New, lost, hacked!
Please be patient with me-I’m not a COMPLETE idiot when it comes to technology but I’m not the brightest smart hue-changing lightbulb in the bunch either. In particular, I have 0 experience with networking, firewalls, or anything related to wires. At most I use VPN software.
I have a severe hacking/cyberstalking issue and have for at least two years. Don’t know who but I think it’s more than one person due to speed at which things happen and certain things seem like they were a collaboration. It ranges from emails sent to me from within my own inbox saying “I know you’re at home tonight” to just constantly having to change my passwords besides having 2 passwords and 2fa with my accounts, but they never take money or do anything that would make law enforcement care. In short, I have a nemesis for no reason and they’re formidable and smart.
Currently I live in large house w/family for past few months. Even though one persons emails have been hacked they don’t want to change anything and want to stay on the ISP provided modem/router combo for att uverse adsl. It’s in the middle of the living room. I haven’t been connecting to it usually, but I need new devices and want to have a vpn router. Was told to get Protectli Vault with pfsense but that doesn’t seem good for beginner or for wireless. I do have a 2 pack Eero system but I know I can’t use that as my vpn router, but maybe I could put a vpn router between it and the modem/router Pace combo so I’d have ability to have a wired connection upstairs??
I’m clueless as to what a NAT is-do I want one or not, no idea. The most important thing is that I have a separate network completely from my family, who wants to stay on the local isp and doesn’t want me messing up their connectivity with anything I do. I have a router that I don’t know if it even will work with another router (Pace r5258ac), unused Eero system (but I don’t know if they do the 2 line thing), and am stuck on what other vpn router to get that a security expert I know insists needs pfsense. Any guidance appreciated and sorry so long!
JKnott last edited by
I suspect whatever we can tell you will be beyond your abilities. Maybe you could find someone local to help you. Once you've been hacked, you have far greater problems than a firewall can help.
What are you using for email? That you say your getting emails that say your home tonight? How exactly do you feel this has been sent from inside your mailbox?
I would suggest you look at the actual headers of the message.
Seems pretty far fetched that someone would be able to access your mailbox if your using 2FA.. For someone that just wants to bully you - how exactly are they getting past the 2FA… Are you using just SMS for your 2nd factor or something like google authenticator?
I am with JKnott on this - your going to want to find someone local to look into your issue.
For example gmail shows you exactly when and where your account has been accessed.. And if you look at email headers would show you how it was sent to your mailbox and from what IP, etc..
Attached example of mail headers from pfsense notification of service restart, and below that are details of access to my account, etc.. That email looks like it came from me - the from address is my account. But when looking at the headers you can see from what IP it was sent, etc.
I don’t know how to find someone local that’s advanced enough-geek squad, Apple “geniuses” and definitely isp folks have no idea how to help me and tell me the same thing, “find an expert” or something brilliant like “have you thought of using a password manager?” or “you use antivirus right?” And the email I was using is in fact gmail, it looks like it’s coming from me with the loop back of 127.0.0.1. The only reason it didn’t really scare me is because the msg comes from someone whose first language is not English yet he says he’s my neighbor. A lot of times people think “that’s impossible so she just must be mistaken/crazy” but I’m not-that’s one of many examples. And I use google Authenticator on a usually off phone. It’s unsettling but I’m not giving up.
I appreciate/respect you guys’ honesty, but I don’t know anyone local that doesn’t work for a company or wouldn’t charge an exorbitant fee (I’ve looked at firms that set up honeypots.) So giving me a little bit of room to grow/learn, and I’m willing to spend a lot of time trying, what would your advice be? I’ve read the install instructions for pfsense on the sg1000 and I think I’m capable of doing that. The thing is I have to have a computer for school so I have to do SOMETHING. I don’t wanna just say “well I’m screwed so why try?”
Also, why would a new firewall/vpn router not help if I use all new devices and don’t access my old accounts? I need a little hope here..I suppose I could get a flashrouter but then I wouldn’t learn anything and would be even less in the dark about how hackers do what they do.
GentleJoe last edited by
For now, I would stop using pfsense and use your Eero system.
