This post is originally written by my friend D3 from Pakistan who himself is a security expert and a very good penetration tester.
This thread is not to solve your hacked accounts/pcs. use paypal thread/help desk for it thanks
Given rising number of hacking cases i request members to share tips on how to stay safe. even basic noobs tips.
Sharing my advises first
1. Trust common sense and not your anti-virus. As a former keylogger and virus writer let me tell you that the basic requirement is to make it undetected by all anti-viruses; specially famous one.
Its not a difficult task for any virus writer to add his virus to exception list of AV and firewalls.
2. Use a dedicated fire-wall not default windows one. and dont relay on those bundled with aniti-viruses.
I suggest you to use Zone-alarm. And use custom settings. not “recommend” ones. Configure it such that it asks for every program and not decide for its own.
-> before granting access look up that file on net. does it actually needs access? e.g some notepad.exe has no bussiness accessing internet.
-> Make sure file is in right place. i.e if svchost is asking access.. its in windows\system32\ not any other folder like simple windows\
3. Look for suspicious programs on task manger. Always test them on virustotal. That why its distributed among other non-detecting AV too. and remember nod and KIS are not the only ones. sometimes even un-known AV give accurate results.
4. Dont always rely on task manager. Cross check with with “process explorer” (get from micorsoft’s site). its not difficult to hide process from task manger. You may also try the command line taskmanager
5. Look at startup programms. Thats means both which show at msconfig and those which dont. Look for unwanted entries there. Also look at services tab and disable any suspecious/not-needed one. when in doubt google its name:). Try closing explorer from task manger and then run it agian. Is it the only program loading? or something else also loads with it.
6. If you are looking for some crack then try warez-bb and download only from people who have v.i.p status or are well known posts. having 2-4k posts doesn’t means well known. always read replies and remember to scan on virustotal no matter what. and even after that run it on virtual machine.
7. If you use firefox always use master-password. and get no-script addon.
8. Use differnent passwords for differnet sites
9. Dont install scripts you dont trust. This goes for similies and quote scripts too. Same goes for add-ons and toolbars. They can easily have malware in them.
10. Keep checking your forgot password and secuirty questions. and always look at mail forwarding options.
11. You are only as strong as your weekest link. If your friend has your password and he gets hacked. You’ll go down too.
12. If you are going to play with fire be ready to get burned too. Meaning if you are trying keyloggers and bombers etc. chances of yourslef getting hacked go up a lot.
13. Protect your identity. Add only people you know. Keep seprate emails for work/bussiness and for rest of your stuff (orkut, chatting etc.)
For advace yours only:
14. Use wireshack to moniter your traffic.