Tech Support banner
Status
Not open for further replies.
1 - 13 of 13 Posts

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Discussion Starter · #1 ·
One of my customers contacted me stating that someone has hacked her sons myspace account. From what I understand there is a code these kids are using to enter their profile. They are posting obsene pics and sending female friends emails. He has changed his password but the kid keeps getting in.
What would be the best course of action for her to take. Her son has reported this to myspace quite a few times with no response.
Can these kids also hack their computers or would this be limited to myspace profile?
Anyone familiar with this type of hacking, I for one never studied up on hacking and am unsure on how it is done.
I dont want you to describe how to hack as this is forbidden in the forum, I just want to know how she can prevent this from happening again and are her computers in danger of this also.

Thanks in advance,
TJ
 

·
TSF Enthusiast
Joined
·
6,298 Posts
If this kid's computer got owned, then it would explain how the attacker keeps getting his password. There's no magic code I've heard of to login to any myspace.

I read an article in 2600 about myspace hacking, and a lot of it is social- if his password is easy to guess, then it'll probably get hacked. If his email account was compromised, then the attacker also has access to myspace's email reset function, etc.
 

·
Roaming To Help
Joined
·
5,667 Posts
Password cracking is v.easy nowadays and so is site hacking. Password cracking can be eliminated or at least made difficult by choosing letters and mixed long character passwords.

Computer hacking is different. It'll be through net services initially. Do a port scan to see what is open thats shouldn't be and block it. Monitor your net/port activity through a firewall, which'll give you an indication as to what is happening from your side or otherwise. Anything such as Wireshark network protocol analyzer will inform you of very inbound and outbound attempt, if you suspect something odd.

The computer won't be hacked if a good firewall like Comodo is running and no P2P software is running on the system with open TCP/UDP ports. Don't access the site or account that is hacked, as attempts will easily be made to get into a computer of an account thats hacked. Better still, don't answer any emails from the site for a while, change their passwords from webmail and it shouldn't be a problem in any sphere.

The first line of defense is a good firewall and blocked ports that are unnecessary to usual use I would say.
 

·
Registered
Joined
·
6,574 Posts
There are codes that can be exploited.

Tell you customer to have their son change his profile layout code.
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Discussion Starter · #6 ·
Thats exactly what I did POADB. I read in the below link to go to the About Me section and delete the following code:

embed allowscriptaccess="never" src=
"http://i105.photobucket.com
/albums/mff225/yrkblack/redirect.sw"


We also changed his email addy and password again, I told him to keep me posted.

The solution is rather simple: Go to your home page, and click on edit profile, remove the line below (and only the line below) from your About Me section: (I added some "f's" to the code so it won't work here)

fembed ffallowscriptaccess="fnever" src=
"fhttp://i105.photobucket.com
/albums/mff225/yrkblack/redirecft.swf"
BY SPAIRLKAIFS
http://chaseandsam.com/2006/07/myspace-hack-spreading-like-wildfire.html
 

·
Roaming To Help
Joined
·
5,667 Posts
IF they're already hacked, chances are they can't do this. Even then its easily exploitable. It could very easily return an error and custom layouts are more difficult.
Best not to do too much viewing of other people's accounts until Myspace fixes this problem.
It depends how he was hacked. He could be hacked and be seeing a duplicate version of Myspace that is totally bogus in actual fact only there for the personal details. This particular hack, now that we know a little more specifically, is all based on redirected Flash. Coding is server side too.

The first code should have an "f" at the end anyway.
 

·
Registered
Joined
·
1 Posts
I've read a lot of myspace blog that talk about this problem. based on what i've seen, there's actually a phished site, one that looks like the login page of myspace, circulating in the net. what happens is that people are tricked to fill in their login details in this page; they don't know that the system is already saving their login details into their database. that explains why many myspace profiles get hacked these days, including Tom's.
 

·
Registered
Joined
·
169 Posts
I just want to know how she can prevent this from happening again
TJ
I know the following may seem rude; and to many of you, my views toward myspace may seem quite ignorant.

Lose the myspace account. That is the best way to keep it from happening again. Limit privileges in Windows.