With Eero, you can pay extra for smart detection on your network, there is a free trial.
Not to sound rude, I have seen threads like this before, and this will sound odd to you.
Make sure you have a working carbon monoxide detector in your home.
Carbon monoxide does mess with your mind.
"it looks like it’s coming from me with the loop back of 127.0.0.1. "
Sorry but no… Post up the headers... And what does the details of access how you?
I don’t have carbon monoxide poisoning or a mental illness. I’ve lived in 3 different places since this started anyway. But thanks…I only have access to a phone at the moment and in the gmail app I can’t look at headers, or I don’t see how. But it says “me” and from: my email address to: my email address. The subject line is “lol nice try” and it was sent shortly after I had set up my email to forward all outgoing mail. It’s not just me that things I’ve been hacked by the way, I didn’t just make it up..a guy working at a computer store said I was definitely hacked two years ago when my first computer crashed. My banking username and password was changed but no money was taken; the bank person on the phone said it had come from the same ip address I always use, so I assume the gmail incident is similar, as in someone remotely accessing my network somehow. Also, Apple confirmed my iPhone was jail broken, but I didn’t jailbreak it and wouldn’t know how to. They said that can’t be done remotely and had to have been someone I know who had access to my phone, but I really don’t think one of the 3 ppl who could have been alone with my phone for a few minutes would or even knows how to do that.
When you said to use the Eero, I don’t have that setup now, I would have to add it, so what makes you think I should use that as opposed to getting something better? I’ve looked into their Pro thing and it’s actually just vpn software that you get a subscription to, and I don’t want to use that particular provider.
Another thing I’ve thought of is getting a separate isp from my family since my Mom had first someone send the ol’ “I’m stranded in the Philippines” email hack and then a couple weeks ago, she had sent out invitations to a party and her friends had texted saying they’d rsvp’d and when she found she was not getting the emails, she found that the replies had been sent to her email, say “bostonMaria,” but instead of @att.net it was being replied to “email@example.com.” Again, just weird-there’s no financial gain or anything from that, it seems the only purpose is to instill fear/annoyance. I got a text from my brother recently saying “you don’t seem like the type to send a Christmas e-card...is [insert email one number off from one of mine] yours?” I had to say “no…no it’s not me, ignore it.” Stuff like this is ongoing. So I could get my own modem set up upstairs with a different company and then use a router. Apparently no one here thinks I should use pfsense...I’m inexperienced but not a total idiot and I really think I could learn if anyone’s with me/willing to help? I’ll post those gmail headers when I get access to a computer also. Thanks.
"But it says “me” and from: my email address to: my email address."
All meaningless I can send you email from firstname.lastname@example.org the from and reply address can be anything - they don't even have to valid at all..
"My banking username and password was changed but no money was taken"
Your username and password change - so somebody elses account? ;)
Sorry but none of sounds legit - more like really bad low budget movie.. Open your email in browser on your phone then ;)
Dude maybe you have split personality and the other you is doing this stuff? Really would love to help you - but all of these seems like trolling wanting attention I have been hacked how do I fix it.. "“I know you’re at home tonight”"
Whats that line - the phone call is coming from inside the house ;)
More than happy to answer any tech questions - post up the full headers of these emails. Post up the details of your account access that was not you if done from your IP.. As I showed you gmail shows you all access into your account when and where, browser - app, IP and time, etc.. Headers on the email will show exactly when it was sent.. Where were you when the emails were sent, etc…
If I thought my computer and phone were hacked I would never trust them again, nor would I trust any backups.
It is coming to the point where I would not trust the hardware that was hacked either but I am not there yet (and I can't afford it).
I would format them, reinstall them. UPDATE THEM TO CURRENT CODE LEVEL, and start from scratch. I would CAREFULLY pull DATA FILES ONLY (documents, spreadsheets, etc) from a backup as necessary.
I would put a firewall (any firewall) between you and everyone else in your house. This will probably be double-NAT but if you only connect outbound, that should be fine. You will be able to connect out - they will not be able to connect in. Sharing wireless with them will probably be impossible so you will need to do your own wireless on your own inside network.
