IP address hacked PC?

Hi, far fetched as it may seem I am confident that my computers/mobile devices are being targeted for hacking on a persistent basis and recently suspected a hack which included a denial of service. I also suspect that my PC had been hacked at the same time which led me to Google search for advice on IP addresses (static v dynamic). The top result was "What is my IP address" which I clicked on and it gave me an IP and geographical address of Dundee, Scotland which happens to be the exact place I suspect my stalker lives and which is hundreds of miles from my location.

I'm aware that geo location is not always accurate but this seems to be more than a strong coincidence. My question is, is it possible that the IP address of a hacker who has gained access to my machine, whether from my clicking on a contaminated website or a brute force attack, would appear in my search for my own IP - ie, could I have aquired their IP?

Many thanks.
he1pplsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Edward PamiasTeam Lead RRS DeskCommented:
Did you try ipconfig from a command prompt to see what your IP is?
1
LockDown32OwnerCommented:
When you run What is my IP address it is showing you the IP address of your internet router. Unless this "hacker" go in and altered your router I don't think it is related.

   My guess would be that you are running a dynamic IP address on your internet router. Some ISPs will let you go in and change that (release and renew) from withing the router. If you can't to that I would call your ISP and tell them that you would like to do a DHCP Release on your router so it will pick up a new IP address.

   Scan your computer for virus and malware.....
1
Paul MacDonaldDirector, Information SystemsCommented:
"My question is, is it possible that the IP address of a hacker who has gained access to my machine, whether from my clicking on a contaminated website or a brute force attack, would appear in my search for my own IP - ie, could I have aquired their IP?"
No, full stop.

What leads you to believe your devices are being hacked/attacked?  That is, what behavior or symptoms are you experiencing, aside from a vague feeling?

Thing to do:  Check your browser(s) to see if they've been configured to use a proxy.
1
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

he1pplsAuthor Commented:
Thanks for your helpful and quick replies guys.

I wasn't aware of ipconfig but had discovered that I could change the IP by disconnecting then reconnecting my router so I guess I lost the original IP and that it's Dynamic.

I'd just reinstalled my OS before I read your replies but just checked Proxy settings in my browser and they were on so I have turned this off. Is it normal for Proxy to default to On?
0
Edward PamiasTeam Lead RRS DeskCommented:
Proxy is off unless you have a proxy server.
0
Edward PamiasTeam Lead RRS DeskCommented:
I would recommend changing the password on your router just in case.
0
LockDown32OwnerCommented:
It is normal for it to be off. I am glad rebooting the router gave you a new IP address. Most ISPs won't do that so easily. IPCONFIG is for your local IP address not your internet IP address. The two ways to check your internet IP addtess is to either look in your router (it should be displayed somewhere) or as you mentioned go to http://www.myipaddress.com/show-my-ip-address/

Just out of curiosity why did you think you were getting hacked?
1
Ian ArakelNetwork Lead: Data and SecurityCommented:
Hi There,

On a lighter note, it seems that you have turned into a cyber sleuth out here :-).
My first query would be to understand the basis on which you have concluded that you have been hacked.
Was there any logs that you referred to since the below statement indicates that you were keeping a track of this intruder:

"The top result was "What is my IP address" which I clicked on and it gave me an IP and geographical address of Dundee, Scotland which happens to be the exact place I suspect my stalker lives and which is hundreds of miles from my location. "


My question is, is it possible that the IP address of a hacker who has gained access to my machine, whether from my clicking on a contaminated website or a brute force attack, would appear in my search for my own IP  ie, could I have acquired their IP

By the above statement, I assume you want to verify if the attacker managed to get you to use their own IP addresses.

My approach would be as given below:

i)
Check from the ISP that you have the pool of IP addresses they allot to their customers.
ii)
Enter whatismyipaddress.com in your browser to verify if the allotted IP to you is within that pool.
iii)
As for the intruder IP, use the below URL to get the details:

http://cqcounter.com/whois/

For the IP reputation check the below:
http://www.borderware.com/
1
Paul MacDonaldDirector, Information SystemsCommented:
"...just checked Proxy settings in my browser and they were on so I have turned this off."
Did this solve the problem?
0
andreasSystem AdminCommented:
It might have solved the symptoms, but not the problems.

somehow the attacker got in to your pc and CHANGED the proxy settings. If you just revert to no settings, the attacker might use the same method as he used 1st time to change the proxy settings again.

