My computer turned itself on. Was I hacked?
Calm down
It is very unlikely that someone has remotely turned on your computer.
Wake On Lan (WOL), as the name implies, will only work on a LAN. Which means, it won't work over the internet.
This is due to how WOL works. The packets that are sent to wake up a computer aren't forwarded by routers. So, the packets will never travel very far (and especially not over the internet).
OK, so what was it?
This still leaves the question, why was the computer even turned on?
Assuming you're using Windows, there are many way a system can be woken up. Let's have a look into Device Manager:
As you can see, many devices can be allowed to wake the computer up. Like a mouse or a keyboard or a network adapter.
So, if your computer was sleeping and someone (maybe a pet) accidentally touched the keyboard, that can already be enough. But there's more!
You might have a scheduled task (maybe a backup) that is allowed to wake your computer so that it can perform.
What woke up the computer?
Somewhere in the Event Log, it should say if one of those things started your computer. Sadly, I currently lack a proper entry to provide a good screenshot.
But there are many reasons a computer can wake up from sleep that are far from a hack.
To determine why your computer last woke up from sleep, use powercfg
:
powercfg -lastwake
Related videos on Youtube
user488503
Updated on September 18, 2022Comments
-
user488503 almost 2 years
I woke up and found my PC switched on. I have wake on LAN enabled.
I check the log and my pc started up an hour after i went to bed. I have very basic windows log reading skills. Is there something I can check to see if something malicious was done? Im going to change passwords and run virus scan. Incidentally my wifes user account on PC has no password. And she has admin rights.
I know this all sounds bad, but I never expected someone could do anything to me. Also yesterday found out my hotmail account was blocked because of spam sent from my email. I have a very strong password on it to and never use third party hotmail checkers.
Update: i use windows 7 pro
Update: I will read the logs more later, but just so you know Im pretty sure it wasnt a scheduled wake, cause i never leave the PC on overnight, and its the first time this has happened since building this machine 10 months ago. I will of course double check.
-
Daniel R Hicks about 12 yearsMy wife had her Hotmail account hacked about a year ago. She's very careful, had a reasonably strong password, and our home network is quite secure. I think Hotmail probably has some inherent insecurity somewhere that makes it more susceptible to hacking.
-
Ramhound about 12 years@DanH - Unlikely. The only known exploit in the last year which has already been fixed was an exploit that allow you to reset your password BUT there was a social engineering aspect that was required.
-
Daniel R Hicks about 12 years@Ramhound -- Like I said, my wife is very careful and very unlikely to be taken in by a "social engineering" exploit.
-
user488503 about 12 years@Ramhound Do you remember the huge number of xbox accounts hacked not so long ago?
-
Oliver Salzburg about 12 years@madphp Please run
powercfg -lastwake
to determine what caused the computer to wake up. -
user488503 about 12 years@Oliver Salzburg Wake History Count - 0
-
Oliver Salzburg about 12 years@madphp: OK, so that doesn't help us solve the mystery. Worth a shot :)
-
Vishwanath Dalvi almost 12 yearsCongrats, God has turned it on.
-
Anonymous Penguin almost 11 yearsMaybe the power went out for a second? For most modern devices, the capacitors in them will keep the clock even with a simple power outage for a second or two. This would prevent any signs of a power outage. (A.K.A no blinking time.) On my computer I know whenever I plug it in, it turns on automatically. A power outage wouldn't show up on a log somewhere, especially if it's already off. Unless a pet hit it or you sleep-boot your computer, I would say that this would be a likely cause.
-
-
user488503 about 12 yearsThanks oliver. I will check all this out. Though i can wake lan over internet. I hve it setup that i can.
-
Oliver Salzburg about 12 yearsEven when set up to allow WOL over WAN, I'd assume an accidental activation is unlikely. To my understanding, waking a machine always requires knowledge of the MAC address to create the WOL packet. Now, if you've set up WOL over WAN and someone knows your MAC address, then, I guess, it could be a third party. But then it is hardly a hack if you leave the door wide open :)
-
Daniel R Hicks about 12 yearsI know my laptop will fairly often wake from sleep while closed, unplugged, and in its bag. Windows is a very light sleeper.
-
user488503 about 12 yearsYes. I limit remote desktop to my account with a strong password. Incidently same password hotmail used for a month or two. Is there any good intrusion detection software out there? I suppose i should switch off wol, but i love it so much. I will have a proper look at log later.
-
Oliver Salzburg about 12 years@madphp: I wouldn't be too concerned (at least from a security standpoint) about the computer being on or off if it is otherwise secured.
-
user488503 about 12 yearsI guess i thought pc was only set to wake on lan. Its not in hibernate mode. I know this all sounds paranoid. Haha.
-
HaydnWVN about 12 years
Afraid of security? Then don't use Hotmail...
- there's very little you can do to secure your account as Hotmail (although they don't like to admit it) is inherently insecure and widely targetted by exploit 'tools'. -
Ramhound about 12 years@HaydnWVN - What a bunch of hog wash. I have had a hotmail account since it came out, it is exposed and listed in thousands of google results, never once have I been compromised. I have NEVER been compromised on any acount and have been on the internet since 1993. Of course I won't call madphp an idiot for using the same password for everything.
-
Daniel R Hicks about 12 years@Ramhound -- The fact that your Hotmail account has not been hacked yet proves nothing.
-
White Phoenix about 12 yearsDo you have your network setup such that your router's web interface is accessible from outside the network? e.g. Do you access the router from the Internet to send the WOL packet? If so, check your router's logs to see if there was any unauthorized access during the time your computer was turned on.
-
user488503 about 12 years@Ramhound i dont use the same password for everything. Im actually pretty good at changing it up. I keep my gmail, hotmail and online password separate. Though I wont call you an idiot for making assumptions.
-
user488503 about 12 years@Ramhound online banking
-
HaydnWVN about 12 years
-
Ramhound almost 7 yearsThis does not answer the author's question. Commentary that indicates you also have the problem, should not be submitted as an answer, instead it should submitted as a comment. If you are unable to submit a comment then it shouldn't be submitted.