I keeping getting hacked!

My accounts keep getting hacked (AOL all the time, and yahoo sometimes).  I know who it is, but he won't stop.  Now he's hacking my family's email - specifically AOL.  I've read about that script that is floating around the internet that allows someone to submit and it returns the victim's password.  I can't believe those really work - afterall, the email address you're supposed to send the request to is obviously bogus.  My question is this:  Is there any way I can stop my accounts from being hacked??  Is there some software somewhere that can prevent this?  The person that keeps doing this told me he was doing it and said he tricks the servers to give him the password for, specifically, hotmail, yahoo, and AOL.  Can this really be true?  How can I get this to stop?  I mean, now it's my family!
HaveMercyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sysandprogCommented:
What are the symptoms?
0
ShadowWarrior111Commented:
First of all, how do u know that you have been hacked? Can you please specified the symptom?
Second, if you know who the guy/gal is, you can report this to the authority.
Third, using public e-mail service such as hotmail, yahoo, etc is not a very secured as they provide free services.
0
TalamascaCommented:
I'll assume you have a decent firewall so..
Why not change your ISP?
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

chris_calabreseCommented:
sysandprog and ShadowWarrior111 seem to have covered the non-technical issues pretty well.

And Talamasca is right on in suggesting a decent firewall.

Here are some other technical ideas:
1.  Make sure your system is up to date on patches
2.  Make sure you use encrypted connections when logging into Yahoo, Hotmail, etc
3.  Make sure you have A/V software setup and do a full scan
4.  Make sure you're using strong passwords (both on Yahoo, etc and on the local PC)
5.  Make sure you're not exporting any filesystems to the world
6.  Follow the Center for Internet Security (www.cisecurity.org) guidelines for locking down your PC
0
HaveMercyAuthor Commented:
I know because 1) he told me my AOL password, which I readily changed; 2) he changed my secret question on my msn account to let me know it's him; 3) he also told me that he "tricks the ISP's server" into sending HIM passwords rather than the account-holder; 4) when my sister tried to logon to her AOL account, it said it was already in use at another computer (the rest of her family was at home, too, and not using it).  As far as firewalls, etc., I'm just using my home computer.  If he really can "trick the ISP's server", what good is a firewall?  He's getting my passwords from the service provider illegally.  When I called AOL, they said I should cancel my account and create a new one.  But this won't help me if he's getting my passwords from AOL's server (and hotmail and yahoo, etc.).  Which authorities do I report this to?  I tried the email providers as well as AOL, but they always deny that there is anything wrong with their security.  HA!   Also, I don't export any files, have strong passwords (which doesn't matter if he can get the password), and use encrypted connections.  I'm a programmer and do know a little about security, but nothing about hacking (thank goodness).  So, I'm not sure if "tricking the ISP/email server" can really be done.
0
chris_calabreseCommented:
"tricking the ISP/email server" may refer to some kind of cross-site-scripting/tracing attack. That he's perpetrating via HTML-ized emails. In this case
1. Make sure you have all the latest patches for your email client and web browser
2. Set the highest security settings on both
3. Don't open an emails from the attacker
4. Surf the web to your State/Provincial police department or attorney general's office and find someone to call.
0
HaveMercyAuthor Commented:
Thanks for all your comments but... What good is all this upgrading and patches if he is sending HTML-ized emails to AOL's server to get my password?  He's not hacking into *my* computer; he's going directly to the email provider's server.
0
MaximeCommented:
I would be tempted to say a Trojan and/or key logger is running on your computer. That would explain his magical power at finding out passwords. It is not clear to me is your family is using the same computer as you or they are using different computers in different locations.

You can try to virus scan your PC for free on this site:
http://housecall.trendmicro.com/housecall/start_corp.asp
0
chris_calabreseCommented:
He is much more likely hacking your computer, not AOL's.
0
HaveMercyAuthor Commented:
Each of my family members live elsewhere and have their own computers.  I don't have a key logger running - I've checked.  Even if I did have a key logger, how would that explain getting my family's passwords?  He has never been to their homes.  Is there such a thing as sending an email to the email server and getting it that way?  Could it really be that easy?  I'll try that link, Maxime.  Thanks.
0
HaveMercyAuthor Commented:
Each of my family members live elsewhere and have their own computers.  I don't have a key logger running - I've checked.  Even if I did have a key logger, how would that explain getting my family's passwords?  He has never been to their homes.  Is there such a thing as sending an email to the email server and getting it that way?  Could it really be that easy?  I'll try that link, Maxime.  Thanks.
0
chris_calabreseCommented:
If he owns your system he can look in your email address book and figure out how to attack their systems.
0
ornicarCommented:
I've done a search on Google and found that several cracking programs exist for AOL, etc. passwords. Most of them use brute force. It is very possible that he uses one of them. I can't post the links here as it is against EE policy.
What he is doing is illegal and, as attempting to your privacy, you should sue him. At least he will understand you are serious and he will stop doing this.
0
chris_calabreseCommented:
Brute force password crackers usually are not actually brute-force but actually dictionary based. Using a sufficiently strong password (which HaveMercy claims he has done, though we can not be sure) should avoid this problem.

