i have been hacked,i was phished some time back via msn.i deleted the picture used and deleted the guy who sent it.i thought nothing more about itanyway he got in and stole some precious files and deleted my system restore points.if anyone knows how i could get them back please please tell me[thanks].my firewall was disabled after the attack so i reinstalled the firewall[comodo] and hoped that was it.then the firewall picked up an intruder.i made a note of the ip address and found yes it was my long lost phishein frend.i blocked it.it happened again but from anouther pc [same server] so end of problem huh?.no.lol.i awoke to find the firewall disabled and the msn and my avg 8.0.i took them out and reinstalled them again and the sme thing happend in that order exept firefox was disabled this time.i cant keep the guy out.help please someone as im losing this battle.help (CNY) (V) (R) (:SAD)

First thing to do is UNPLUG YOUR MODEM NOW! now you are safe he cant get you now. This also allows you to #1 take your time and boot into safe mode and scan your computer with your AVG #2 scan in safemode with any other anti malwares or antio spywares you have. #3 call your Internet Service Provider (ISP) Tell them your situation and ask them to give you a new IP I am sure they will do it asap if you tell them your problem. This is all I can really think of at the moment. But I am positive you will get a few more posts to help you out real good.

Did they take advantage of a weakness in Comodo? These reports make me afraid to try the firewall.

No security is 100% effective. If you want great in bound protection then get a hardware firewall. What where your global rules for Comodo?

I never liked the “no security is 100% effective” response. Comodo should be adequate enough that hardware firewall is not needed in most cases. Sounds like this poster has a real concern, as do I after reading it.

The problem is we don’t know what settings he had. This way we will probably also never know how this could happen. But don’t be afraid. Comodo Firewall Pro is THE strongest firewall available.


That’s true - maybe he had the wrong settings. Hopefully he will respond so we know if it was something in the firewall or the configuration.

Over 5 years ago I had Norton Anti Virus. Which was the best av out there at the time and guess what. I got a virus. Do I blame Symantec. No. But after that I am more careful of everything I do online. I also went out and bought a very good modem with a hardware firewall built in. Did you run the Stealth Port Wizard and select the option to “block all incoming connections”? I actaully dont need Comodo but I use it for the outbound control and HIPS. Your best protection is a NAT. Some people dont use a software firewall or av. All they use is a good hardware firewall on full lock down.

I prefer to use router and software firewall, since they go together and provide layered security.

Exactly what I do. My security set up is actually a hardware firewall,Comodo with D+,NOD32 and Sandboxie when needed.

same here, some router with a firewall that got DoS defenses + comodo and it seems to work good to keep away lamers.
what i don’t know is if i have some unknow malware running hidden on my systems, they’re dangerous codes to play with security travelling the network, hope i’m safe enough… can’t say i’m safe 100%… hope i am at 90% :slight_smile:

Adequate does not equal 100% in any maths books I’ve read. :wink: While the “no security is 100% effective” may not be the response you want to hear, it’s probably the most realistic one. The only truly secure PC is one that is disconnected from power and encased in concrete.

No matter how good, or how intelligent, a piece of software is, the human factor can negate all that.

Ewen :slight_smile:

But I have seen that reason used as an excuse when there are legit concerns. For example, the user should be asked his settings first.

Of course it should not be the only answer. Nor should it be used to deflect a serious question. But, at all times, regardless of the severity of the question or the completeness or relevancy of the answers supplied, it remains an immutable fact that there is no such thing as 100% security.

Hopefully you won’t see much of this on these forums.

Ewen :slight_smile:

At the moment I got no hardware firewall, but as soon as I get my new computer, I will also see if I can put my hands on an old laptop from a relative of mine and turn it into a firewall, using Linux.

Then my protection will the that hardware firewall + CFP with Defense+ in Safe Mode, plus the current and always growing list of IPs that I block + customized Hosts file + a decent free AV (no need to pay for one) + SAS + other preventive measures inside my browser.

Prevention is best and only way to go, and then comes detection.

It is unfortunately that something like what was mentioned happened, but like someone just said, it is true that nothing prevents and detects everything. The best we can do is to set up a good prevention and detection system and hope for the best. This is why I do maintain a list of IPs to block and its always growing. I know that CFP does a great job at blocking IPs, but CFP is not 100% effective and that’s why I use a list of IPs to block, either for inbound or outbound connections.

