • Passwords don't work.
   
   
   • Programs that you did not install end up installed on your computer.
   
   
   • The computer connects to the Internet in your absence.
   
   
   • Changes have been made to files without your knowledge.
   
   
   • The printer refuses to print or prints something you did not send to print.
   
   
2. 
   
   

   Connect to the Internet. Here are possible signs that your computer has been hacked:

   
   
   • You can't log into your accounts because the passwords don't work (check them on several sites). Have you responded to phishing emails (fraudulent emails asking for personal information and/or password)?
   
   
   • The browser redirects you to other sites.
   
   
   • Additional browser windows open (without your participation).
   
   
   • After paying for the domain name you purchased, you cannot access it.
   
   


3. 
   
   

   Here are possible signs that your computer is infected with malware:

   
   
   • False messages about the presence of a virus. If you do not have an antivirus, such messages will appear regularly. If you have an antivirus, be sure to find out what your antivirus's message windows look like (to distinguish them from fake ones). Do not click buttons in fake windows and do not provide any financial information (most importantly, do not panic after a message appears about the presence of a virus).
   
   
   • Toolbars unknown to you have appeared in the browser. (The browser only has one toolbar.)
   
   
   • Pop-up windows open.
   
   
   • Your antivirus and other security programs refuse to work or are completely disabled. Task Manager and/or Registry Editor do not open.
   
   
   • Your email is sending emails without your knowledge.
   
   
   • Money disappears from your bank account, or you receive bills for purchases you didn't make.
   
   


4. 
   
   

   If you do not control the operation of your computer, then most likely it has been hacked. For example, if the mouse cursor moves across the screen without your participation, then someone has gained remote access to your computer. (If you've ever worked remotely on any computer, then you know what we're talking about).

   
   
   • Search the Internet for your personal information that you have not disclosed. (Do this regularly.) If you easily found it through a search engine, then the information was stolen by hacking your computer.
   
   
   
   

   
   
   Part 2 of 2: What to do
   

   
   
   1. 
      
      

      Disconnect from the Internet immediately. Thus, you will interrupt the hacker's connection with your computer.

      
      
      • To reliably turn off the Internet, it is best to unplug your modem from the power outlet.
      
      
      • Print or save this article to your computer so you can access it when you are offline.
      
      
   
   
   2. 
      
      

      Restart your computer and boot into safe mode(check your computer's manual if you're not sure what to do).
      

   
   
   3. 
      
      

      Look for "unknown" programs (that is, programs installed without your intervention) or programs that won't start.
      

   
   
   4. 
      
      

      If you find such programs, remove them. If you don't know how to do this, seek help from a professional. Scan your system with a reliable antivirus, for example, Avast Home Edition, AVG Free Edition, Avira AntiVir.
      

   
   
   5. 
      
      

      If you don't know how to do this, seek help from a professional.
      

   
   
   6. 
      
      

      If the above steps do not lead to positive results, back up your important files, restore your system, and update it. Warn your bank and any other organization about possible problems with leakage of personal information.
      

   
   
   7. 
      
      

      Ask them for advice on your next steps to protect your funds.
      

      
      
      • Warn people on your email list that they may receive malicious emails from your address. Ask them not to open such emails or click on links in these emails. Store
      
      
      • backups
      
      
      • important files (for example, family photos, documents) on an encrypted USB drive.
      
      
      • The best way to prevent a hack is to prepare for it in advance.
      
      
      • When you are not working on your computer, disconnect it from the Internet.
      
      

      To restore your system to the point before the hack, use System Restore.

      
      
      • Regularly back up your files and your entire system.
      
      
      • Warnings
      
      
      • If none of the programs start, and just a picture is displayed on the screen, then you need to reinstall the system (or restore it, unless the hacker got to the system recovery files).
      
      

Your computer can be used to attack other computers/networks and commit illegal activities (without your knowledge, of course).