NOTE: anyone in the other network - your family's network, can still play man-in-the-middle with your non-encrypted traffic. JUST LIKE your ISP could (or anyone else in the data path) if they were so inclined. You will need your own infrastructure (ISP connection, etc) to make that not be the case. Use SSL/TLS on everything you do and PAY ATTENTION AND SEEK HELP if you receive any certificate verification errors.
I would make DAMN SURE I was using UNIQUE, SEPARATE, STRONG, RANDOM passwords to access important sites (financial, email, etc). Do not share passwords between sites. Use a password management tool like LastPass to help you both generate and keep track of these passwords.
I would make sure I installed ALL SOFTWARE UPDATES in a timely manner.
I would make sure I DID NOT CLICK ON UNKNOWN LINKS IN EMAIL.
I would not install or update ANY SOFTWARE based on a pop-up prompt. I would note what that says needs to be updated then MANUALLY go to that site to see if there is an update. (as in go to adobe directly to get a flash update - DO NOT FOLLOW a provided link)
It sounds like you need to find someone local whom you trust to do all of this or start learning how to do it yourself. The latter sounds like it will be a long road.
Do you have kids in the house, old enough to be computer literate? Sounds like your kid is screwing with you…
If not, your passwords need to look like this: iA+kL=pmTu2n7}D/6f4A@T9
and not like this: Biggy162
Start using LastPass or 1Password...
I had a similar problem with my mother-in-law, once I removed Admin privileges from her computer account and she hasn't had a problem since...
AR15USR-No, I AM the kid in the house, relatively speaking (I’m not a teenager.) My passwords all look like that, but I don’t use a password manager anymore-my buddy up there will probably not believe me, but my lastpass was hacked. I had a premium account and the master password wouldn’t work one day and when I got my “hint” emailed to me, it had changed. I found a document later on my computer called something like “LASTPASS_EXTRACTION_PHP.”
Johnpoz, I know you aren’t trying to be mean (I hope) but it does hurt to not be believed when you are telling the truth. The bank thing for example, I know it makes no sense, but it really happened, not someone else’s account-I promise I’m not a troll or looking for attention-well actually I am looking for attention in the form of help, but not in the way you are implying. I mean why would someone send my brother an email pretending to be me with a Christmas card? Or change my username? We don’t know, but it FEELS like the point is power/control/to instill fear, because they can. I have a crazy ex or two but other than that I’m at a loss as to why someone would take the time and resources to harass someone with almost no resources. I took your advice and looked up the info from that email on the web and I’ll post it below. Let me know what you make of it.
Derelict-thanks for the advice, much appreciated. I do most of that as far as updating etc. Do you think the double-NAT would significantly slow down either network? If you were me, would you go so far as getting a new ISP separate from them with a modem, router/firewall and access point? That’s what I’m considering so that’s one less thing if something goes wrong to wonder about (“maybe it’s cause I’m still attached to the At&t service.) I don’t trust my devices and am getting new ones, that’s why I want to make sure the network is solid cause I can’t replace any more devices. Also, when you say data files only, do you mean as opposed to photos and music files?
