# How to stop a hacker at Facebook?



## SahilAr (Apr 30, 2012)

Heyy Everyone,
A hacker is constantly hacking my cousin's facebook account,he is sending random messages with severe abuses to known relatives/close friends and also he is posting on wall by hacking his Account,how to stop him?


----------



## abhidev (Apr 30, 2012)

change the pwd and keep it disabled for sometime....also try setting a complex password


----------



## SahilAr (Apr 30, 2012)

Tried everything,but still..he's screwing the account!
he has done password reset many times,changed it to a complex password,disabled account,but nothing helped


----------



## ritvij (Apr 30, 2012)

change the pwd of your primary email linked with fb account.. thats how he must be getting your pwds..


----------



## SahilAr (Apr 30, 2012)

done that too..
but still he is continuously changing the password of facebook account!


----------



## dashing.sujay (Apr 30, 2012)

NEVER click on any unknown links, either external or internal (app or via chat). This is the best way to be safe. Plus follow these practices:

1) Logout the current "active sessions" 



Spoiler



*i.imgur.com/DeXYt.png



2) Enable http*s*: by default.

3) Enable login notification, it can save your a$$ from worse.

4) Change your primary mail id (just once for trial as the previous one is most probably hacked). Keep it *gmail* only as it offers better security.

5) Finally change all passwords.

6) Also, clear all cookies of your browser and don't click on "remember me".

Now, I don't see how can any hacker hack your account, of course nobody has got database of FB id-pass!


----------



## coolpcguy (Apr 30, 2012)

Enable 2-factor authentication 

*www.facebook.com/settings?tab=security&section=devices&view


----------



## dashing.sujay (Apr 30, 2012)

coolpcguy said:


> Enable 2-factor authentication
> 
> *www.facebook.com/settings?tab=security&section=devices&view



I can't find step2 verification. The link is of "recognised devices". Is it same as gmail?

I don't recommend it personally as sometimes to network congestion, sms comes too late.


----------



## coolpcguy (Apr 30, 2012)

> I can't find step2 verification. The link is of "recognised devices". Is it same as gmail?



Somewhat - facebook will prevent you from logging in if the device is not recognized. So the first time  you login in from another computer, you'll get a SMS that you must enter to proceed. 



> I don't recommend it personally as sometimes to network congestion, sms comes too late.



Account security > anything else.


----------



## dashing.sujay (Apr 30, 2012)

AFAIK fb hasn't got any option to to block unrecognised devices. It just gives sms alert which I had already mentioned. Step2 verification is something else provided by gmail.


----------



## Tenida (Apr 30, 2012)

Sms notification is good. I also activated the service both n gmail and facebook.


----------



## Faun (Apr 30, 2012)

I remember my SIM got corrupted and couldn't login to gmail because it thought that the hardware changed somehow.


----------



## dashing.sujay (Apr 30, 2012)

Faun said:


> I remember my SIM got corrupted and couldn't login to gmail because it thought that the hardware changed somehow.



Gmail gives you some "master passwords" which will always work if you loose access to mobile no you have registered.


----------



## RCuber (Apr 30, 2012)

ok change your secret questions and and date of birth ( remember the new one you set)..


----------



## coolpcguy (Apr 30, 2012)

dashing.sujay said:


> AFAIK fb hasn't got any option to to block unrecognised devices. It just gives sms alert which I had already mentioned. Step2 verification is something else provided by gmail.



False. 

1. It's not just SMS alert. You get a verification code that must be entered to login. Ergo, 2-factor. 
2. Unrecognised devices can't gain access to your account unless the verification code is entered.
3. You can revoke access to your facebook facebook from any device from the above link.




dashing.sujay said:


> Gmail gives you some "master passwords" which will always work if you loose access to mobile no you have registered.


If you have access to a facebook from a computer, you can authorize access to other device from that account as well. 

(and oh, the Gmail backup codes are 1-time use. You'll have to regenerate them once you've used them all)


----------



## s18000rpm (Apr 30, 2012)

scan your PC with AV & Malwarbytes.
most prolly some key logger or something.


----------



## dashing.sujay (May 1, 2012)

coolpcguy said:


> False.
> 
> 1. It's not just SMS alert. You get a verification code that must be entered to login. Ergo, 2-factor.
> 2. Unrecognised devices can't gain access to your account unless the verification code is entered.
> 3. You can revoke access to your facebook facebook from any device from the above link.



1) Can you tell me how to do that in FB, I can't find an option.

2) Same as above.

