How to ensure web-camera is accessed legitimately?

I’ve recently became baffled as to how often is there an attempt to use a web-camera on my laptop. And I mean – out of the blue, when I had neither an intent nor a context to use it.

How do I know it’s used? Well, I have an AV which has a function “block usages of a device X” (X can be a microphone or a web-camera for instance). And when it does so, the popup shows “oh, look, user, web-camera access is blocked!” Also, to explain what do I mean “I noticed recently”: it’s that I enabled this feature in the AV recently. I suspect all these things were happening even before, but I just didn’t know about them.

Unfortunately, the AV doesn’t provide a way to see what was accessing the camera. And here’s the main problem – it all happens in seemingly “harmless” situations. Examples?

  • I launch a web-browser after restarting a PC – alert, web-camera access
  • I launch Steam? Alert
  • I open a tab in youtube the first time (!?) Alert.

So far, I use tape.

But clearly there should be better ways to do this which allow legitimate usage.

More context:

  • Windows 10 PC (laptop)
  • Kaspersky AV
  • AV doesn’t show any problems (such as viruses)
  • Network monitoring doesn’t show any suspicious traffic

My Questions:

  • Should I even concern myself about these usages?
  • What can I do to absolutely ensure it’s not used without my consent?
  • What kind of information is it possible to leak through this, is it really possible to remotely enable the camera and shoot the user?

Can Network Admin Make changes to site if I’ve accessed the site in edit mode?

I connect to the Internet via a neighbor’s wireless router (not a guest connection).

Windows 10: I don’t share files or printer. Domain, private, public network: firewall is on. Scan = no issues.

I have a G Suite account to build sites. Site is published. Sharing options are secure. No other authorized users at this point.

Support asked for the URL of site builder in edit mode.

Two days later, many unauthorized changes to published Google site. Is it possible for admin of neighbor’s network to access or edit site if it’s in edit mode?

Is it possible for the support person to use URL to access or edit site IF I have the site open in edit mode? Obviously, I can pull up the site in another browser screen, so wondered why support person with the link would be unable to do so.

Attempting to keep up with all the crazy, strange changes is eating my lunch. Need to ID the origin.

How to make WordPress links point to site URL when being accessed through Traefik?

I have a WordPress site running as a Docker stack.

If I access it directly through DNAT (using a valid IP address just for this site), everything works well.

If I try to access it through Traefik (so I can share a valid IP address with other HTTP services), I can only access the home page of the site and WordPress admin pages for this same site but for all other regular pages I get a error message like this:

Unable to connect

Firefox can’t establish a connection to the server at 192.168.109.236.

The 192.168.109.236 IP address is the address of the Docker worker configured as a backend for this site in Traefik as you can see in this traefik.toml snippet:

 [file]    [frontends]      [frontends.site]        backend = "site"        [frontends.site.routes.site1]          rule = "Host:www.EXAMPLE.com,www.EXAMPLE.com.br,EXAMPLE.com,EXAMPLE.com.br"     [backends]      [backends.site]        [backends.site.loadbalancer.stickiness]        [backends.site.healthcheck]          path = "/"          interval = "10s"        [backends.site.servers.c1]          url = "http://192.168.109.236:9003"        [backends.sita.servers.a1]          url = "http://192.168.109.233:9003"        [backends.site.servers.a2]          url = "http://192.168.109.219:9003" 

How to make WordPress links point to site URL instead of Docker worker’s IP address when being accessed through Traefik?

Site accessed by Intel Mac OS X and iPhone OS at the same time

I have created my own logging in a PHP script on my website. While doing this, I record a timestamp, IP address and HTTP referrer. I notice that I often have two hits as follows where it looks like an iPhone and a Mac are accessing my site at roughly the same time from the same IP address. Can someone explain what is happening here?

[‘2019-06-23 02:47:26pm’, ‘172.117.xxx.xxx’, ‘Lakewood, California, United States’, ”, ‘Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko)’]

[‘2019-06-23 02:47:28pm’, ‘172.117.xxx.xxx’, ‘Lakewood, California, United States’, ”, ‘Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1’]

[‘2019-06-23 03:09:04pm’, ‘95.44.xxx.xxx’, ‘Drogheda, Louth, Ireland’, ”, ‘Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko)’]

[‘2019-06-23 03:09:07pm’, ‘95.44.xxx.xxx’, ‘Drogheda, Louth, Ireland’, ”, ‘Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1’]

I have a html/php form that links to an excel file as a database I want to know how can that form be accessed globally?