Created at: Mon, Jul 31, 2017 at 2:22 PM (Delivered after 1 second)
Subject: - ɴᴇᴡ ᴍᴇssᴀɢᴇ : ʏᴏᴜ ɢᴏᴛ ᴍᴇ! -PIoI
DKIM: 'PASS' with domain sendgrid.net Learn morecom
Received: by 10.176.74.206 with SMTP id t14csp3910462uae;
Mon, 31 Jul 2017 11:22:36 -0700 (PDT)
X-Received: by 10.99.96.145 with SMTP id u139mr16860246pgb.347.1501525356075;
Mon, 31 Jul 2017 11:22:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1501525356; cv=none;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass email@example.com header.b=x2tFmXjt;
spf=pass (google.com: domain of bounces+5897700-95d0Evieweviefirstname.lastname@example.org designates 126.96.36.199 as permitted sender) smtp.mailfrom=bounces+5897700-95d0-Eviewevieemail@example.com;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: firstname.lastname@example.orgReceived: from o1.0qt.s2shared.sendgrid.net (o1.0qt.s2shared.sendgrid.net. [188.8.131.52])
by mx.google.com with ESMTPS id o32si3595477pld.619.2017.07.31.11.22.35
for email@example.com(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 31 Jul 2017 11:22:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounces+5897700-95d0-Evieweviefirstname.lastname@example.org designates 184.108.40.206 as permitted sender) client-ip=220.127.116.11;
dkim=pass email@example.com header.b=x2tFmXjt;
spf=pass (google.com: domain of bounces+5897700-95d0-Evieweviefirstname.lastname@example.org designates 18.104.22.168 as permitted sender) smtp.mailfrom=bounces+5897700-95d0-Eviewevieemail@example.com;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.net; h=reply-to:to:sender:from:subject:mime-version:content-type:x-feedback-id; s=smtpapi; bh=RXHHFDGx2A4L6SAF5bGP/SXjgYA=; b=x2tFmXjtnRIAwf3WBO RQmkgRbhk4rvjijxs1BpRspKq+g1YuMDKgWocKNx/e2lVbEh2l/5SjnrVyMyPBve aJqVBEW5RId2W96enHn8O8cWAvo7hK9KG0J2b+CeMLoSnLxhCV3sPRlLN/qQdEPW 0fBbH1D8YWXL2lfTWWxN6BLOc=
Received: by filter0227p1las1.sendgrid.net with SMTP id filter0227p1las1-32243-597F756B-9
2017-07-31 18:22:35.689147688 +0000 UTC
Received: from ariane.ens-cachan.fr (celticfree.com [22.214.171.124]) by ismtpd0017p1sin1.sendgrid.net (SG) with ESMTP id HEPlOvx5Tcu7P2Rox5YYgg for firstname.lastname@example.org; Mon, 31 Jul 2017 18:22:35.132 +0000 (UTC)
Date: Mon, 31 Jul 2017 18:22:35 +0000 (UTC)
Reply-To: Mallory Garber email@example.comErrors-To: firstname.lastname@example.orgX-SN-ID: <07312017084445463.SNL_New.e359f8f5-c814-4cd5-842b-62a83066ec47>
To: email@example.comSender: Mallory Garber firstname.lastname@example.orgFrom: email@example.comSubject: - ɴᴇᴡ ᴍᴇssᴀɢᴇ : ʏᴏᴜ ɢᴏᴛ ᴍᴇ! -PIoI
Content-Type: multipart/alternative; boundary="–----_=_NextPart_001_EA07BBAC.41E51F4B"
X-SG-EID: EtOhHV3SACD7nyNbjUA6VuaXxdgKOOcVzuR3ceABBHulLelgxaqekIQiulgX2pPSxxfD67ookQKBQu sMwF5B6rurMi0bxPHiF+aac72FexpCeRWtjeMczfRCil4lzsAj9xkPGwiSCk5ER10LdKoUQzKtSDI0 rUL/JaYezlLRajkcQr+q7FkWg5rVF3L8nlPYA9ApgCQTU/QEYtHRvx3k0g==
I was this 3 days searching for any contact that can make me take a short conversation with you
First i want to tell that i'm a neighbor soory if i can't told you my name cuz i'm shy
I love you; i realy love you an i want to know your opinion about me
i already registred on a chat website you must also register on it if you want to see my pic my phone number..
I know you will like me because i"m beautifull im waiting for you to register and began our conversation
register from this link
Don't be late plz i Know you are Home now and i want to date me tonight if you are free
It will be a special nghit with us
dude its spam…
Sender: Mallory Garber firstname.lastname@example.orgYour saying that is you??
Came from here
How is that a HACK of your email account? This is the sort of email that is scaring you??? Oh my gawd… Dude turn on spam filtering in gmail..
To the sendgrid servers –-> by ismtpd0017p1sin1.sendgrid.net
So that your IP address? 126.96.36.199
which is actually in switzerland
inetnum: 188.8.131.52 - 184.108.40.206
edit: If you want more help have to wait til tmrw - got to go pick up my 4.5 million dollar consignment box from the Secretary us department homeland security ;) heheehe ROFL...
