Gaming need help with a hacker

[Findecanno]

My friend is able to hack my computer and pretty much do everything he wants to it remotely. He uses some sort of vnc that allows him to get on without permission. Im sure some of it is done through terminal. He is also able to change my password without knowing the original. Im wondering if theres any way that I can possibly block him from having access? or does anyone have any idea of what programs he using?

I'm running Linux mint 7 (a variant of ubuntu 9.04) and so is he. He says the software he uses is cross-platform so switching operating systems wont help.
Any help would be appreciated.

 

[coolbho3000]

Unless you know exactly what he's doing, it's hard to help. Is this "some kind of VNC" SSH or something?

If you can't figure it out, Ubuntu should be fundamentally secure (as far as we know) so just do a reinstall of it and choose a strong root password. And don't give this "friend" physical access to your computer ever again.

 

[Law]

Punch him in the face repeatedly, then destroy his computer.

Not much of a friend, really.

 

[Wabsta]

Have you really "seen" ur friend in action?
Maybe he is just scaring you..

Cause, as far as I know, linux was the uberleetsecurenonhackableOSevah.

 

[SpAM_CAN]

Disconnect from the internet, find the VNC client, and diddleete it. Or reformat your hdd, and DO NOT allow him on your network or computer.

 

[playallday]

Try this is a terminal.

sudo ufw enable
sudo ufw deny 22
sudo ufw deny 5900
sudo ufw deny 5901
sudo ufw deny 5902
sudo ufw deny 5903
sudo ufw deny from 192.168.0.2

Take out 192.168.0.2 and put his IP in. If you don't know his IP you could remove that line.

He's most likely gone on your computer and set up remote access for himself. You should tried to find out which program he's using and turn it off.

 

[Governa]

Alternatively play with IPtables. If you're not comfortable with that, set up a software firewall with outbound and inbound filtering or configure your router and be sure to get all your ports stealth, particularly 5900, 5901, 5902 and 5903.

Probe your ports to see what is open in your current configuration. Go to http://www.grc.com/default.htm, click on the "ShieldsUP!" link, click on the "Proceed" button, click "OK" on the warning window and finally click "All Service Ports" button. If you're connected directly to the web, this will probe your PC's firts 1056 TCP ports. If you connect through a router, it will probe the router. Act accordingly. Use the "User Specified Custom Port Probe" to scan 5900 to 5903 (default VNC ports).

Better yet, if your system was already compromised (who knows what is running under the hood... rootkits are common nowadays and hardly detectable), wipe the HD and do a clean install. Do NOT allow anyone to use your machine as root. If your distro allows you to login as root by default, create a limited account with a password only known to you, change the root's default password and log in using your newly created limited account.

By the way, your friend is not a "hacker", just a smart ass.

 

[Frederica Bernkastel]

Sounds a LOT like GoToMyPC.com or LogMeIn.com
They both can do that. Dunno how windows only programs are running on a linux though. Wine wouldn't help either.

They way I'd deal with this is very illegal and requires direct access to their PC (or if you're smart enough, a door opened can be crossed in both directions *hint, hint*)

Get one of the free firewalls, and block incoming connections.

Sounds a lot like some kind of script kiddie.

(Finally, the cross platform is a LIE!)

Of course, since what their doing is illegal, you could just report it to a higher authority (if they are a script kiddie like I guessed, their parents are a good starting point)

 

[UltraMagnus]

check your account settings, delete any accounts you don't recognise, also change your password and root password
also, search synaptic for anything with VNC in it and uninstall it.

Sounds a LOT like GoToMyPC.com or LogMeIn.com
They both can do that. Dunno how windows only programs are running on a linux though. Wine wouldn't help either.

They way I'd deal with this is very illegal and requires direct access to their PC (or if you're smart enough, a door opened can be crossed in both directions *hint, hint*)

Get one of the free firewalls, and block incoming connections.

Sounds a lot like some kind of script kiddie.

(Finally, the cross platform is a LIE!)