If you don't check your computer for possible hacking, you'll end up having to reinstall the operating system or buy a new computer.
You can notice it by indirect signs, such as an increase in traffic, HDD activity, processor load, etc. For ordinary users There is a danger: a script embedded in an attacker’s website or a website hacked by him can, using the same vulnerability, download a Trojan to the computer and launch it. The goal, as a rule, is to add a computer to the botnet. Prevention measures: do not sit under an admin account, do not climb dubious sites, regularly update your browser and system, keep your anti-virus monitor turned on. A radical remedy is to disable scripts, for example using a browser plugin (add-on) - noscript. I use it when I follow dubious links, although ideally I should set up a white list of sites in it and block all scripts on the rest.

Signs of a break-in computer system.

As a rule, a network attack or signs of hacking of a computer system can be detected with the naked eye. Events occurring on your computer will subtly warn you about this.

The appearance of various kinds of error messages can be found in event logs or in the operating system logs. One should be especially wary of unexpected changes in various system files or even their absence. It is also important to look at the state of various services that are running on the computer, as well as the logs of these services themselves.

Changing various system files and the registry. Here you need to first of all pay attention to the presence of suspicious processes running on the computer.

Unusual behavior of a computer system - unusual system overloads and even shutdowns, such actions are typical when a cracker has made changes to the system and is trying to make them take effect.

State file system- review carefully HDD for the presence of new files and folders, especially in system folders (Windows), this usually indicates installation Trojans, programs remote administration …

Changing user accounts - the appearance of new users in the system or the assignment of special rights to users with administrative rights. You should also pay attention to your inability to register in the system.

Can my home computer be hacked?

Unfortunately, this is quite possible and quite simple. Every time you join a provider, you take a risk. In the previous question you can find out how this happens. Naturally, the risk is higher if the connection is permanent (for example, a cable modem), and lower when the connections are short-lived (as usually happens with a modem connection).

The real danger comes from an uninvited guest if he can log in using any account he can pick up (or find out) - and gain “root” rights. This is usually possible if you're really a newbie administrator and/or your machine isn't really security oriented (you're at home, right - why worry about security!).

To protect yourself, you should not allow strangers to break into your computer. Use long and complex passwords for ALL accounts on your computer. Change your passwords regularly. To force the correct password policy on all users on your computer, run (as “root”, for example in RH6.0) linuxconf and under “password and account policies” change the minimum password length to 6 or more characters, the minimum number of non-alphabetic characters to 1 or 2, the number of days after which the password must be changed to something like 90 or less, and set the password aging warning to 7 days before aging. For other information about passwords, see here (FAQ2.htm#pass_security). Absolutely NEVER create accounts without a password or with weak passwords. Don't run your computer as “root” - if you run a program with security holes as “root”, someone may find an opportunity to hack your computer. Older Linux distributions had known security holes, so use newer versions, especially if your computer could be used by untrustworthy people, or if your computer runs server functions(for example ftp or http server).

It's also a good idea to regularly review all the files that record all user logins: /var/log/secure (most recent log) /var/log/secure.1 (older) /var/log/secure .2 (even older), etc. Also /var/log is useful. Check them from time to time. The most common “warnings” relate to port scanning on your computer - repeated attempts to log in from some IP address to your telnet, ftp, finger or other port. This means that someone wants to know more about your computer.

If you don't use remote connection with your machine, it is a great idea to limit the rights to use network services “from the server side” (all network services listed in the /etc/inetd.conf file) by your machines home network. Access is controlled by two files: /etc/hosts.allow and /etc/hosts.deny. These access control files work as follows. When someone from outside requests a connection, the /etc/host.allow file is scanned first and if one of the names contained in it and the name of the computer requesting the connection match, access is allowed (regardless of the contents of the /etc/host.deny file). Otherwise, the /etc/host.deny file is scanned, and if the name of the machine from which the connection is being requested matches one of the names in the file, the connection is closed. If no matches are found, permission is granted.

B. Staehle (Linux Modem Guru) advised me not to install network services at all. “If your network services are not installed correctly, your computer can be hijacked by any script writer. Beginners _SHOULD NOT_ allow services (ftp, telnet, www) to the outside world. If you "must" install them, make sure you only allow access from machines you can control.

