Okay, it looks like the "hackers" who got me are up to old tricks again. So.
NOTE ADDED 3/12: The hackers are now posting to comms they've hacked warning against hackers and linking to "me", as many other comm mods have done. Except the link goes to their creepy spampage instead, and they've hilariously mis-spelled my name. Note sarcasm.
I fucking hate how paranoid this sounds but: if you see a warning post, or a suspicious post of any nature, for god's sake hover your mouse over the link and check the URL that shows up in the lower left corner of your browser to make sure it's actually directing you where it says it is. If you don't recognise any part of the URL, don't click.
And onwards.
HOW TO PROTECT YOURSELF FROM LOW TECH FAIRLY INGENIOUS HACKERS
By Sam Starbuck, Age 29 1/2
PLEASE NOTE: These hackers usually target high-traffic journals and moderators of high-traffic communities. If you are either of the aforementioned, you are especially at risk. If you do not moderate any comms and have a relatively small flist you are not high-risk for this hack.
1. These hackers get your password by re-creating an email address that you have allowed to lapse (in my case, copperbadge@hotmail.com ). I did not have control of this hotmail account and hotmail had purged it, so they were able to register it. Because it was the originating email address on the account I could not remove it (this can now be done, see below). They had the password sent there, changed the password, and then hacked me.
TO REMOVE AN EMAIL ADDRESS YOU HAVE ALLOWED TO LAPSE: you will need to have a second validated email address for six months or more. Go here and remove any addresses that are no longer in your control, or re-register them so that you control them.
2. These hackers got my password because I did not have a security question enabled. If you enable a security question then anyone attempting to get your password sent to an email address will have to answer a security question first. This includes you, so REMEMBER THE ANSWER.
TO ENABLE SECURITY QUESTIONS: go here.
3. To report the hackage to LJ, go here and provide them with as much information as you can -- username, all known email addresses for the journal, communities you have moderating or posting access to. Do not report this to the ordinary complaints page, as your report will not be fast tracked. After I reported my hackage, it took them about a day to get back to me. I had no communication until they had restored control to me. Expect this.
Once you've reported the hack, contact any co-mods you have ASAP to remove you as moderator on comms you mod. If they still have control, tell them to post to any given community you're on to warn people you've been hacked and not to click the goddamn link. This may not come in time, as they also use your account to lock out other moderators and deny posting access to other community members.
If you have phone or email posting enabled, post an explanation and warning through that -- you should still be able to get your post through to your journal. It will probably show up under the hackerpost, because they postdate; nothing you can do about that.
4. Once they are in, these hackers systematically delete every entry you have ever made and put up a new one with a link to a site that may contain spyware. No, you will never get those entries back. I'm sorry. You may be able to recover the text from googlecache or wayback machine, or if you have a mirror on IJ/JF, or if you have a google feed. I used a combination of all four to get about 80% of my entries back, but did not get many comments back. I'm not going to post a bunch of links here; you can read through my picking up the pieces tag for more info on how I recovered my entries.
TO MAKE SURE YOUR LJ IS BACKED UP: look up LJSec or LJArchive. I've had more success with LJSec. These will download your journal entries and comments to your hard drive. You can also set up a google-reader feed to preserve your entries, but I've no idea how.
5. If you clicked a link from a hacked individual, it may have taken you to a page with spyware in it. You may have spyware on your computer, or a keylogger. It's that simple. Yes, even if the link appeared to be dead or you hit the back button rilly rilly quickly. Yes, even if you have virus-scan software. Look up AdAware and run it on your computer. Yes, a keylogger logs EVERYTHING YOU TYPE. No, it does not log things you type into LJ or email from ANOTHER COMPUTER. Yes, I really got that question, more than once.
I am leaving comments open but please be aware that I am not LJ Tech Support nor am I in contact with anyone else who has been hacked. If you ask a question that is answered in this post or that you could get the answer to from Google or the LJ FAQ, I will probably not reply, though someone else might. Mac users, I have minimal Mac experience; if you post here someone else might help you, but I can't.
If you would like to use this post as a messageboard to contact people who have been hacked or to let people know you have been hacked, please feel free.
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
copperbadge) wrote,
