Hijacking?!

Use this forum for title suggestions, bitching at moderators, whining about phpBB, and grand ideas that will solve all of Song Fight's problems.
Post Reply
tonetripper
Mean Street
Posts: 705
Joined: Sat Sep 25, 2004 10:58 am
Instruments: Bass, Vocals, Guitar, Drums, Sitar, Theremin, Lap Steel, Djembe
Recording Method: Cubase 6, Live 7, Reason 5, UAD 2, MOTU Ultralite, Mackie 1620i onyx
Submitting as: tonetripper, redcar, gert, draft and others
Location: Toronto, Canada
Contact:

Hijacking?!

Post by tonetripper »

So, as of recent it has come to my attention that my computer has been hijacked by some unknown person. Also that this hijacking seems to somehow inhibit my dealings with Songfight. I don't know if it's related or not, nor do I care, but I would like to get some knowhow from some people in the know on how to best deal with this theft of IP address. It's very disconcerting and annoying to say the least. Good on one level to understand what it is that would be attracting people to hijack my address and this time my browser as it gives me info on how to deal with it. Any of you using Proxy servers to beat this violation of personal movement on the net? This probably would be directed at PC users and not Mac users.

Pablo
Image
HeuristicsInc
Beat It
Posts: 5297
Joined: Sat Sep 25, 2004 6:14 pm
Instruments: Synths
Recording Method: Windows computer, Acid, Synths etc.
Submitting as: Heuristics Inc. (duh) + collabs
Pronouns: he/him
Location: Maryland USA
Contact:

Post by HeuristicsInc »

it might help if you explain what you've been seeing.
-bill
152612141617123326211316121416172329292119162316331829382412351416132117152332252921
http://heuristicsinc.com
Liner Notes
SF Lyric Ideas
User avatar
MintyHandy
Mean Street
Posts: 564
Joined: Tue Mar 08, 2005 5:00 pm
Instruments: None
Recording Method: None

Post by MintyHandy »

Someone using your IP address is different from someone hijacking your computer. Cough up some details and I'll see what I can figure out. Be sure to include your ISP connection type (cable, DSL, dial-up, etc.) when you do. :)

Oh, and if it's DSL or Cable, do you have a static or dynamic IP?

And if the above didn't make any sense, send what you can and we'll figure it out.
tonetripper
Mean Street
Posts: 705
Joined: Sat Sep 25, 2004 10:58 am
Instruments: Bass, Vocals, Guitar, Drums, Sitar, Theremin, Lap Steel, Djembe
Recording Method: Cubase 6, Live 7, Reason 5, UAD 2, MOTU Ultralite, Mackie 1620i onyx
Submitting as: tonetripper, redcar, gert, draft and others
Location: Toronto, Canada
Contact:

Post by tonetripper »

So my ISP is Bell here in T.O. which is High Speed. I'm running through a router which assumedly has a hardware firewall with PSK encryption. It seems that the Hijacker(s) go after a system 32 dealy to get into my computer. It slows my computer down like mollasses and doesn't allow me to go on line, eventually. It seems to stop everything to do with SF and whatever link that gets to that ISP is for that area. I then ran Adaware 6.0 and found the HKEY_LOCAL etc. and it was my IE browser that they had hijacked and in quotes in brackets it said "about blank". I ofcourse quarantined the issue. I did a trace route, which I sent to JB and my ISP to determine the issue. It seems it stopped in Houston somewhere in ev1.

Here it is as it stood (1's not there to protect my own IP):

C:\Documents and Settings\default>tracert songfight.org
Tracing route to songfight.org [216.127.80.132]
over a maximum of 30 hops:
2 10 ms 10 ms 8 ms HSE-Montreal-ppp108743.qc.sympatico.ca [64.230.
97.230]
3 7 ms 7 ms 7 ms 64.230.229.105
4 7 ms 7 ms 7 ms HSE-Montreal-ppp111158.qc.sympatico.ca [64.230.
07.105]
5 18 ms 18 ms 18 ms core1-chicago23-pos0-0.in.bellnexxia.net [206.1
8.103.130]
6 18 ms 18 ms 18 ms HSE-Sherbrooke-ppp98903.qc.sympatico.ca [64.230
223.42]
7 18 ms 17 ms 18 ms eqix.chcg.twtelecom.net [206.223.119.36]
8 18 ms 18 ms 18 ms core-01-so-4-1-0-0.chcg.twtelecom.net [66.192.2
4.37]
9 39 ms 39 ms 39 ms core-01-so-1-0-0-0.dlfw.twtelecom.net [66.192.2
5.92]
10 43 ms 43 ms 43 ms dist-01-so-1-0-0-0.hsto.twtelecom.net [66.192.2
6.19]
11 57 ms 43 ms 43 ms hagg-02-ge-2-3-0-506.hsto.twtelecom.net [66.192
246.127]
12 44 ms 45 ms 44 ms 216-54-253-2.gen.twtelecom.net [216.54.253.2]
13 45 ms 45 ms 44 ms ivhou-207-218-245-27.ev1.net [207.218.245.27]
14 59 ms 59 ms 58 ms ivhou-207-218-245-122.ev1.net [207.218.245.122]
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.

