Someone using my newsgroup account

Hi,

I'm a noob to networking, and wondering what I can do in this case. I
have
Adelphia cable Internet, and they have a contract with Giganews to
provide
newsgroup access as part of Adelphia's High Speed Internet packages.
You are
allowed 5 Gigs a month of newsgroup access. If you go over that, they
ban
you using or even viewing newsgroups for the rest of the month. Last
month I
got a message that my newsgroup usage was 15 G (3X the limit) within
the
first 4 days of the new usage month, which always starts on the 12th
for me,
and that I cannot access that service until next moth, unless I want to
open
a separate paid account with Giganews. I do post a little, but it's
only
been a few text messages lately, and the reading of replies, so I
should be
nowhere near 3 gigs! I called Adelphia and complained to them that
there
must be an error, and they said there's nothing they can do, it's under
Giganews control, but Giganews has no phone number, and I played cat
and
mouse with emails and they told me to contact Adelphia. Finally
Adelphia was
nice enough to change my account name, thus letting me start a fresh
newsgroup account. This month, from the 12th, up to yesterday, when I
checked my newsgroup usage, which I do every day now, it said I only
used
something like 100Kb or so, and about 0.01% usage. This morning I
checked
it, and it said I used 1,909,792 KB or 36.43%. I immediately shut down
my
Shoucast server connection, and disabled my wireless router connection,
details next paragraph. I'm the only one with access to my own PC's.


I have 3 computers hooked up via a Linksys BEFW11S4 router (uses B, not
G
technology). 2 PC's are wired in via Ethernet cable, and another is
linked
via a Belkin Wireless G USB Network Adaptor. I don't see any signs of
connection other than my PC's, and I use the default security settings,
so I
don't need a password for my wireless connection. I'm still trying to
figure
out how to connect an old 98 SE PC using a password or some type of
security
so my router will only talk to that PC wirelessly. My hardwired PC's
are
XP Pro and MCE 2005. I also am using my XP Pro PC as a Shoutcast
server. I
have a hunch that someone may be connecting wirelessly somehow? In some
"stealth" mode? Or should I look more at Shoutcast letting someone
somehow
use my connection? Any other ways someone can access my newsgroup
account?
Any advice would be appreciated. I'm thinking the obvious, wireless or
Shoutcast, but could it be something else?

Re: Someone using my newsgroup account

Post removed (X-No-Archive: yes)

Re: Someone using my newsgroup account

DK1000 wrote:

> Hi,
>
> ...
> Shoucast server connection, and disabled my wireless router connection,
> details next paragraph. I'm the only one with access to my own PC's.
>
You have a server setup. That is an invitation to trouble. Access to a
machine does not mean it's not compromised.
>
> I have 3 computers hooked up via a Linksys BEFW11S4 router (uses B, not
> G
> technology). 2 PC's are wired in via Ethernet cable, and another is
> linked
> via a Belkin Wireless G USB Network Adaptor. I don't see any signs of
> connection other than my PC's, and I use the default security settings,
> so I
> don't need a password for my wireless connection.

There's a big hole right there.

> I'm still trying to
> figure
> out how to connect an old 98 SE PC using a password or some type of
> security
> so my router will only talk to that PC wirelessly. My hardwired PC's
> are
> XP Pro

Hole number three (Micro$oft: makers of fine swiss cheese since 1995)

> and MCE 2005. I also am using my XP Pro PC as a Shoutcast
> server. I
> have a hunch that someone may be connecting wirelessly somehow? In some
> "stealth" mode?

Remote and unauthorized connection is a distinct possibility, given how you
report your wireless setup.

> Or should I look more at Shoutcast letting someone
> somehow
> use my connection? Any other ways someone can access my newsgroup
> account?

I'd look for compromise to one/more of those machines.


> Any advice would be appreciated. I'm thinking the obvious, wireless or
> Shoutcast, but could it be something else?

Given the trend you describe, I get the uncanny feeling someone had zombied
your original account, and it took a while for them to zombie your new
account, which they have now done, and and are up to no good.

Recommendation:

1. backup ALL configuration files and user files.
2. disconnect from the internet completely (unplug your router AND Modem)
3. REFORMAT all hard drives and reinstall operating systems - you don't want
to carry over any malware into the next few steps
4. SECURE YOUR SYSTEMS AND YOUR NET CONNECTION
4a. For extra credit, install security software (fire wall, virus detection,
spyware detection). For extra, EXTRA credit, download the off-line
installers, save them to off-line storage (read thumb drive or CD), and
install them BEFORE connecting to the net again.
5. connect to the net and PATCH YOUR OS
6. reinstall configuration and user files

HTH

Re: Someone using my newsgroup account

On 28 Jul 2006, in the Usenet newsgroup comp.security.misc, in article
<1154114164.323337.187910@m73g2000cwd.googlegroups.com>, DK1000 wrote:

>I'm a noob to networking, and wondering what I can do in this case.