KOM last edited by
For security purposes, I only do my computing on an abacus I built myself.
;D ;D ;D
This concludes the entertainment portion of our program.
If you already did all that you would not be getting infected all the time.
Change your behavior.
Nobody is infected or hack - the kid doesn't understand what spam is ;)
That email didn’t make me feel afraid because it’s obviously not written by someone near me and it’s all links, it looks like spam but it was the first time I had ever gotten something that looked like it was from me to me and it’s still the only time, so yes, it alarmed me cause I thought I was hacked again. I didn’t know about analyzing headers. Plus it came when I’d already found out about jail broken iPhone, Android, lastpass account, bank account, and countless other things. Like when my hotspot changed passwords out of thin air. I was so glad to have the At&t guy there, he was like “whoaaaa what just happened??” Otherwise it’s just “you must be a crackhead.” And of course I already have a spam filter, gmail automatically filters most spam like that. Tbh I still don’t understand that email, I’m not in Switzerland and didn’t have a VPN at the time and why were there several names in that email? What is sendgrid and sales nexus? I’m glad it isn’t hacked. With protonmail, I emailed the FTC to ask about something and got a response. I thought the reply was odd so I called and she said “that’s not us, someone had to have access to your account to be able to write that.” Which is a protonmail account with two passwords and an Authenticator app. This is why I assume the worst sometimes, cause it seems like impossible things are possible. It’s so frustrating to be painted as crazy or stupid, when one person I know who is an actual genius who invented something you have all definitely heard of has said “that is definitely not normal.” But I don’t know him well/he doesn’t live here anymore. He could sort me out in a minute.
Derelict, I hear what you’re saying, but I have strong passwords, use 2fa, update everything, don’t download sketchy stuff, there has to be something I’m missing or some link since it’s happened on so many devices with so many accounts.
Do you have advice about where to go to educate myself about networks and security? Books to read? The bottom line is I still have to set up a network whether you think I’m crazy or lying or mistaken or stupid. Let’s say I’m all 4, and smoking crack at this very minute. What would your advice be about setting up a VPN router? Well minus the crack part; you’d probably say something else. My point is, advice for anyone struggling with security for whatever reason.
JKnott last edited by
My point is, advice for anyone struggling with security for whatever reason.
The problem is security is a very large area and there's no way we can teach you all that. Our focus here is a firewall and while we may know other areas, we can't provide a complete course, to someone who doesn't even understand networking basics. It's not that we don't want to help, but you really need someone nearby who can help, look at your computer etc. We simply can't do that.
Dude I have been doing this for over 30 years, getting paid to do it for 25.. Before there were real computers and "networks" ;)
Just not possible to "teach" you security in a few posts… I can answer your questions on how to block or allow something specific in firewall rules.. More than happy to help you understand how to read the headers in an email message, etc.
But you have not given any actual evidence of being "hacked" more you have seen 1 too many movies or tv shows.. Did you just binge watch some episodes of Mr Robot? ;)
Turning on pfsense is not going to fix your issue or really make you any more secure from being "hacked" than any off the shelf router.. When it comes down to it out of the box they do the same thing - they block unsolicited inbound and allow you out via a nat. Its not a magic box you turn on and it makes your network secure from being "hacked"..
It just a tool you use to secure your network.. But without the understanding of how to use the tool, its not some magic thing you turn on.. Many new users hear oh I can turn on IPS and will be secure from hackers - sorry it doesn't work that way. If anything going to block the user from what they want to do when they want to do it.. And provide them with so much information it will just be overload of info they do not understand anyway..
For all we know you bought your phone off ebay and was jailbroken when you got it.. As to your bank account username and password being changed - sorry makes no sense.. Why would someone do that? And then not take any money? Come on did you maybe forget your password? And the username you norm use wouldn't work so its different than the normal username you pick... Maybe you smoked a bit of thee good stuff and got a bit paranoid after watching mr robot and thought someone changed your password - ie "hacked" you...
Don't mean to make fun - You got some p0rn spam that said it was from you and your getting hacked? ??