This happened for .net, .org, and johnorama.com. I'm also pretty sure it's not an open link as there seemed to be no problem with my ISP for getting there. Anyway it's very disconcerting to say the least. Whoever's doing it might eventually get bit. I'm just putting the word out there as it is pretty uncool to have this happen to you. Lack of freedom in surfing I mean and I'm hoping some of you might have insight into a nagging problem and maybe how to rectify the pests that are bogging down my machine.

;p
Image
deshead
Panama
Posts: 875
Joined: Tue Nov 16, 2004 2:44 am
Location: Toronto
Contact:

Post by deshead »

Every Sympatico user I know has a problem reaching Songfight, and their traceroutes stop at EV1 too. I don't think it has anything to do with a trojan (which the top of your message seems to be describing,) because the problem is intermittent.

When you can't reach Songfight, are other sites slow too?

Aside: a trojan whose sole purpose is hijacking Songfight votes. That'd be sweet... Your vote for deshead has been recorded!
User avatar
Spud
Hot for Teacher
Posts: 4770
Joined: Fri Sep 24, 2004 10:25 am
Instruments: Bass, Keyboards, eHorn
Submitting as: Octothorpe
Location: Seattle
Contact:

Post by Spud »

I suspect that there are two separate problems here. The first regarding not being able to reach songfight.org may be ISP specific. The second, regarding spyware, is also troubling. Believe it or not, I have found Microsoft's ani-spyware beta most useful: http://www.microsoft.com/athome/securit ... fault.mspx
"I only listen to good music. And Octothorpe." - Marcus Kellis
Song Fight! The Rockening
c hack
Panama
Posts: 800
Joined: Sat Sep 25, 2004 4:12 pm
Location: Cambridge, MA
Contact:

Post by c hack »

The obvious solution here is to plop down $500 for a mac mini and marvel at your newfound lack of computer-related stress. :P
<a href="http://www.c-hack.com">c-hack.com</a> | <a href="http://www.rootrecords.org">rootrecords.org</a>
tonetripper
Mean Street
Posts: 705
Joined: Sat Sep 25, 2004 10:58 am
Instruments: Bass, Vocals, Guitar, Drums, Sitar, Theremin, Lap Steel, Djembe
Recording Method: Cubase 6, Live 7, Reason 5, UAD 2, MOTU Ultralite, Mackie 1620i onyx
Submitting as: tonetripper, redcar, gert, draft and others
Location: Toronto, Canada
Contact:

Post by tonetripper »

Thanks for the info Spud. I'm installing now. It would seem that I've had some issues with hijacking for a while. It also is clear to me that Songfight and related sites were the first to go. Then my computer connection slowed up. Anyway, I'm running that program now. Thanks for that Spud.

And C. Hack, don't think I haven't been thinking that these days........ Those IMac G5s are a nice piece of hardware and dead sexy......
Image
User avatar
jb
Hot for Teacher
Posts: 4159
Joined: Sat Sep 25, 2004 10:12 am
Instruments: Guitar, Cello, Keys, Uke, Vox, Perc
Recording Method: Logic X
Submitting as: The John Benjamin Band
Pronouns: he/him
Location: WASHINGTON, DC
Contact:

Post by jb »

Tone, can you get to bradsucks.net?

Send me a new traceroute too please.

I'm fighting with EV1 about this issue right now. There are people all over the place who can't get to the server, but they can apparently get to Brad's, which is also on EV1. The last couple times I've addressed this issue with EV1 Tech Support, they've just said "It's the ISP's problem". But dammit, what the fuck do I do about THAT especially when they can get to brad's server? So I'm getting rather peeved, and any info anyone can pass along will be appreciated. If it comes down to moving the server, that will happen. I'm just about fed up.
blippity blop ya don’t stop heyyyyyyyyy
tonetripper
Mean Street
Posts: 705
Joined: Sat Sep 25, 2004 10:58 am
Instruments: Bass, Vocals, Guitar, Drums, Sitar, Theremin, Lap Steel, Djembe
Recording Method: Cubase 6, Live 7, Reason 5, UAD 2, MOTU Ultralite, Mackie 1620i onyx
Submitting as: tonetripper, redcar, gert, draft and others
Location: Toronto, Canada
Contact:

