How to know that your computer is hacked and what to do about it
Many a times when a computer is hacked, the user does not even get to know about it and fails to take measures to recover the machine. This article tells how to detect the presence of an intruder and take corrective measures.
Many a times when a computer is hacked, the user does not even get to know about it. This is because the hacker does not want to reveal his presence. By hiding open connections, processes, system resource use and file access, hackers look almost invisible. The more sophisticated a hacker is, the more invisible he will be and you might never get to know that your machine was compromised. This protects him from legal issues and helps succeed in his purpose without any resistance from the system owner.
On the other hand, the sooner you discover that your system is compromised, the greater are your chances of getting it free from the hacker. The less time a hacker has on your system, the less damage he can do which you can easily repair later. Thus, the following ways will help you detect the presence of an intruder in your system.
How to know that your computer is hacked?
Use alert systems
The most important way to secure your system against hackers is to use alert systems that tell you when someone tries to break-in. Ideally, successful as well as attempted attacks should be informed. You must use full-blown Intrusion Detection Systems (IDS) which also identify outbound attacks from your computer.
Note web page defacement
If you have your a website or blog, you must not overlook any kind of defacement on web page. A newbie hacker or one which does not want to hide that the system is hacked, will replace the content on your website, especially on home page. This might be his way of announcing a successful crack.
Note any dramatic decrease in disk space
Crackers often use your computer to store any illegal or cracked commercial software versions and eat up your free space. They do not use their own computers to store such programs. Check your output regularly to know the current disk usage.
Note unexplained CPU usage
If your computer suddenly becomes slow or has unexplained CPU usage, it could be that a cracker (a hacker with criminal intent) is running password-cracking programs on your system. These programs are very CPU intensive.
Note high network usage
If you suspect your network usage to be more than what you expected, check the output to see what connections exist. It might be that an intruder is using your machine to break into other computer systems, serve files or initiate Denial of Service attacks.
Note wiped log files
As hackers try to hide their presence, they will wipe log files that show signs of inappropriate access to your computer system. While a newbie hacker will simply delete the logs, an experienced hacker will go on to the extent of removing individual lines from log files. If you see any log file with missing chunks of time or data, chances are high that the file is tampered with. Some programs like chklastlog and chkwtmp tell you if the files are tampered with. To be sure, you can also store logs on additional servers and compare them regularly with suspicious log files.
What to do if a computer is hacked?
There are various remedies by which you can recover your system even if it has been hacked. Some of these remedies are discussed below.
Read How Fedora Linux is better than Windows OS?
Great tips, thanks.