The /etc/hosts.deny file should contain
ALL: ALL
and /etc/hosts.allow should contain
ALL: 127.0.0.1
to allow login only from this computer. Do not use names (only IP addresses)!“.

Indeed, my /etc/host.deny, as advised, contains (ALL: ALL), but my /etc/hosts.allow contains two more computers with full access, and another one for telent and ftp logins :( IP addresses are fictitious):
ALL: 127.0.0.1, 100.200.0.255, 100.200.69.1
in.telnetd, in.ftpd: 100.200.0.2

In the above examples, “ALL: ALL” means “ALL services, ALL computers,” that is, “a connection from all computers to all network services” coming from “any computer.”

For more information, see the excellent “Linux Network Administrator Guide,” which, of course, comes with your distribution. For example, I even printed out this book.

To check which network services on your computer are accessible from the outside world, you can use special WEB tools.

For security reasons, it's a good idea to keep the operating system and version you're using private. I changed the contents of the /etc/issue and /etc/issue.net files, which on my computer looked like this:
Red Hat Linux release 6.2 (Zoot)
Kernel 2.2.14-5.0 on an i586

To something like:
WARNING: THIS IS A PRIVATE NETWORK
UNAUTHORIZED USE IS PROHIBITED AND ALL ACTIVITIES ARE LOGGED
IBM S/390 LINUX

This joke may slightly (slightly) increase (I hope) the security of my system.

I change the contents of the /etc/issue and /etc/issue.net files on every boot (when /etc/rc.local is executed). To make the changes permanent, I can make these files read-only for all users by running (as “root”):
chmod a=r /etc/issue*

Instead of the last command I could edit (as “root”), batch file/etc/rc.d/rc.local and comment out 5 lines using ### so that its significant part contains:
# This rewrites /etc/issue on every boot. Making a few changes
# necessary so as not to lose /etc/issue on reboot
### echo “” > /etc/issue
### echo “$R” >> /etc/issue
### echo “Kernel $(uname -r) on $a $SMP$(uname -m)” >> /etc/issue
### cp -f /etc/issue /etc/issue.net
### echo >> /etc/issue

Another good security measure is to turn off ping. Ping is a system that responds to a request sent from another computer. It is very useful during installation and debugging network connections to check that your machine is accessible over the network. It can also be used to probe and/or attack it with overloading ping requests (“ping of death”). To block ping requests from the network, I use IP masquerading. I have taken, slightly modified, the following commands, along with explanations from

Ipchains -A input -p icmp -icmp-type echo-request -i ppp0 -j REJECT -l
(1) (2) (3) (4) (5) (6) (7)

Explanation of ipchains flags: 1. Add a new rule.
2. Specify the scope of the rule; in this case, the rule will be applied to incoming packets.
3. The protocol to which the rule will apply. In this case - icmp.
4. ICMP type, in this case the icmp echo response to the request will be blocked. “Echo reply (ICMP echo)” means ping.
5. Interface name. In this case it is the first telephone connection, ppp0.
6. The purpose is what we will do with the request packets.
7. Mark all packages according to some criteria in the system log file.

IP masquerade is described in more detail in the Masquerading chapter of this guide.

Other precautions. I check from time to time to make sure that someone hasn't installed a “root kit” on my system. I use “chkrootkit” (very small, 25k, downloaded from ).

After downloading:
su
cd /usr/local
tar xvzf /home/my_name/chkrootkit.tar.gz
cd /usr/local/chkro
make
./chrootkit

The last command is to search for “root kit” on my system. “Rootkit” are programs that leave a backdoor for anyone who has once acquired “root” rights, installed for the purposes of listening, browsing, protecting their access, etc.

The first thing that might make you think about a possible hack is sudden debits of funds that you have nothing to do with. This is a clear sign that fraudsters may have gained access to your card information or have “hijacked” the account of one of the payment services you use.