Post by tonetripper »

Once I managed to get rid of the spyware that seemed to be controlling my Internet browser (IE - now using another) I'm able to get to wherever I want to. Thanks to Spud. Adaware was just quarantining it, and that Microsoft spyware removed it. They managed to hijack my browser I'm figuring, but when I spoke to my ISP about the trace route prior to the knowledge of the hijacking, they could get to SF, but there was a time out in Houston again when they ran the trace route. It seems to get stopped up at the same point. I'm thinking that there is an open link or something at that junction, so if you do get screwed by someone hijacking your machine it just might make it that much more impossible to get to your site where your ISP is feeding to and from. There is a trace route in this thread, but I did send you an e-mail in your g-mail account. john.benjamin@gmail.com. This was ofcourse done before I went to see my computer technician about the issue and found out I got hijacked again. Fuckers!!!

Fluffy said that in MirC that it's been a longstanding issue with ev1 and if you get a on a bad block you're as good as gone in the world of SF. As it is it's not the first time I've encoutered issues of not being able to get to SF and the lot. Bradsucks never seems to be an issue, so that is puzzling. Go check your gmail jb. That should give you some ammo with your server and the issue in Houston. Houston we have a problem....... sorry had to say it.

Sorry (edit) I'm running a new trace route now jb and the same IP address comes up when it times out and it is EV1 in houston. I'll send the new one, but I'm pretty sure it's the same as the one I sent. Hmmmm.
Image
boltoph
Panama
Posts: 775
Joined: Mon Jan 03, 2005 9:21 am
Submitting as: Gert
Location: Boston, MA
Contact:

Post by boltoph »

whoa...I'm glad I'm on a Mac! for now at least...Bastards!!! I'm gettin a little pissed just reading this. ARGH.
deshead
Panama
Posts: 875
Joined: Tue Nov 16, 2004 2:44 am
Location: Toronto
Contact:

Post by deshead »

jb wrote:Send me a new traceroute too please.
Here's something interesting: I'm on Rogers, and never have trouble reaching Songfight. But my traceroute fails at exactly the same point as TT's! The last 3 lines are:
...
14 71 ms 72 ms 95 ms 216.200.251.29.ev1.net [216.200.251.29]
15 * 58 ms 58 ms ivhou-207-218-245-28.ev1.net [207.218.245.28]
16 57 ms 57 ms 56 ms ivhou-207-218-245-122.ev1.net [207.218.245.122]


I also tried it from my machine at Peer1 Networks, and same thing:
...
12 44 ms 43 ms 44 ms hstntx1wce2-everyonesinternet-gige.wcg.net [65.77.93.54]
13 44 ms 44 ms 45 ms ivhou-207-218-245-28.ev1.net [207.218.245.28]
14 44 ms 44 ms 44 ms ivhou-207-218-245-122.ev1.net [207.218.245.122]


And for good measure, I tried it from here too: http://www.t1shopper.com/tools/traceroute/

Same result.
jb wrote:I'm fighting with EV1 about this issue right now. There are people all over the place who can't get to the server, but they can apparently get to Brad's, which is also on EV1.
FWIW, my traceroute on Rogers to bradsucks.net ends like this:

13 54 ms 50 ms 49 ms so-0-0-0.mpr1.atl6.us.above.net [64.125.27.49]
14 72 ms 72 ms 76 ms so-3-3-0.mpr2.iah1.us.above.net [64.125.29.66]
15 57 ms 75 ms 56 ms 216.200.251.53.ev1.net [216.200.251.53]
16 61 ms 63 ms 56 ms ivhou-207-218-245-28.ev1.net [207.218.245.28]
17 63 ms 57 ms 59 ms ivhou-207-218-245-109.ev1.net [207.218.245.109]
18 57 ms 60 ms 72 ms ns1.stayhosted.com [66.98.220.52]


I'm assuming StayHosted.com runs in the EV1 datacenter .. But the address block is completely different than Songfight, and the traceroute succeeds, which suggests EV1 is routing the blocks differently.
jb wrote:If it comes down to moving the server, that will happen.
I wonder if it would help to get a new IP address? Tell them you want an address outside of the 216.127.64.0/19 block. Preferably one in the 66.98.128.0/17 block (that block that Brad's in) 'cause you know it works.
User avatar
c.layne
Push Comes to Shove
Posts: 434
Joined: Sun Sep 26, 2004 5:13 pm
Instruments: Fuckin VSTs
Recording Method: Ableton Live 11
Submitting as: c.layne
Pronouns: he/him
Location: Christmas Island
Contact:

Post by c.layne »

i amazed that i just read this whole thread for some unknown reason. i didn't understand a goddamn word.
Post Reply