Never the less, taking legal action is probably the best course of action.

Start with your State/Provincial police and/or Attorney General.

Civil action (i.e., suing him) may also work, though if this is somone you know only from an on-line presense, you'll first need to find out who they are, etc.

Plus, they may reside in a different country, which makes things a lot more difficult.

Your State/Provincial police and/or Attorney General's office probably have information on this type of thing.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HaveMercyAuthor Commented:
Thanks so much for your help.  I would increase the points, but I'm using all my points for this question!  I'm really upset about this since he's now hacking my family.  I believe he got my family's AOL screennames by hacking into my AOL and taking them from my buddylist.  If it were just me he's hacking, I wouldn't be so upset.  It seems everyone on my buddylist could be getting hacked.  I'm a programmer, so I do know about strong passwords.  (Oh, and I'm a girl, by the way.)  Unfortunately, this guy is my ex, so you know how the story goes...  He's just a wannabe computer-geek and, I know, he has had help getting these passwords - he couldn't have figured it out alone.  You'd think AOL, etc., would do something to better secure their systems.  It seems I'd be safer on a telephone party line!  Anyhow - THANKS so much.
0
chris_calabreseCommented:
I seriously doubt the issue has anything to do with the security of AOL's servers.
0
HaveMercyAuthor Commented:
Apparently, it wouldn't be the first time.

http://www.techtv.com/news/security/story/0,24195,3415335,00.html
0
ExppiCommented:
1) AOL is not the best system to be on  As has been demonstrated repetedly, they are *not* the safest.
2) Having said that, I doubt that he is cracking AOL directly.  Personally, at this point I would be reformating my computer, reloading my OS/firewall/antivirus, and getting my email/ISP with someone other than AOL.
3) I realize that there could be a "unformatable" trojan/virus on the computer, so, if you want to be REALLy safe, buy a new hard drive;-)
4) He could be using something like
http://www.spytech-web.com/software.shtml
So, once again, get a firewall like ZoneAlarm, and DON'T let anything connect to the internet that shouldn't be.  My general rule is, "See if you can function without it,  and ONLY if you have problems, than let it connect."
0
ornicarCommented:
I don't agree. If HaveMercy reformats, reinstall everything, even buy a new drive, his ex would be quiet successfull in annoying her. It is a bit paranoid.
0
ExppiCommented:
Ornicar,
How would her ex know her new email?  If he has her passwords, she pretty much has to have a keylogger on her system and the best way to get rid of those is to reformat.  I do agree that a new hard drive would be a bit paranoid.  I ment that as an extreme example.  If I were *that* paranoid, you wouldn't be reading this;-)
regards,

Exppi
0
HaveMercyAuthor Commented:
He would know my new email because he is also hacking into my family's accounts.  He has the AOL screennames of everyone on my buddylist.  So, if I were to create a new account (AOL or otherwise), he could find that out by checking my family's email/buddylist, etc., for my new account.  So, essentially, all my family would have to get a new ISP, etc.  I have run a clean-up of my system, checked for trojans, loggers, viruses, etc. - none were found.  He has to be getting the passwords from the AOL server itself (here we go again with that brute force script that sends passwords back to the designated email account).  It seems it may be a never-ending battle.  What do you think?
0
HaveMercyAuthor Commented:
Hey Exppi,

I clicked the link you provided and found this:
"Spytech Realtime-Spy allows you to monitor ANY PC from ANYWHERE. Realtime-Spy is remotely deployable (no physical installation needed), and its activity logs are accessible from anywhere - regardless if the remote PC is online or not.  
Realtime-Spy monitors the remote PC in total stealth, and cloaks itself to avoid being detected. Monitors keystrokes, website visits, windows viewed, and more!"

How can the purchaser remotely deploy the product?  Wouldn't he have to know my IP address?  How does it actually target me?  If this really does what it says, this is probably the culprit.  He hasn't been on my computer to install anything so, perhaps, he is remotely deploying a logger... how does that work?  
0
ExppiCommented:
HaveMercy,

He would have sent you an email with an .exe or .doc attachment and you would have opened it.  After that, the spyware would have monitered your system, logged keystrokes, and whenever you were online, have uploaded to their server.  I would recommend downloading the FREE ZoneAlarm firewall at http://www.zonelabs.com/store/content/catalog/products/zonealarm/znalm_details.jsp

If you are running windows XP, the ONLY things that should be allowed to connect to the internet are "Generic Host process for Win 32 Services" and Internet Explorer.  Your AOL software would also need to connect *if* you use it to get online.  Email, AOL IM, ect also need to be allowed through ZoneAlarm.  It will ask you if you want to let stuff through.  If you are running any other flavor of windows 95/98/ME  ONLY internet Explorer, Email, AOL IM, AOL, need to be let on.  Once again, if you are not sure of the file, See if you can live without it connecting.  If you can, than it probably does NOT need to connect.  However, don't just delete it because Windows Explorer, MS Word, and other windows stuff will try to connect.  They just don't need to.  And if you finde a small file that has no reason to connect trying to, it just might be your culprit.
0
HaveMercyAuthor Commented:
Wow, Exppi - that was a wealth of information!  Thanks so much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.