If your funds balance is always at hand, you will notice suspicious activity quickly. If you rarely check your account and you don’t even have alerts via SMS or email enabled, it’s time to do it.

Messages with codes to confirm purchases that you, of course, did not make, should not be ignored under any circumstances. Regardless of whether you know the sender or not, you must immediately contact the bank.

2. Slowdown of the device

A malware that has infiltrated your computer or smartphone can require a lot of computing power. Therefore, if you notice a decrease in performance that is significant, unexpected and long-term, you must immediately scan your device for viruses and limit any network activity for this period. If no threats were detected, perhaps the reason for the slowdown is .

3. Disabling or interrupting the operation of security programs

If malware has found its way into a system and has taken up residence, it is possible that it will try to close or isolate all security measures that are dangerous to it. A reason to sound the alarm is an involuntary shutdown or inability to start an on-demand computer scan. This situation will be avoided constant update anti-virus databases and downloading applications only from trusted sources.

If your device’s protection has missed at least one piece of malware, there may soon be significantly more of them. A threat that has taken root on a PC can initiate the download of additional attacker tools, which can be represented by both additional software and browser extensions.

You can check which software is active when the computer is running using the “Task Manager” on Windows (call it with the key combination Ctrl + Alt + Del) and “System Monitor” on macOS (found in the “Utilities” or “Programs” list). In the browser you are using, you need to open the list of all extensions and similarly check what is installed and what runs automatically.

5. Increase the number of pop-ups

Through the browser and some other applications, malware can bombard you with pop-ups asking you to scan your computer or check your account details. These windows often look quite authentic and do not arouse suspicion, but if they begin to appear much more often than before, then this is a reason to think about it.

Nowadays modern browsers and OS in general, they cope well with annoying pop-ups, but there is still a possibility that the initiator of displaying the next window or banner is malware that has sneaked onto the PC.

Malicious software may well change system settings. The classic example is change home page your browser or search engine. If you see a completely new and at the same time rather dubious page when loading the same Chrome or Firefox, you should, of course, not follow the links on it.

Change requests need to be monitored especially closely. system settings and issuing permits for new programs. The latter is very relevant in the case of smartphones, where seemingly elementary applications can require a whole list of rights to access the bowels of the gadget.

7. Uncontrolled device activity

If it sometimes seems to you that your computer or smartphone lives its own life, then it is likely that someone is controlling it remotely. This is done through a backdoor application that you may have downloaded along with recently downloaded content.

Such remote access can be tracked by the involuntary exit of the device from sleep mode, sudden activity hard drive when the PC is idle and even during spontaneous movement of the mouse cursor. Fortunately, such blatant hacks are extremely rare these days, especially if you use exclusively licensed software.

In addition to activity within the system, the malware can cause a sudden shutdown or reboot of the device. This may well indicate partial control over the PC and attempts to destabilize the system.

You should panic here only when such outages have become more frequent and there were no prerequisites for this: you do not overload your PC with demanding games and control the heating. In such cases, it is again worth checking the active processes in the “Task Manager” and especially autorun.

9. Sending messages without your knowledge

If they gain access to your mail, attackers will try to spread their tentacles as far as possible. Sending spam on your behalf is the first thing you should pay attention to. Check not only your new mail every day, but also your sent emails folder. If you notice something suspicious, hurry to change it from of this account, and it’s better to do this through another device.

10. Suspicious online activity

You can become a source of spam not only in mail, but also on social networks. Moreover, attackers usually do not limit themselves to just sending messages. If this is, for example, Twitter, a mass of new subscriptions and comments under other people’s posts can indicate that your account has been hacked. And the trouble is that all this can only be discovered after some time, when your account has already been used to the maximum.

You can protect yourself from this only through vigilance, that is, periodically checking the main actions in each specific network. If you find dubious messages and comments that you could not leave even while drunk, be sure to change your password using another device.

11. Denial of access to your accounts

If, when authorizing in one of the services, your standard password suddenly did not work, then, probably, the attackers, having gained access to the account, managed to change it. In the case of a large service or social network, there is no need to panic. The form for recovering and changing your password via email or directly contacting technical support can help you.

