faq

Why do I need HackerWhacker (Instead of just running security tests myself)?

Some (not all) of the tools that HackerWhacker uses are freely available to anyone, why do I need HackerWhacker? Well, the main reason is that it is that often you need to use the tools AGAINST YOUR OWN COMPUTER. It isn’t possible to accurately test your firewall from within the area it protects. It isn’t possible to see what you exposure is to the Internet, without actually checking FROM the Internet. If you administer a network often you have opened up access for yourself from home, and from other offices so it is difficult to test your network from a place that doesn’t have full access. Sometimes you may be able to access your web server, or your email server just fine, but the rest of the world cannot, and you won’t know about it until someone complains. With a HackerWhacker subscription you don’t have to worry about that. Any time of day or night you can check the real state of your network security just by coming to the HackerWhacker website.

Can I tell if my computer has been hacked?

In a huge majority of the cases, no, because the most popular pc operating system does not record Internet activity. It is impossible to know if your computer has been hacked unless the hacker does something extremely obvious. This is very scary. A hacker might have been using your computer for years for nefarious purposes and you’d never know it! 

If a hacker is extremely clumsy you might see some indications that your computer may have been hacked. 

Hard drive starting up by itself when nothing is going on. 
Receiving E-Mail from strangers. 
Floppy disk light coming on by itself. 
Sounds playing when they shouldn’t be. 
Your computer doing things you didn’t ask it to do. 
Your computer suddenly dialing up the Internet. 
Your computer locking up or freezing while you are on the Internet. 

Why would anyone be interested in my cute, little computer? 

The way hackers work is, they first find someone else’s computer to use. This other computer, possibly YOUR computer, becomes the patsy. The patsy takes the blame. For example, some people say that Lee Harvey Oswald was a patsy and the real assassin of John F. Kennedy escaped. If the hackers activities are traced, the trail will lead to YOUR computer. Since your computer probably keeps no logs to prove otherwise, YOU become the prime suspect. If you are a young male that fits the hacker profile, you are probably in deep do loops. 

What can a hacker do once they gain control of my system?

He and his friends can use your computer as a “safe-house” to store illegal or espionage material. 
Access all your personal or corporate, confidential information you have stored such as bank accounts, credit cards, phone numbers, passwords to other systems, etc. 
Erase your hard disk, completely. 
Upload your confidential letters or materials up to USENET (essentially broadcast them to the world) 
Use your computer to send inflammatory, libelous, copyright infringing or nasty material to other people. 
Upload kitty porn (meow) to your computer and then anonymously call the authorities in your area. 
Turn on the video camera or microphone if your computer has one and watch or listen to what you are doing. 
Worse case scenario, the person can send a letter from YOUR computer making terrorist threats, and you’ll have the FBI knocking on your door and you’ll have a lot of explaining to do. 

Believe it or not, a very common occurance is high school teachers getting hacked by their students. The students want advanced information about tests, and possibly think they can change their grades or intimidate the teacher by reading her email. Another common situation is ex husbands/ex boyfriends hacking their ex girlfriends/wives computers, reading their email and essentially spying on every aspect of their lives. Most of the personal dangerous person hacking is just stalking moved up to the digtal world.

One of the worst situations you can be in is to have ENEMIES that are capable of hacking. If you are in that situation, and you don’t take measures to protect yourself, you are most certainly going to be in big trouble.

In short, once someone gets into your computer, if they want to, they can make your life a living hell. And the final thing is, there is NO GUARANTEED WAY TO CATCH THEM. Because the most popular pc operating system does not record Internet Access, there is no record of where the access came from, and even if it did, there are methods that allow someone to do things completely untraceably. 

The only recourse you have is to PREVENT IT HAPPENING IN THE FIRST PLACE. 

My personal business isn’t that exciting, why should I care?

Corporate hacking is even more dangerous. In one situation a hacker got privy to some information by watching corporate emails, and blackmailed the company for $5000. How do we know this? The hacker told us in a candid interview. His approach to them was “Is this information worth $5000 to you?”. The information had to do with some corners this company was shaving in relation to a construction project. Gee, does your company have any information you wouldn’t want customers or the competition to know about?

What services does HackerWhacker offer?

Been quoted tens or hundreds of thousands of dollars for a security audit? Guess what. In many cases, HackerWhacker gives you the same high quality security tools the expensive “experts” are using except for 1/100th the price! Even if you are getting a security team coming to your place, you should scan yourself so you can compare the results you get, with what they get. If you are a small company that can’t afford the outrageous prices security consultants charge, you can afford HackerWhacker. We’ve streamlined and automated the security audit process to get rid of the excessive manpower normally required. 

What does Membership get me?