3) That link was just listing of devices recognised and you can make them unrecognised if you require, not _blocked_. (given there is an option).



coolpcguy said:


> (and oh, the Gmail backup codes are 1-time use. You'll have to regenerate them once you've used them all)



Thanks, didn't knew it. Though I lost them


----------



## Desmond (May 1, 2012)

One of my friends too faced a similar problem. However, her problem was that someone was able to view here private pics. She says that she is dead sure that no one knows her password. I suspect that it could be some javascript vulnerability. What can be done in this case?
_Posted via Mobile Device_


----------



## dashing.sujay (May 1, 2012)

DeSmOnD dAvId said:


> One of my friends too faced a similar problem. However, her problem was that someone was able to view here private pics. She says that she is dead sure that no one knows her password. I suspect that it could be some javascript vulnerability. What can be done in this case?



FB is php based, then how come java vulnerability can exist?


----------



## Desmond (May 1, 2012)

I said Javascript, not Java. Don't tell me you don't know the difference.
_Posted via Mobile Device_


----------



## dashing.sujay (May 1, 2012)

DeSmOnD dAvId said:


> I said Javascript, not Java. Don't tell me you don't know the difference.



I know, still I believe FB is not vulnerable to JS attacks. But orkut was, very much.


----------



## mohityadavx (May 1, 2012)

I think I know the solution its like this go to forgot your password  then there enter username then next step don't have access to primary password then give new email select three friend whom you would like to acknowledge the fact that new email is yours and your password should be reset. 

Now the person hacking the account may have three  account which are friend in your friend's account, So its that simple.  (Experimented on friend's account )


----------



## coolpcguy (May 2, 2012)

dashing.sujay said:


> 1) Can you tell me how to do that in FB, I can't find an option.
> 
> 2) Same as above.
> 
> 3) That link was just listing of devices recognised and you can make them unrecognised if you require, not _blocked_. (given there is an option).



1 & 2 -> *www.facebook.com/help/?faq=148233965247823#What-is-Login-Approvals?-How-do-I-turn-this-setting-on?

3 -> Making them as unrecognized effectively blocks them from your account. 



> I suspect that it could be some javascript vulnerability. What can be done in this case?



The only this is possible is a direct link to the image. Nothing to be done if there's a direct link to the image coming from the CDN.



> I know, still I believe FB is not vulnerable to JS attacks. But orkut was, very much.


There have been plenty of js-based attacks on fb in the past. Most of the exploits are fixed before they are disclosed to the public, so you don't hear about them.


----------



## dashing.sujay (May 3, 2012)

There's no "Login Approval" thingy in my settings as described in the link above.


----------



## coolpcguy (May 3, 2012)

That's weird. Have you added your mobile number?


----------



## dashing.sujay (May 3, 2012)

Yes, notifications are enabled and I get them too. Though text messaging is disabled.


----------



## coolpcguy (May 3, 2012)

Not really sure why it's so. perhaps it's disabled for short while?


----------



## dashing.sujay (May 3, 2012)

May be. You can see how its currently.


----------



## Faun (May 4, 2012)

Unplug the cable to internet. It's the only solution.


Spoiler



Trust me. I am an internet expert.


----------



## Nipun (May 4, 2012)

There can be a keylogger on your PC too. Try changing password from a different PC(or a mobile), and dont login from the current computer for sometime and check.


----------



## mrintech (May 4, 2012)

There's a Keylogger on your PC. Scan with Kaspersky and Super Anti-Spyware

Hope everything gets fine soon


----------



## Nipun (May 4, 2012)

mrintech said:


> There's a Keylogger on your PC. Scan with Kaspersky and Super Anti-Spyware
> 
> Hope everything gets fine soon


Kaspersky can't detect most keyloggers. Not the one I use atleast.


----------



## 101gamzer (May 4, 2012)

Try these DCWG | DNS Changer Working Group


----------



## Sujeet (May 22, 2012)

Stop Using Facebook.Its Useless.Have Peace of Mind.


----------



## mrintech (May 22, 2012)

Sujeet said:


> Stop Using Facebook.Its Useless.Have Peace of Mind.


----------



## balakrish (May 23, 2012)

*Re: How to stop a hacker at Facebook? - You CANT secure your facebook *

Okay. After all these discussion im gonna tell mine. Please drop your comments since its my first LOOOOOONG post in thinkdigit forums 
yes. Hacking a facebook account is really easy and i dont know how many of you know this "vulnerability" of facebook.
AS I KNOW, the hacker who hacked his friend's a/c should have known the ans of fb security qn. then PROBLEM SOLVED.

Lemme demonstrate How easy to hack a fb a/c when you know the security qn ans.

So I'm gonna provide some snapshots here.