If you have children, have open access to their drives. Snoop once in a while. I know I sound like a Nazi, but you have to protect your kids.

Do the math... Millions of users under 18 + myspace = Internet predator's playground.

Myspace, BHOs, Limewire, IM, are security nightmares. If these are frequently used, may as well post a HJT log, because you have garbage. I will never understand this current rage of myspace and viewing crappy amateur youtube b*******.

I remember when you would actually talk to a person in person. I know people that text and communicate over myspace THAT LIVE WITHIN 100 FEET OF EACH OTHER!!!!!!!!!

Me no understand.
 

·
Registered
Joined
·
153 Posts
I had one get hacked once. It did exactly as you described, whoever or whatever program did it sent obsene messages to people on my friends list. I just closed that account and opened a new account and had no problems since.

And hopper, do you have an e-mail account? I bet there's someone sitting around thinking "I can't understand this new rage of e-mail and internet message forums...I remember when you would actually talk to a person in person..." :laugh: Myspace is just e-mail with pictures and elaborate profiles. Nothing on myspace is fundamentally different then what dial up AOL was doing 10 years ago with a screen name, e-mail, buddy list, IM, and message forums wrapped up in one package.
 

·
Registered
Joined
·
2,976 Posts
I know the following may seem rude; and to many of you, my views toward myspace may seem quite ignorant.

Lose the myspace account. That is the best way to keep it from happening again. Limit privileges in Windows.

If you have children, have open access to their drives. Snoop once in a while. I know I sound like a Nazi, but you have to protect your kids.

Do the math... Millions of users under 18 + myspace = Internet predator's playground.

Myspace, BHOs, Limewire, IM, are security nightmares. If these are frequently used, may as well post a HJT log, because you have garbage. I will never understand this current rage of myspace and viewing crappy amateur youtube b*******.

I remember when you would actually talk to a person in person. I know people that text and communicate over myspace THAT LIVE WITHIN 100 FEET OF EACH OTHER!!!!!!!!!

Me no understand.
thats a little bit extreme there. especially accusing Instant messenger programs of screwing stuff up ? never heard of that before, the reasons for most of the issues is that the user is very ignorant and or doesnt know how to use the programs safely.

and whats the rage about youtube ? please keep your propaganda or extreme views off of here it will just cause anger.

@geekgirl
myspace is a breeding ground for script kiddies, thers tonns of phishing sites and also scripts wich run in html or flash.
The easiest is to make sure nothings on his computer,change the email and the password. also check if there is any weird thing in his comments ! cause some ppl can post the attack code via posting a comment.

best regards
 

·
Registered
Joined
·
30 Posts
I agree, it's critical to keep a close watch on your kids online. I annoyed the heck out of my boys when they were younger, we had the computer in a public place in the house, were we could stop by and see what they were doing. Didn't let them have internet access until they were 14 and 15, at our house anyway.
Yep, my Myspace profile was hacked, but I think I know how- I clicked on several fake bulletins. Anyway, I tossed my old profile, just set up a new one, and am going to be smarter this time.
But, Myspace still hangs the computer at times, even when I'm not logged into my profile, weird.
 

·
Registered
Joined
·
95 Posts
Well I didn't read all posts so whatever.

Maybe it's phishing.. so
this is a type of cracking/hacking a myspace password.
We should all know what phishing is..

* is the act of tricking someone into giving them confidential information or tricking them into doing something that they normally wouldn’t do or shouldn’t do. For example: sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Anyways yeah, People set up a fake source page of the myspace login page, to trick them that they have to log in to steal the email/password.
Tell their kid, to make sure to look at the address bar first and says ethier " login.myspace.com " or " myspace.com ".

This is only limited to myspace only, if its just a source page ( ex: www.igeeks.info/PHISHER.html ).
Some phishers have tricky things to trick you into doing other stuff or downloading infections to harm you PC, But most are just source pages to steal website information.

Correct me if I'm wrong with this, From my experience this is what I know.
:)

Edit: Yes frags posted what I pretty much said. :p
 
1 - 13 of 13 Posts
Status
Not open for further replies.
Top