You need to find out how the attacker got in.

you need to scan your machine for malware, if something is found, REINSTALL do not try to clean.

after that: Reset your router password, and check if all the router settings are as they should be.

e.g. DNS server entries are frequently changed  by attackers to divert traffic to systems which they control.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LockDown32OwnerCommented:
The fact that the Proxy was on is not an indication that you were hacked. By default Windows 10 turns it on and previous versions do too. It is only if you have a value in the Proxy Server address that you might really have a problem.

You really have said why you think you were hacked but you have changed your public IP address which is great. Check in your router and make sure that remote administration is disabled. That is how someone can get access to your router. Then change the router password.

As always have current, up-to-date virus software on your computer and if you see any signs of malware do a complete scan.
0
Paul MacDonaldDirector, Information SystemsCommented:
[he1ppls]: "I'd just reinstalled my OS before I read your replies..."
[andreas]: "...you need to scan your machine for malware, if something is found, REINSTALL do not try to clean."

I'm going to ask again:  Is your issue resolved?
0
Edward PamiasTeam Lead RRS DeskCommented:
As long as you followed the instructions of the experts above and found no malware or viruses, than I would say the issue is resolved. Also, make sure you change the password on the router just in case they hacked that as well.
0
he1pplsAuthor Commented:
Thanks for all the replies guys, all are useful.  The router is set to "no remote access and I've found no new malware after the fresh OS install but the attacks have occurred randomly over years so could just be a matter of time. I've wondered if the attacker is able to circumvent anti-malware in the past.

I'll explain the nature of my suspicions later in this message but maybe I should have been more precise about the Proxy setting. I don't know what it was at the time of attack, ie pre-OS reinstall but it's now set to "Use system settings" - I use Linux and this apparently means it sets to the OS Proxy default.  If I switch to  Proxy Off and then reboot it returns to the original setting  (on a clean reinstall) with no Proxy values so this confirms LockDown's comment could be valid here. Having said that Andreas comment suggests that it is also possible for an attacker to alter it, or that perhaps it appears altered. I checked the router and the DNS shows "auto" and Primary and Secondary are 0.0.0.0. so I guess this means they're untouched at present. Andreas - do you think it is possible for an attacker's ISP to appear in my own "what's my IP add" search for my address?

I've tried the websites suggested by Ian and the IP address at the time is within my ISP range but comes back marked as being very suspicious in the Reputation site so I'll call my ISP to follow up.

The problem has manifested itself several times via a poker website for some years now and involves odd cryptic messages, which are meaningless to others, DoS and unrealistically long unlucky losing streaks causing me to lose hands and therefore money. AIthough I only play small stakes these days I've played enough poker to know that long runs of bad luck are possible but, given the afore-mentioned and other odd occurrences I wonder whether the attacker may have somehow altered the algorithms within the site itself. I believe they're using the site simply as a conduit to reach me but they are very persistent. The poker website says it is not a problem from their end but I doubt they would admit to being hacked.

I think I'll just stop playing the poker :)

I'll check all the things suggested if it happens again in future but will leave this Q open for now for any more comments/answers and I'll report back on the IP reputation for your info when I've spoken to the ISP.

Thanks again for your replies.
0
Ian ArakelNetwork Lead: Data and SecurityCommented:
Hi There,

We would be glad to assist you out here.
You could verify the stated website out here:
http://isithacked.com/
0
andreasSystem AdminCommented:
if all your outgoing traffic is routed through a hacker owned system, the ip shown on what is my ip web sites CAN be the atackers IP or the IP of a proxy your traffic is routed through.

Usually the ip shown on this kind of web pages should exactly match the public ip assigned to your router (if you get public IP, some providers route you over proxies, so router IP and ip shown by website may be different, ask your ISP if you access the web directly or if they proxy the users)
0
he1pplsAuthor Commented:
I contacted my ISP and they couldn't/wouldn't confirm where the IP address was geographically located, only that it was one of theirs. Perhaps it would be too resource intensive and/or there were data protection issues given that a serious crime hadn't been committed (other than hacking of course). Thans again for all replies.
0
he1pplsAuthor Commented:
I contacted my ISP and they couldn't/wouldn't confirm where the IP address was geographically located, only that it was one of theirs. Perhaps it would be too resource intensive and/or there were data protection issues given that a serious crime hadn't been committed (other than hacking of course). Thans again for all replies.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.