The free tools are ok, but if you are responsible for security, you need to use the Membership tools. The free tools don’t give you the following: Membership tools allow you to scan an entire network with one command. Membership tools allow you to scan the entire 65535 port range for both TCP and UDP. Membership gives you usage of the industry standard Nessus scan which gives more detailed test results than Nmap. You also get to use Nikto which is vulnerability scanner for Web Servers. You will also get access to all new HackerWhacker tools as they are released.

One Week Membership

One week (7 days) usage for scanning. This useful if you just want to secure one machine. You must be sitting at the machine you scan but you can scan multiple machines with the restriction that you must wait one hour between scans IF the ip address changes. You can only scan the computer you are sitting at with this scan.

The idea behind this scan is to test and fix the security holes on your computers quickly.

One Year Business Computer Membership

Unlimited usage of all the HackerWhacker Scans for single computers

This lets you use all current and future HackerWhacker scans for an entire year. As long as you stay within the same class C (first 3 numbers of your IP Address) you don’t have to wait an hour between ip address changes. You will also automatically get all future HackerWhacker scans. You can only scan the computer you are sitting at with this scan.

Network Membership

One Year Unlimited usage of all the HackerWhacker Scans, across multiple computersThe main difference between this and the Business Computer scan is that this one allows you to scan up to an entire class C of computers that you are NOT sitting at. This is for the user that needs to secure scan routers, printers, hubs or any other Internet device that isn’t capable of running a web browser to talk to HackerWhacker. If you sign up for this, we will have to get written/E-Mail permission from one of the registered contacts for the IP addresses you will be scanning. You will only be able to use HackerWhacker from the machine you are sitting at until we get those permissions. If YOUR E-Mail address is one of the registered contacts, we will enable your full privileges as soon as we get notified of your membership and verify it.

One Year Consultant Membership

The Consultant can scan any network, from anywhere in the world, and use all the tools. This is intended for usage by independent security consultants who wish to provide an authentic HackerWhacker scan as part of the services they provide their customers.

NOTE: We do UDP scans, however not all systems can be UDP scanned so we cannot guarantee you will be able to do one. UDP scanning is hampered by YOUR firewall. If you want to UDP scan you can probably change your firewall settings to allow it without compromising your security. It depends on your firewall software/hardware whether or not you can do this. We have instructions to do that.

Why do you use Pay Pal for payment?

We used several of the so called Big Guys of credit card processing, and they were all, complicated and hoplessly mired in the old way of doing things. 

Click Here for a 3rd party review of Pay Pal.

Too expensive, even for unlimited use.

Big time Install-On-Your-Computer tests cost thousands of dollars. Port scanning your computer like HackerWhacker does, and closing open ports, will close up roughly 95% of the problems for 1/100 the price. Many of the companies that send teams to your site USE THE SAME PUBLIC DOMAIN SCANNING SOFTWARE HackerWhacker USES. 

Most home users and offices ONLY NEED TO CLOSE THEIR OPEN PORTS. THEY DON’T NEED THE HIGH PRICED SOFTWARE THAT SCANS THINGS THEY AREN’T USING. The other 5% of the problems are problems that arise when you leave ports open out of necessity. For example if you are running a web server, you need to let people in. The Nessus Scan and advanced NMAP scan are designed to probe your applications and tell you of any vulnerabilities you have.

Another note: HackerWhacker lets you perform tests the other programs can’t: It lets you scan from OUTSIDE your computer and firewall which gives a true picture of your security. 

Take a look around and see how much people are charging for comparable services. You’ll find we offer 95% of the coverage for approximately 1 to 10% the cost of comparable coverage. It makes sound fiscal sense to consider HackerWhacker services as a tool to for defining the need for ADDITIONAL third-party services. Use us to avoid expensive, smarmy consultants.

I have a firewall, I don’t need HackerWhacker. I can scan my own ports, I don’t need HackerWhacker.

Sure you have a firewall, but do you REALLY trust that it’s doing what you think it’s doing? Firewalls are complicated. Mistakes are easy and you don’t know about one until you’ve been hacked through it. This is a fact of life and even experienced firewall configurators make mistakes.

Scanning your own system isn’t a valid test because you aren’t going through your firewall. The only way to be absolutely sure is to scan your system from the outside and see exactly what your firewall permits or denies. This means you have to scan from another machine, across the Internet. You can have a friend do it (except at odd hours, and not too much it annoys him), or scan yourself from work or home (if your company firewall lets you or they don’t freak out when they see a scan running), or you can save time and hassle and gas and a nasty visit from Stuart the “computer dude” and have HackerWhacker do it instantly.

A firewall will not protect you if you are running a public web server, ftp server, pc anywhere or E-mail server since you are letting people in anyway. HackerWhacker does application level testing for vulnerabilities a firewall cannot block (since you are letting people through your firewall to get to your web server for example).

The quick scan failed because I’m attached to a proxy server. I need to learn how to disconnect from that before trying to scan.

NOTE: AOL users need to use our TELNET SCANNER to effectively scan their computers. AOL uses something called PROXY SERVERS to enable their customers to “talk” to the Internet.

