Find the hacker – means to define its real IP (network address). At once it should be noted that in practice to make it very difficult. The hacker having at least brief experience always takes measures to concealment of the true ip therefore search usually comes to an end with nothing. But often to get attempts access to someone else's computer beginners carry out, it is rather simple to find them.
Instruction
1. That your computer was cracked or try to crack, various signs can demonstrate, you can find their detailed description in the Internet. Let's consider several options of actions if you noticed signs of penetration on your computer.
2. Open the command line, make the "netstat-aon" team (without quotes). You will see the list of the current connections. Let's assume that you see the established connection on some port which is not used by any "legal" program. Means, probability is high that at your computer there is a server part of a backdoor – the Trojan program allowing to manage remotely your computer.
3. Existence of connection is demonstrated by the line ESTABLISHED. If there is no connection and the trojan listens to port, expecting connection, in the graph "Status" there will be LISTENING. At the established connection in the graph "Foreign address" you will see ip of the connected computer.
4. To obtain information on this network address, use any of the relevant network services. For example, to these: http://www.all-nettools.com/toolbox/smart-whois.php.
5. Enter ip interesting you in the field of a form, click "Submit". If in the obtained information it is specified that this network address belongs to address range (it will be specified) such provider, that is probability that you managed to find the hacker.
6. But in most cases in a similar situation you will manage to reach only the proxy server, on it search breaks – owners of the server will hardly issue you information on the one who used their service. Though to try it can be received, having written the valid letter and having specified the access reason.
7. Even if you managed to find ip belonging to the specific person still nothing means. It is quite possible that the computer of this user is cracked too and it is used by the hacker as an intermediate link.
8. The situation at which the firewall reports that the certain program which is present at your computer tries to go on-line is possible. Probability is high that on your computer the Trojan program collecting confidential data and sending them to a certain postal address got.
9. In this case you can try to investigate the Trojan program, having defined where exactly it sends reports. The whole complex of tools is used to a research: virtual machines, network analyzers, register monitors, PE analyzers of files and others. You will find detailed articles in the Internet on this subject.
10. One of easy ways of penetration on someone else's computers is use of the Radmin program. Many users, having installed this program, forget to change the password set by default. The hacker, scanning network on open port 4899, finds similar computers and cracks them by means of search of passwords.
11. If your computer was cracked through radmin, trace ip of the connected computer then change the password on the program. Do not use old versions of this program in which for an input only the password is used, they are most vulnerable.
12. Kind of well your computer was not protected, the experienced hacker always has chance to get on it. Therefore never you store confidential data in open form, create archive with these data better and set on it the password. Do not work without firewall and an antivirus. Using these simple rules, you will minimize penetration consequences on your computer.