1.Clicking "Forgot Password"
*s14.postimage.org/6ermnmobl/Screenshot_from_2012_05_22_23_40_21.png
2.Entering the email id or username(pretty easy)
*s18.postimage.org/8waotahbt/Screenshot_from_2012_05_22_23_41_38.png
3.Clicking "NO longer have access to these"
*s17.postimage.org/68jg0zs67/Screenshot_from_2012_05_22_23_42_27.png
4.Entering hacker's mail id 
*s17.postimage.org/5x1zo8bq7/Screenshot_from_2012_05_22_23_43_01.png
5.Entering the ans for security qn. [this is what the hacker has to hack ]
*s17.postimage.org/ipq3o5nbz/Screenshot_from_2012_05_22_23_43_27.png

Finally hacked 

Anyways you may ask me, hey Bullsh*t! cant he change his fb security qn?
Oh! my answer is, "if you can change the security qn. please tell me how to do it"

AS I KNOW, facebook offers the user to change his mail id, but not his  security qn. (atleast for me) Lemme show my account's security tab.

*s15.postimage.org/7r1ik4qy3/Screenshot_from_2012_05_23_00_03_26.png

P.S: i dont know how long these images will be visible. because i uploaded them in postimage.org. i dont know their TOS  
Images are taken by gnome-screenshot and edited by using GIMP.


----------



## Nipun (May 23, 2012)

*i.imgur.com/y0YV9.jpg

Also, letting someone know answer to security question is as stupid as giving them password.


----------



## balakrish (May 23, 2012)

Nipun said:


> *i.imgur.com/y0YV9.jpg
> 
> Also, letting someone know answer to security question is as stupid as giving them password.



Hey! Is this a first time you set security qn for your a/c? because i cant find the option to change security qn. But when you set it first,you will have an option to set security qn.After setting security qn,this option goes away(atleast for me)


----------



## dashing.sujay (May 23, 2012)

It is true. You can't change security question once set; FB help also says that.


----------



## Nipun (May 23, 2012)

dashing.sujay said:


> It is true. You can't change security question once set; FB help also says that.


I don't have a security question.. I think I had set it. 
Whatever, if I dont have it, I am safe


----------



## balakrish (May 23, 2012)

So the moral of the story is, If you wanna hack anyone's facebook a/c UNCONTROLLABLY,then what you have to do is, Just find the ans for the security qn. 
PROBLEM SOLVED. Because the fb user doesnt have full rights over his a/c. Reason is, he can't even change his security qn.

Funny thing is Facebook considers this as security.


----------



## Ada (Jun 21, 2012)

My Facebook was hacked by this keylogger Mac last week. My passwords are very complicated.


----------



## Loreasa (Jun 28, 2012)

Nipun said:


> There can be a keylogger on your PC too. Try changing password from a different PC(or a mobile), and dont login from the current computer for sometime and check.



Yeah, agree with this point. Maybe you should take it seriously and better do as Nipun said above.


----------



## Piyush (Jun 28, 2012)

by disabling your account


----------



## aniket.cain (Jun 28, 2012)

^ And the hacker can always enable it back.


----------



## freshseasons (Jun 29, 2012)

Use Virtual Keyboard always... ! 

And if you are getting more *Likes* and better social life then maybe leave your facebook account to the hacker.


----------



## suresh123 (Jul 2, 2012)

Thanks for this information.My friends facebook account has been hacked by someone.


----------



## Phoenixhuo (Nov 29, 2012)

SahilAr said:


> Heyy Everyone,
> A hacker is constantly hacking my cousin's facebook account,he is sending random messages with severe abuses to known relatives/close friends and also he is posting on wall by hacking his Account,how to stop him?



You may use the anti-keylogger software named KeyDefender!
I have used it ,and it has always worked very well!

The following is a brief of KeyDefender:
KeyDefender is a next generation of anti keylogger software that encrypts user keystrokes at the keyboard driver level, and transmits encryption information to the destination app in the private tunnel, deep in the operating system. At the same time, it is also kept to release virtual keystrokes to interference. So no keyloggers can steal your passwords or other crucial information.

◦Kernel-level security protection
◦Private tunnel
◦Encrypt keystrokes
◦Virtual keystrokes to interference

The following is some test video of facebook, email, twitter protected by KeyDefender:

Facebook protected by KeyDefender - YouTube
Facebook Protected by KeyDefender - Video
Twitter Protected by KeyDefender - Video 
Email Protected by KeyDefender - Video
The Best Anti-keylogger Software of KeyDefender - Video
Professional Anti-keylogger Software - KeyDefender

You have a look! I hope to help you!


----------



## amjath (Nov 29, 2012)

Use Norman Malware cleaner to remove malwares and use ur incognito browser mode to log into facebook and primary mail to change password


----------



## axes2t2 (Nov 29, 2012)

If all else fails

formattttttttttttttt

And laugh like this when doing it.



Spoiler


----------



## Anish (Nov 30, 2012)

Why the hell is this thread in this topic? or am i seeing it wrong?


----------



## Skud (Nov 30, 2012)

Over!


----------