Of course, since what their doing is illegal, you could just report it to a higher authority (if they are a script kiddie like I guessed, their parents are a good starting point)

don't comment on what you don't know, plus x forwarding can be done from windows, and VNC is cross platform, it even has a java client (i used to run it on my PC at home to get past the school internet filters)

 

[Athlon-pv]

You would expect that he would need acces , that means most likely he got root priveledges.
If he is an evil bastard he would have set something up that he gets a message(email) after that password has changed.

So i would expect that unless you would like to readup for say 4 to 5 hours on the subject on how to protect your linux install your friend will be able to keep pestering you.

But on the other hand if you do read about it , you gained a very good experience

.

There prolly some good websites on this topic but i havent needed it , so maybe google some keywords.

 

[Findecanno]

Thank you all for your help. I have followed some of your advice such as blocking his ip address. hopefully that will stop him. Does anyone have some advice on how to get him back?

don't comment on what you don't know, plus x forwarding can be done from windows, and VNC is cross platform, it even has a java client (i used to run it on my PC at home to get past the school internet filters)

My friend also uses this vnc program to get past school filters. What program is it?

 

[SpAM_CAN]

VNC gives you access to your computer over a network/ internet. If he has it at school then be careful...

 

[GeekyGuy]

Punch him in the face repeatedly, then destroy his computer....

Personally, this would be the solution I'd opt for. I don't know diddly squat about hacking, so it would be much easier just to beat the kid into oblivion and leave him lying on his mom's front door step. A clear warning about future harm to his family might also ensue. This is, of course, all hypothetical.

 

[coolbho3000]

Thank you all for your help. I have followed some of your advice such as blocking his ip address. hopefully that will stop him. Does anyone have some advice on how to get him back?

don't comment on what you don't know, plus x forwarding can be done from windows, and VNC is cross platform, it even has a java client (i used to run it on my PC at home to get past the school internet filters)

My friend also uses this vnc program to get past school filters. What program is it?

Maybe it is SSH...

 

[Arm the Homeless]

I think it's ssh, as well.

You could do:

sudo aptitude remove openssh

If that command is wrong, I haven't used a Debian-based system for a long time.

 

[UltraMagnus]

Thank you all for your help. I have followed some of your advice such as blocking his ip address. hopefully that will stop him. Does anyone have some advice on how to get him back?

don't comment on what you don't know, plus x forwarding can be done from windows, and VNC is cross platform, it even has a java client (i used to run it on my PC at home to get past the school internet filters)

My friend also uses this vnc program to get past school filters. What program is it?

i used to use http://www.realvnc.com/ but this was over 4 years ago, I'm sure the is better now

 

[MicShadow]

it would be:
sudo apt-get remove openssh

 

[Frederica Bernkastel]

don't comment on what you don't know, plus x forwarding can be done from windows, and VNC is cross platform, it even has a java client (i used to run it on my PC at home to get past the school internet filters)

what don't I know? I mean, that those ones aren't. I tried them.
If I wanted to access my linux install from elsewhere, I'd try something else.
Also, to get past the filters, try using a proxy tunnel. I gave up with VNC's after the school ISP blocked them.

 

[Governa]

My friend also uses this vnc program to get past school filters. What program is it?

http tunneling

...and guys please, please, please, don't refer to everyday tools and protocols as some sort of hacking or black magic. VNC, remote desktoping, SSH, AFP, SMB... these are all industry standards. I personally couldn't live without them, I have my home network built on top of these. They're extremely useful, if you know what you're doing. Invite your friend over to play with your admin account and you're asking for trouble, whatever the OS you're using.

 

[Frederica Bernkastel]

My friend also uses this vnc program to get past school filters. What program is it?

http tunneling

...and guys please, please, please, don't refer to everyday tools and protocols as some sort of hacking or black magic. VNC, remote desktoping, SSH, AFP, SMB... these are all industry standards. I personally couldn't live without them, I have my home network built on top of these. They're extremely useful, if you know what you're doing. Invite your friend over to play with your admin account and you're asking for trouble, whatever the OS you're using.

hey... can.. can... I play with your admin account..?