Were my credentials hacked? How is this possible?

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
CalisunUSA
500 Command not understood
Posts: 3
Joined: 2023-03-20 00:46
First name: Zorro
Last name: Fox

Were my credentials hacked? How is this possible?

#1 Post by CalisunUSA » 2023-03-20 01:02

Today I opened up my FileZilla and while looking at my history, I see two connections that I did not initiate.
In the attached screenshot, the smudged part is my actual server URL, but the part after is something strange.
Were my credentials hacked? How is this possible?
SFTP Hacker on my FileZilla.png
SFTP Hacker on my FileZilla.png (15.06 KiB) Viewed 1226 times

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Were my credentials hacked? How is this possible?

#2 Post by botg » 2023-03-20 07:50

While possible you got hacked, it seems unlikely. Only the worlds dumbest hacker would leave such information behind.

If you did not initiated these connections yourself, could anyone else have used your PC at some point in the past?

CalisunUSA
500 Command not understood
Posts: 3
Joined: 2023-03-20 00:46
First name: Zorro
Last name: Fox

Re: Were my credentials hacked? How is this possible?

#3 Post by CalisunUSA » 2023-03-20 08:42

Nobody else has access to this computer.
looking at IP address used: 34.69.151.52, it is at google datacenter and I don't have anything hosted at google.
looking at second connection, it uses gmail and I don't have gmail account.

Just wondering, by using the connection commands, what will they achieve? Are they harvesting my username/password?

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Were my credentials hacked? How is this possible?

#4 Post by botg » 2023-03-20 09:20

Could be any number of reasons. Any number of files could have been transferred in either direction.

CalisunUSA
500 Command not understood
Posts: 3
Joined: 2023-03-20 00:46
First name: Zorro
Last name: Fox

Re: Were my credentials hacked? How is this possible?

#5 Post by CalisunUSA » 2023-03-21 04:11

After extensive research and digging through my computer, I think I figured out how they got into my computer. Couple of months ago I downloaded a piece of software that I thought I could trust. I think I got rid of it and should be OK now.
Now my question, I am still not understanding the commands that were used, what are they doing? Are they trying to connect to my server or connecting to that IP address passing my server credentials? And what could they get if I don't save my passwords?

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Were my credentials hacked? How is this possible?

#6 Post by botg » 2023-03-21 11:25

I think I got rid of it and should be OK now.
No, that is not enough. Once a computer has been compromised, it needs to be wiped completely and reinstalled from scratch. Personally I recommend to also destroy all hardware with updateable firmware after a breach, basically everything but the case case and the power supplied needs to be destroyed.
I am still not understanding the commands that were used, what are they doing? Are they trying to connect to my server or connecting to that IP address passing my server credentials? And what could they get if I don't save my passwords?
It's not commands, it is a history of past connections, or at least connection attempts. Files could have been transferred over these connections. Depending on the type of data you have on your machine, if an attacker has exfiltrated personal data, the attacker could impersonate you, or ransom you.

Post Reply