Finding a hacker means determining his real IP (network address). It should be noted right away that this is very difficult to do in practice. A hacker with at least a little experience always takes measures to hide his true ip, so the search usually ends with nothing. But often attempts to gain access to someone else's computer are carried out by beginners, they are quite simple to calculate.
Instructions
Step 1
A variety of signs may indicate that your computer has been hacked or are trying to be hacked; you can find a detailed description of them on the Internet. Consider several options for action in the event that you notice signs of infiltration on your computer.
Step 2
Open a command prompt, type the command "netstat –aon" (without quotes). You will see a list of current connections. Suppose you see an established connection on some port that no "legal" program is using. This means that there is a high probability that your computer has the backdoor backdoor - a Trojan program that allows you to remotely control your computer.
Step 3
The presence of a connection is indicated by the line ESTABLISHED. If there is no connection and the Trojan is listening on a port, waiting for a connection, the "Status" column will show LISTENING. When the connection is established, in the "External address" column you will see the ip of the connected computer.
Step 4
To get information about a given network address, use one of the corresponding network services. For example, this
Step 5
Enter the ip you are interested in in the form field, click the "Submit" button. If the information received indicates that this network address belongs to the range of addresses (it will be specified) of such and such provider, then there is a possibility that you managed to find the hacker.
Step 6
But in most cases, in such a situation, you will only be able to reach the proxy server, and the searches stop there - the server owners are unlikely to give you information about who used their service. Although you can try to get it by writing a respectful letter and indicating the reason for contacting.
Step 7
Even if you managed to find an ip belonging to a specific person, it still doesn't mean anything. It is possible that this user's computer has also been compromised and is being used by the hacker as an intermediary.
Step 8
It is possible that the firewall reports that a program on your computer is trying to access the Internet. It is highly likely that a Trojan horse has entered your computer that collects confidential data and sends it to a certain postal address.
Step 9
In this case, you can try to investigate the Trojan by determining exactly where it sends reports. A whole range of tools is used for research: virtual machines, traffic analyzers, registry monitors, PE file analyzers, and others. On the Internet, you will find detailed articles on this topic.
Step 10
One of the easiest ways to get into other people's computers is to use the Radmin program. Many users, having installed this program, forget to change the default password. A hacker, scanning the network for an open port 4899, finds such computers and cracks them by brute-force passwords.
Step 11
If your computer was hacked through radmin, track the ip of the connected computer, then change the password on the program. Do not use older versions of this program, which only use a password to log in, they are most vulnerable.
Step 12
No matter how well your computer is protected, an experienced hacker always has a chance to infiltrate it. Therefore, never store confidential data in clear text, it is better to create an archive with this data and set a password on it. Don't work without a firewall and antivirus. By using these simple rules, you will minimize the consequences of penetration into your computer.