Once the user enters the form data the data is sent to the excel file. At the moment I am using Apache on Xampp to make it work locally on my laptop. I want to figure out how can the form be accessed from anywhere in the world in my company by any user and that data stored in the excel file on the PC having the excel file.

Can 3rd party AVs have accessed to my windows pc and android phone even after uninstalling and removing them?

So before we start this, I have paranoia issues (doctor diagnosed, not self-diagnosed) so things might at some points seem like an extremely far reach, but please bare with me, and try to help me.

So, I bought an AV yesterday (prefer not to name it, paranoid), after reading site reviews about it and getting a few recommendations about it. But after buying it, I stumbled across some user reviews and a lot of them were talking about abysmal customer support, and shady business practices. Not only that, but when making an account on that AV’s site, it was riddled with issues (“Invalid email”), and then after somehow making an account, when i tried to log in, they kept saying “invalid username or password”. So I clicked on the “forgot password” option, entered my email and submit and they never sent me an email to reset the password. So I just thought “fuck it” and logged in using my google account tied to that same email. After that I downloaded and installed it on my windows pc and android phone, and unfortunately it was then i saw the user reviews which were abysmal, and i realized it was kinda shitty for me too. So I emailed their customer support asking for a refund, and removed it from my phone, and uninstalled it from my pc, then i had to restart my pc to complete uninstallation, and after restarting, the AV was back on my desktop, and on the “apps” part of settings. So I google searched and downloaded their own uninstaller and uninstalled it, and after it uninstalled, it said “uninstalled with errors, contact customer support to complete uninstallation”. I felt I can’t bother with that, so I just to restarted the pc, looked to see if it was still there, and then clicked on “This PC” and typed in the AV’s name in the search tab and shift deleted every single file with the name of the AV.

After that I restarted again and realized my PC was considerably slower. BIOS time before installing the AV was around 2 seconds, but after installing and uninstalling the AV, BIOS time is now 4 seconds.

Now all this, the shady business practices, the poor customer support, the uninstalling difficulties, the difficulty and errors faced when trying to make an account, and the BIOS time slow down even AFTER UNinstallation, makes me worried about if these guys are still in my PC and phone and are maybe accessing the deepest corners of my pc and phone. I gave them access, what’s to stop them now, i guess.

So question is, can they still access my pc, phone, and also maybe my google account??? Do they still have access to my pc and phone??? Could they hack me or something????

And if so, how do I completely purge their existence from my phone and PC??? How do I get my PC back to normal??? How do I stop them from accessing my PC??? How do i make it as if it was never installed in the first place???

Sorry for the long post, I had to explain everything here, I have nowhere else to go right now, I’d really appreciate advice, help and all that. I’m paranoid and I haven’t gotten any work done and I’m falling behind with work so I need help ASAP. Thank you in advance.

P.S. This AV is quite a reputable software, review sites love it always gets great reviews from testing labs and so on and it has hundreds of millions of users worldwide. So it’s not some unknown AV.

How to find out if a specific file was accessed by a process and denied access?

I was recently trying to install an SSL certificate and I was unaware of which account was being used on IIS to access it.

I thought that maybe if I looked in the Security log I would find out what account was trying to access the certificate.

Obviously the Audit Failure keyword would be in the filter, but what about finding the path to the certificate file?

What accounts for file accessed immediately after including link in Gmail?

Less than 60 seconds after sending an email w/ Gmail that contained a pasted https link to a .zip file, that file was accessed by two non-Google servers. Neither server belongs to the email recipient.

One of those servers is an Amazon Web Services (AWS) server, so that might be Google. But the other is not, and strangely, its referral URL is a google.com search result link in the form http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web…

Based on the file size, it appears the entire file was not downloaded (it’s quite large). But I’m confused as to what’s going on here. Is this something Google is doing for the purposes of previewing the link? Or is someone else getting access to this email? It was so quick, that I do think something automated is likely (as opposed to someone sitting around reading my email).