This guide is heavily based on this post as seen on Digg, although I improved it a bit.

As explained in the link above, you may set up a fake e-mail message appealing to anyone who (for whatever reasons, intended or not) has access to your e-mail account, and this message should trigger a warning back to you. I didn’t like the method used in the post for some reasons. With the method used in the post, the “hacker”, or whoever accessing your e-mail account, should open an HTML file attached to your fake e-mail message, and the actual trigger is stored inside this HTML file. I don’t know about you, but i would double-check in a Notepad this HTML file before opening it. And storing, let’s say, a password list (or whatever trick we’re using to lure the attacker to your fake e-mail) in an HTML file attached to a message is… quite strange and unusual.

Here’s what i’ve done to enhance this trick.

• Like the original trick, I store a fake e-mail message on my own account with something appealing to the attacker in the subject line,  like: a password list, a CC number, whatever.
• The actual e-mail message, which is “rich-text formatted” (actually a HTML formatted e-mail message),  contains an external image, displaying what it seems to be a password list. Smash on your keyboard to fake some passwords
• That external image is hosted on a PHP web host, and we’re not actually calling this image directly (like example.com/passwords.jpg), but we’re calling a PHP script which outputs the image. It also reports back to you that your password is compromised.

Here’s the fun part. The PHP file should be hosted somewhere on the net, but I prefer to host it on a separate directory and named index.php, so we can just point our browser to http://www.example.com/passlist/ and this script is run. Along this PHP file, make a fake password list in an image file in GIMP or Photoshop. I used a white background with black text formatted as Tahoma 12 pixels high, which is rather close to what webmail services use as a font formatting.

Here’s the PHP code in action:

header('Content-Type: image/jpg');

$open = fopen("passlist.jpg", 'r');

fpassthru($open);close($open);

@ini_set("sendmail_from","Bilange's hacker alert <alert@bilange.net>");

@mail("__MAIL ADDRESS__","EMAIL HACKING ALERT!","Referrer: ".$_SERVER['HTTP_REFERER']."\nAgent: ".$_SERVER['HTTP_USER_AGENT']."\nAddr: ".$_SERVER['REMOTE_ADDR']);

The first four lines actually outputs an image file which is read from passlist.jpg, and the last two lines actually reports back to whatever address you want it to report. In this example, you would replace __MAIL ADDRESS__ to any e-mail address you want to recieve your warning.

But wait… isn’t reporting back in an e-mail idiot? We’re ACTUALLY trying to protect our e-mail account!

Since most of us has one or more than one cell phone with SMS enabled, you can send your warning on a cell phone. You can send your SMS by sending a short message to a specific e-mail address. Bell Mobility users would send an SMS to (phone with area code here)@txt.bellmobility.ca, and Telus users would send it to (phone with area code here)@mms.telusmobility.com.

I hope this helps!

If you happen to have a desktop or laptop which has more than one network adapter, one for the LAN and the other connected to your modem, Windows may mess up it’s internal routing table and try to reach google.com over your LAN connection.

This mini-howto provides some information about changing your network card’s order (or priority). This is handy to specify on which network connection your programs will go. Be sure to backup on paper everything you change so you can come back to safe defaults in case of troubles.

Open a Run box using the Start menu and clicking Run (this may be quickly reached by typing Win+R, that is, holding the Windows key between Ctrl and Alt and pressing R), and execute ncpa.cpl — which is a quick shortcut to your “Networking neighborhood” ’s Propreties.

Select advanced in the top menu, and choose Advanced Settings. The first list in the first tab (Adapters and bindings) is the actual order of your physical network adapters. That is,   everytime you or some program tries to connect over a network card, it will go thru all those cards (unless specified otherwise) until the destination is reached. You can re-arrange the order by selecting one of the adapters in the list, and clicking on the arrow buttons on the right side. Click OK when done.

If you happen to have disabled the Printing Spooler service, clicking Ok will warn you about not being able to completly do the changes, which is false to some point. Since our objective is to move around the priority of the adapters, this part is actually done BEFORE the error message popping up, so the changes (at least, the parts we’re interested in) are actually done. You may discard the error message and click on Cancel in the adapters window– note that it doesn’t cancel what we’ve done, you may verify if you wish so.

You may try to test your network at this point, but it didn’t made the trick for me. You may ALSO have to change the TCP/IP Routes priority too. Follow these steps, and do not fool around too much, since we can really funk up the system’s networking in there! You’ve been warned

Still in the Network Connections window (the ncpa.cpl window), right click and choose propreties on every network connections than you think it causes troubles. Or, to reverse the problem around, choose Properties on the network connection you want to push up to the first one being used at all times.

In the General tab, select the TCP/IP option in the list and click on Propreties (shortcut: you can also simply double-click on TCP/IP), and click on the Advanced button in the lower part of the General tab. In the IP Parameters Tab, uncheck “Automatic Metric” and in the textbox below, enter a numeric value between 1 and 9999. This value is actually important and deals with the TCP/IP routing priority of the Windows networking. By putting a small value, this network connection will be used first, and with a large value this will be used as later as possible, depending of the others connection’s Metric value.

In other words, your connection attempt will use every connection (shown as connected or not disabled in the Networking window) ordered by the metric value specified here.