I have a friend that is using Comodo 3 as i advised him ,and his ISP LogIn data were stolen one week ago and some one was using his log in information and accesing internet for free.
Unfortunatelly he is not very skilled with security software ,but on the other hand im wondering how could be hacked that way.
Shouldnt a firewall protect users against hacks?I thought this was the purpose of this tool named firewall.
The only real solution seems to be a hardware firewall at this moments, so you should do the same,take a SPI router and use software firewalls just for a better outbound control.

Two questions should take place now:

1rst - When you adviced your friend to use this firewall, was his system installed for the very first time, or are we talking about a system where he had no sure that it was clean?
If he wasn’t sure the system wasn’t clean, he should had set Defense+ to Safe Mode, at least.

2ndly - You said he insn’t very skilled with security software. Being so, perhaps Defense+ alerted him for something and he just just allowed it to proceed.

CFP is a very great firewall, and with Defense+ on it, it just gets better. But as everything else, if a person does not know how to properly answer to Defense+ warnings, then it will be the same as not having CFP at all…

One must know how to answer to Defense+ alerts.

When I first started using CFP with Defense+, I wasn’t 100% aware how it worked, but I knew that I shouldn’t just press Allow every single time it asked to.

I first tried to get some info on the process in cause. If a system process then I would allow it and see what would happen. If it wasn’t (and sometimes I still do it) a system process, I would just block it temporarily, by deselecting Remember my choice (something like that ;D ). Then with time I would get more info on that specific process and later I would know how to answer properly.

A very good site where people can get more info, if a certain process is part or not of Windows system, is www.processlibrary.com

They got a HUGE list of Windows processes. If they say it isn’t (note that they don’t have all the processes in their database, it is a growing database) I will just block it temporarily and see how the system behaves. If the system still works fine and no error is displayed, then I keep it blocked, until I get more info about it, either by googling or getting back to the site I just mentioned.

CFP and alike tools are no joke. They provide very strong protection, but it may also happen the other way around if people don’t know how to find info on what the firewall alerts us for. It is not a matter of knowing how to work with CFP, but how to answer the alerts. And for that, people must know where to get such info. And google is always a good start.

DarkButterfly,Comodo 3 was installed on a clean fresh XP instalation and the Comodo autoupdate feature was on.His computer seemed to be clean because with just 2 days before his login data were used i advised him to do some virus scans with CureIT ,Spybot Search & Distroy,Malwarebytes Antimalware,SAS and his antivirus Avast 4.8 ,because he often forgets to do regular scans in his cimputer.Those scans found nothing.
I really dont know what are his browsing habits,but he reported that some buddy of his give him on xfire a link towards YouTube,the day before and he is also a user of torrent software.I dont know how he answered to Comodos questions or if there were any and if somehow his data was stolen long before that guy used them.The ISP found the fake user.
He is not skilled in security ,he used Comodo 3 and he was hacked,the conclusion is simple, if you dont know how to use Comodo you can get hacked.I think some automatic features must be implemented in this firewall to protect such hijack.
What do i say to him now after this experience and bear in mind he used the free Sunbelt Firewall version 4 last year and he was satisfied with it,and never got hacked.

I have suggested something like that to be implemented into CFP. It is an important feature for situations when people may answer unappropriatedly to Defense+ alerts. If a bad decision takes place, then this feature could simply block it.

Nothing tells us that he wouldn’t be hacked if he still had Sunbelt’s firewall. So, we can’t say he got hacked because he has CFP installed on his system.

One question: Does he has CFP’s Stealth Ports Wizard set with the last option, which blocks all incoming connections? Under the Firewall section he can find Stealth Ports Wizard, and set it to the last option. It is the most appropriate option to most users.

As everything else, people should first know how to work with something, and then use that very same something. Everything has/should have a instruction manual, and CFP does. :wink: Then if the person in cause decides it is too complicated, then should not use it at all.

But i still wondering ,this friend of mine might have been hacked because Comodo 3 doesnt do a proper SPI or is exclusevely because of a bad answer to firewall question?Ive seen somewhere on a forum that even a router can be fooled and UDP packets can be forced into some stream and DNS spoof made.
Or Comodo 3 in latest versions does SPI very well?