Disconnect the wireless crap until you learn how to make it secure.
Contact Adelphia, and change your password (at least) as that is used
to access the news service. As you probably also have your credit card
numbers on the computers, you probably should contact the banks and/or
card issuer and ask for new accounts. If you absolutely _must_ use
Loose98SE, do not use it on a wireless link, make sure it's patched to
the last update (it's no longer supported), and disable ALL sharing.
You probably also should do a search at groups.google.com for your
account name, and make sure someone didn't use it to post something
interesting, like your credit card numbers, or the like.

>I have Adelphia cable Internet

and are allowing anyone who comes within range to share it for free.

>and another is linked via a Belkin Wireless G USB Network Adaptor. I
>don't see any signs of connection other than my PC's, and I use the
>default security settings, so I don't need a password for my wireless
>connection.

and you can't figure out how anyone is connecting. LOOSE THE WIRELESS
until you get it secured.

>I'm still trying to figure out how to connect an old 98 SE PC using a
>password or some type of security so my router will only talk to that PC
>wirelessly.

WPA shared key - forget MAC filtering, forget WEP - there only illusionary
security. That's better than you have now, but any kid who can't crack that
in under a minute is to stupid to be trying to use a computer.

>I also am using my XP Pro PC as a Shoutcast server.

Is that up to date too, or are you unaware of the fact that it's exploitable.
I suppose it doesn't matter than it's exploitable, seeing as how the
wireless link is wide open.

>I have a hunch that someone may be connecting wirelessly somehow? In some
>"stealth" mode?

"stealth" mode isn't needed. Your link is up 24/7, and you don't know how
to monitor it, even though you know it's wide open.

>Or should I look more at Shoutcast letting someone somehow use my
>connection? Any other ways someone can access my newsgroup account?

As you probably had your news setup configured to "remember my password"
and that's available to anyone to use - they _could_ be using your account
from anywhere else.

Old guy

Re: Someone using my newsgroup account

Thanks everybody for the advice. Sorry so late a response. I wiped clean the
HD, re-installed XP Pro. dropped the Shoutcast server, and made more secure
my wireless connection. Wireless only enabled a few hours a week when I need
it, and then I click Disable (wireless) when finished. Only PC that had Win
98 SE was the "remote" one I use only a few hours a week, "Loose 98" isn't
on my main PC. I haven't had any problems now since I originally posted in
late July. I realize WEP isn't the most secure, but again, I'm only using
wireless a few hours a week, and I'll figure WPA out soon. I'm using a
unique name, not "Linksys" and set SSID to not broadcast. So it's a start?


"DK1000" wrote in message
news:1154114164.323337.187910@m73g2000cwd.googlegroups.com.. .
> Hi,
>
> I'm a noob to networking, and wondering what I can do in this case. I
> have
> Adelphia cable Internet, and they have a contract with Giganews to
> provide
> newsgroup access as part of Adelphia's High Speed Internet packages.
> You are
> allowed 5 Gigs a month of newsgroup access. If you go over that, they
> ban
> you using or even viewing newsgroups for the rest of the month. Last
> month I
> got a message that my newsgroup usage was 15 G (3X the limit) within
> the
> first 4 days of the new usage month, which always starts on the 12th
> for me,
> and that I cannot access that service until next moth, unless I want to
> open
> a separate paid account with Giganews. I do post a little, but it's
> only
> been a few text messages lately, and the reading of replies, so I
> should be
> nowhere near 3 gigs! I called Adelphia and complained to them that
> there
> must be an error, and they said there's nothing they can do, it's under
> Giganews control, but Giganews has no phone number, and I played cat
> and
> mouse with emails and they told me to contact Adelphia. Finally
> Adelphia was
> nice enough to change my account name, thus letting me start a fresh
> newsgroup account. This month, from the 12th, up to yesterday, when I
> checked my newsgroup usage, which I do every day now, it said I only
> used
> something like 100Kb or so, and about 0.01% usage. This morning I
> checked
> it, and it said I used 1,909,792 KB or 36.43%. I immediately shut down
> my
> Shoucast server connection, and disabled my wireless router connection,
> details next paragraph. I'm the only one with access to my own PC's.
>
>
> I have 3 computers hooked up via a Linksys BEFW11S4 router (uses B, not
> G
> technology). 2 PC's are wired in via Ethernet cable, and another is
> linked
> via a Belkin Wireless G USB Network Adaptor. I don't see any signs of
> connection other than my PC's, and I use the default security settings,
> so I
> don't need a password for my wireless connection. I'm still trying to
> figure
> out how to connect an old 98 SE PC using a password or some type of
> security
> so my router will only talk to that PC wirelessly. My hardwired PC's
> are
> XP Pro and MCE 2005. I also am using my XP Pro PC as a Shoutcast
> server. I
> have a hunch that someone may be connecting wirelessly somehow? In some
> "stealth" mode? Or should I look more at Shoutcast letting someone
> somehow
> use my connection? Any other ways someone can access my newsgroup
> account?
> Any advice would be appreciated. I'm thinking the obvious, wireless or
> Shoutcast, but could it be something else?
>