To increase the level of security for all your accounts and social networks, nessesary to use .

Bottom line

Even if you think that the danger has passed and your account data has not been affected, it is certainly worth playing it safe. Let us remind you once again that it always makes sense to periodically update the passwords of your accounts, especially if the same password is used in several services.

If any of your online accounts have been hacked, immediately report it to technical support. Even if you easily restored access, it’s still worth doing this, because you don’t know where the “hijacked” account was used.

On your PC, be sure to install a reliable antivirus with the latest databases, or at least systematically check the system with lightweight portable options. If for some reason you cannot install or run such software on an infected computer, you need to download the program through another device and then try to copy it.

It is possible that for full recovery A system reset may be necessary. In this case, you need to take care of the data that is important to you. Fortunately, it can now be done on any device, regardless of the OS.

Experts believe that cyber fraudsters obtained the information they needed thanks to a special virus that infected users’ computers. The companies said: many accounts are out of date, so there is no need to worry, but they recommended that everyone change their passwords.

Considering the fact that the disclosure of user passwords from various services may happen again, AiF.ua decided to compile a small reminder on security measures when working with mailboxes.

Who is responsible for making mailboxes easily accessible?

As Vladimir Ivanov, deputy head of the operations department at Yandex, told AiF.ua, modern mail systems are reliably protected structures. It is almost impossible to hack them, because they have several levels of protection.

“Mail systems also have many mechanisms that protect users from fraudulent letters: determining the authenticity of a letter by its digital signature, getting rid of malicious scripts in letters, checking attachments for viruses and, of course, protection against spam and unwanted letters,” added Vladimir Ivanov.

The company also rules out that employees may be involved in the “leakage” of passwords from mailboxes. According to Vladimir Ivanov, the system is designed in such a way that data about logins and the letters that belong to them are stored in three different places. Three groups of administrators are responsible for the safety of electronic information. To gain access to them, it is necessary, firstly, the participation of all three groups of specialists and, secondly, compliance with internal procedures. And the entire process is controlled by the company’s security service.

The “weak link” in the chain of user - mailbox - mail service is a person who puts his account at risk by coming up with easy passwords or following decoy links to malicious sites.

“It turns out that the most “vulnerable” in this system is the user himself: his simple password, the same password with other services, a “virus” on his computer, or inattention when going to suspicious sites nullify all the efforts of postal services to protect him,” the specialist stated. "Yandex".

Three signs that your mailbox has been hacked

1. Suspicious entries into your mailbox that you don't know about. You can find out from which IP address, at what time and from which browser your mail was visited from the transaction log. It is provided in most free email systems.
2. Your mailbox contains messages that you have not sent. Make it a rule to check email every day, how to protect yourself from hacks.
3. According to Vladimir Ivanov, postal services can automatically detect suspicious behavior and prompt the user to change their password. It is worth heeding this recommendation.

What to do if your mailbox is hacked

• Change your password and be more vigilant in the future. This option may not work for you if hackers caused serious damage.

Password – your personal information

Give up simple passwords. Special programs, which hackers use, recognize them very quickly. Also, do not use your personal data (date of birth, name, city of residence, series and number of passport, etc.).

The ideal option would be to write any Russian or Ukrainian phrase using the Latin layout. For example, the combination of the words “juicy_watermelon” will turn into a complex password cjxysq_fh,ep.

• Contact law enforcement agencies who will help find the perpetrators and punish them according to the law.

“The postal service is not such a body and cannot independently conduct legally significant investigations,” says the deputy head of the operations department at Yandex. - In addition, as a rule, the investigation requires collaboration many organizations - providers, Internet services, sometimes even engineering services. Only law enforcement agencies can organize such work.”

Meanwhile Google company has published guidance on two-step verification, another way to enforce security measures on mailboxes. Its essence is that before logging into the system, the user will need to enter a password and confirmation code. The system will send you a combination of numbers for confirmation to mobile phone. It can be obtained in the form voice message or SMS.