![\"bad1\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/bad1-300x188.png\" "\\"bad1\\"")
<\/p>\nI\u00a0 was away\u00a0 from home for a week and returned back yesterday evening.\u00a0 As I had a weeks emails pending, the first thing I did after reaching home was to\u00a0 access gmail. To my horror,\u00a0 google was telling me that I am providing a wrong password. Then, I tried to log in to my blog. I found out that my blog has been defaced. I was getting the following screens, Some Arabic bymn was played in the background.<\/p>\n
<\/p>\n
![\"bader2010\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/bas2-300x191.png\" "\\"bader2010\\"")
<\/p>\n
This page <\/a>will give you some more information on how a hacked page look like. \u00a0\u00a0 I contacted my web hosting provider\u00a0 and got the password for the site reset and the site was\u00a0 back with in my control.<\/p>\n However\u00a0 gmail id\u00a0 was my lifeline and I had to recover it at any cost. I tried to\u00a0 recover my password from the gmail login page as below.<\/p>\n The next page had these options. I selected my account has\u00a0 been compromised\u00a0 which gave me the following link.<\/p>\n The account recovery page<\/a> is here. Have a look at it.\u00a0 Your scucess in retrieving the\u00a0 account lies in accurate answers in this page. I filled out the following sections.<\/p>\n Fortunately, I remembered who invited me to gmail.( I\u00a0 had a gmail account at a time when gmail invites were sold on ebay).\u00a0\u00a0 Also, I use filters and labels heavily for handling mail.\u00a0\u00a0 There was some fuzziness with dates , still I could approximate it.\u00a0\u00a0 I have a couple of blogs linked to the account and an orkut profile. I knew only the url of my blog on blogspot.\u00a0 I\u00a0 was very skeptical whether I will get it back. I submitted and waited\u00a0 any response form google.\u00a0 About an hour later I recievd the following mail from google.<\/p>\n I reset the password and\u00a0 retrived my account.\u00a0 The attaker had tried to capture some of my other\u00a0 on line assets from the gmail id. Some of\u00a0 the automated responses had his IP address logged( or it might be a proxy). I traced the attacking\u00a0 IP\u00a0 to Saudi Arabia.<\/p>\n Why I lost my account ?<\/strong><\/p>\n <\/strong><\/p>\n There\u00a0 may be several reasons. Here are some of my assumptions .<\/p>\n a) I had a weak password. ( 6 letters and that too based on a dictionary word)<\/p>\n b) I had enabled POP3 access for my gmail account, even though I was not using it. There are plenty of scripts like this <\/a>available on the Internet\u00a0 for\u00a0 brute force\u00a0 attack on gmail accounts via POP3.<\/p>\n c) I had used my account from a friends place last week\u00a0 on a windows XP machine. May be that machine has a key logger installed and the attacker might have obtained the password via IRC\u00a0 from there.\u00a0 I cheeked my home machines\u00a0 for\u00a0 any possible root kits,\u00a0 but I could not find any.\u00a0\u00a0 My windows machines do not have internet access.<\/p>\n d) Some one might have stolen the password from one of the machines that I use at college. ( As we are having vacation now , I\u00a0 can safely rule out this possibility)<\/p>\n What\u00a0 information one must keep about\u00a0 google accounts.<\/strong><\/p>\n 1) <\/strong>If some one invited to a gmail account ,\u00a0 keep the email.\u00a0 It can save you a lot of trouble.\u00a0 It will give you some idea about the date of creation\u00a0 of your account.<\/p>\n 2)\u00a0 If you use labeling and filters , remember the labels.\u00a0 You can give easy to remember names\u00a0 and\u00a0 context relevant labels to your mail.<\/p>\n 3)\u00a0 Even if you are not blogging , create a blog on blogspot . The URL of the blog can be an important information.<\/p>\n 4)\u00a0 Email addresses are not by hearted as phone numbers.\u00a0 So export the your gmail contact list to a file and keep it. The account recovery page asks for\u00a0\u00a0 up to five frequently contacted email ids. ( Click on contacts on the left side of any gmail page and select export to save the contacts.)<\/p>\n 5) Set up a secondary email id\u00a0 and give it a different password.\u00a0 ( You can use Settings->Accounts->google account settings-change security question for this.)<\/p>\n 6) Set up a\u00a0 security question.\u00a0 It can save you a lot of trouble.<\/p>\n 7) If you use orkut, keep the URL of your orkut profile.<\/p>\n You can obtain it from your orkut home page as shown in the figure below.<\/p>\n 9) Disable POP3 and IMAP if you are not using them.<\/p>\n 10 Use a Strong password. This is the most important step.\u00a0 In the change password page, make sure that your password is strong as shown in the picture\u00a0 below.<\/p>\n I\u00a0 was away\u00a0 from home for a week and returned back yesterday evening.\u00a0 As I had a weeks emails pending, the first thing I did after reaching home was to\u00a0 access gmail. To my horror,\u00a0 google was telling me that I am providing a wrong password. Then, I tried to log in to my blog.… Continue reading Hacked by Bader2010<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,4],"tags":[46],"class_list":["post-461","post","type-post","status-publish","format-standard","hentry","category-computers","category-electronics","tag-bader2010"],"_links":{"self":[{"href":"https:\/\/brainstorms.in\/index.php?rest_route=\/wp\/v2\/posts\/461","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brainstorms.in\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brainstorms.in\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brainstorms.in\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/brainstorms.in\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=461"}],"version-history":[{"count":10,"href":"https:\/\/brainstorms.in\/index.php?rest_route=\/wp\/v2\/posts\/461\/revisions"}],"predecessor-version":[{"id":481,"href":"https:\/\/brainstorms.in\/index.php?rest_route=\/wp\/v2\/posts\/461\/revisions\/481"}],"wp:attachment":[{"href":"https:\/\/brainstorms.in\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brainstorms.in\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brainstorms.in\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"google1\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/google1.png\" "\\"google1\\"")
<\/p>\n![\"google2\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/google2.png\" "\\"google2\\"")
<\/p>\n![\"google4\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/google4.png\" "\\"google4\\"")
<\/p>\n![\"google51\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/google51-1024x595.png\" "\\"google51\\"")
<\/p>\n![\"google6\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/google6.png\" "\\"google6\\"")
<\/p>\n![\"google7\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/google7.png\" "\\"google7\\"")
<\/p>\n![\"orkut\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/orkut.jpg\" "\\"orkut\\"")
<\/p>\n![\"gmialpass\"](\"http:\/\/brainstorms.in\/wp-content\/uploads\/2009\/05\/gmialpass.png\" "\\"gmialpass\\"")
<\/p>\n","protected":false},"excerpt":{"rendered":"