IF You are NOT using AOL and get PROXY error messages, try this:

If you are using Microsoft Internet Explorer do this:

Tools Menu, 
Internet Options, 
Connections, 
LAN Settings, 
Uncheck “Use a proxy server”

If you are using Netscape

Edit Menu, 
Preferences, 
Advanced, 
Proxies, 
Select “Direct Connection to the Internet”

You can put the settings back when you are done.

I’m not sure you’ll be able to tell me any more than a particular port is open. OK 88 & 139 are open, but what exploits do I have to worry about???

We have an entire test for 139, the Netbios test. For all the usual ports we have extended information. For every other port there is one click access to search machines on the Internet which can tell you what the entire world knows about this port. We cannot beat the entire world in our knowledge. We acknowledge that.

Quick Scan let me fix all of my open ports.

The Quick Scan only let you see and fix about 11 of your ports. There are 130,000+ ports possibly open to hackers (udp and tcp combined).

Your test didn’t find any open ports. I’m safe. Why do I need your test?

You’ve only seen 11 ports out of a possible 130,000! The HackerWhacker tests need to be re-run every time you install new software, open an “attachment” in your email or change your network settings. Anything which might possibly cause insecure ports to be opened requires a scan.

Other sites do this for free.

No. There are no other sites that do ALL this for free. Some sites offer bits and pieces for free, but it’s probably at most 5% of what HackerWhacker offers. We have constantly asked people to provide us with these site names and when they do, we investigate and find out the scans are small (10 ports or so) or the site charges. But even the “charge” sites don’t do even close to a full HackerWhacker scan.

It requires a lot of resources to do a proper scan using Nessus, Nikto and nmap on multiple people and multiple networks at the same time. No free site could afford the monthly T3 connection and banks of computers it requires and be free for long.

What if I find no security holes? Why should I pay for that?

Because now you know. If you go to the doctor and get a check-up it isn’t free (in non-socialist countries that is) just because he finds nothing wrong. If you have some nagging feelings that you might be open to hackers, and we prove that you aren’t, now you have peace-of-mind where before you had uncertainty. Or, you might THINK you are secure, but if you knew it for sure, you wouldn’t be here. That’s what you’re getting with HackerWhacker, security and the hard proof of it. We do a lot of work to prove you are secure, just as much as proving you are insecure.

How does HackerWhacker work?

The basic method HackerWhacker users is to check your computer or network the same way the bad guys will. We basically simulate a hacker checking out your system and tell you what he is seeing. We tell you how to FIX the holes so when a real hacker comes along, he sees no opportunity to break in.

HackerWhacker believes that one should use the same tools the hackers out there are using, why? Because if you deal with the security holes these programs reveal, and close them, then hackers scanning your system for random opportunities will also see “No Holes” and go somewhere else.

HackerWhacker has several types of tests. The most common test is the scan for open ports. This test consists of us sending connection attempts to your computer. Every Internet computer has 65534 possible connection points called ports. The best port test we have attempts to connect to each of those ports. We don’t do anything unusual that your computer wouldn’t be subjected to daily during normal Internet use. We are just making sure every port gets checked. 65534 ports seems like a lot but some computers can be completely scanned in under a minute!

Other tests HackerWhacker does are “application level”. These are even more important than open port tests. Virtually ALL Internet services, programs, servers have security holes in them that let hackers break into your computer. We are talking about Web Servers, Email Servers, Database Servers, virtually any program that has to offer itself to the Internet. These security holes are pretty much all programming bugs or unexpected uses of the Internet Service that original authors did not predict when they wrote it. For example, it is quite easy to trick a web server into letting you access supposedly password protected material.

My IP Address changes. Will my HackerWhacker account membership still work?

Yes! Having a dynamic (changing) IP Address is OK with us. For a Home membership, we require a 2 hour wait if you change IP Addresses. For an Office user, we require a 2 hour wait if your IP Address changes to a different class C. Network and Consultant licenses are not bothered by changing IP Addresses.

These measures are necessary because people bought memberships and put their UserNames and Passwords up on “hacker” boards and HackerWhacker was flooded with scans from people who did not really have memberships.

I’ve been hacked, help!!!!!

You have our sympathy. If your computer has been taken over already by a hacker, there’s not much you can do to be 100% safe. You can try running an Anti Virus program but many hackers put stuff on your computers that Anti Virus programs just aren’t designed to deal with. If that fails to fix things, you’ll have to reformat from scratch. Once you’ve been hacked and gone through the nightmare of someone else getting all your data, or deleting your important files, you understand why its worth investing in anything that will stop it happening in the first place.

You are using open source tools, don’t you have to make the modified source available?

Yes, we use open source tools, but we don’t alter them in any way. We merely interpret the output into HTML to make it reabable over the web.

What kind of guarantee do you have?