Announcement

Collapse
No announcement yet.

Website, CSF, and lots of attacks.

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
    #1

    Website, CSF, and lots of attacks.

    Hello,

    I have a domain and a virtual private server. I've noticed an increasing number of port scans detected by ConfigServer Firewall. For example, yesterday, there were about 40 e-mails from CSF. Today, 116. They're all from different companies, like Ukraine, Mexico, Brazil, Pakistan, etc.

    For example, here's one from Pakistan:
    Code:
    Sep 22 06:09:22 franklin kernel: [60481528.708196] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=182.184.82.253 DST=132.148.11.44 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=47797 PROTO=TCP SPT=1297 DPT=23 WINDOW=26683 RES=0x00 SYN URGP=0
Sep 22 06:09:26 franklin kernel: [60481532.850047] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=182.184.82.253 DST=132.148.11.44 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=47797 PROTO=TCP SPT=1297 DPT=23 WINDOW=26683 RES=0x00 SYN URGP=0
Sep 22 06:09:46 franklin kernel: [60481553.078695] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=182.184.82.253 DST=132.148.11.44 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=47797 PROTO=TCP SPT=1297 DPT=23 WINDOW=26683 RES=0x00 SYN URGP=0
Sep 22 06:10:11 franklin kernel: [60481577.312413] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=182.184.82.253 DST=132.148.11.44 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=47797 PROTO=TCP SPT=1297 DPT=23 WINDOW=26683 RES=0x00 SYN URGP=0
Sep 22 06:10:31 franklin kernel: [60481597.490389] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=182.184.82.253 DST=132.148.11.44 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=47797 PROTO=TCP SPT=1297 DPT=23 WINDOW=26683 RES=0x00 SYN URGP=0
Sep 22 06:10:34 franklin kernel: [60481600.893815] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=182.184.82.253 DST=132.148.11.44 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=47797 PROTO=TCP SPT=1297 DPT=23 WINDOW=26683 RES=0x00 SYN URGP=0
    Here's one from China:
    Code:
    Time:  Thu Sep 22 05:58:15 2016 -0400
IP:   14.148.236.121 (CN/China/-)
Hits:  6
Blocked: Permanent Block

Sample of block hits:
Sep 22 05:57:41 franklin kernel: [60480827.524481] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=14.148.236.121 DST=132.148.11.44 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=43932 PROTO=TCP SPT=18515 DPT=23 WINDOW=10289 RES=0x00 SYN URGP=0
Sep 22 05:57:46 franklin kernel: [60480832.454751] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=14.148.236.121 DST=132.148.11.44 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=43932 PROTO=TCP SPT=29503 DPT=23 WINDOW=10289 RES=0x00 SYN URGP=0
Sep 22 05:57:49 franklin kernel: [60480835.343203] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=14.148.236.121 DST=132.148.11.44 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=43932 PROTO=TCP SPT=29503 DPT=23 WINDOW=10289 RES=0x00 SYN URGP=0
Sep 22 05:57:50 franklin kernel: [60480835.628279] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=14.148.236.121 DST=132.148.11.44 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=43932 PROTO=TCP SPT=29503 DPT=23 WINDOW=10289 RES=0x00 SYN URGP=0
Sep 22 05:58:08 franklin kernel: [60480853.638766] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=14.148.236.121 DST=132.148.11.44 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=43932 PROTO=TCP SPT=18389 DPT=2323 WINDOW=10289 RES=0x00 SYN URGP=0
Sep 22 05:58:10 franklin kernel: [60480856.579357] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=14.148.236.121 DST=132.148.11.44 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=43932 PROTO=TCP SPT=25257 DPT=23 WINDOW=10289 RES=0x00 SYN URGP=0
    I see a lot of them that have TCP protocol and a destination port of 23. As I'm sure you all probably know, TCP port 23 is generally the telnet port. I have nothing running on port 23. Any ideas why sooooo many people are trying to connect to this port? From Brazil, they first try to connect to port 2323 and then to port 23. Every time someone from Brazil tries connecting, they try connected to port 2323 first and then 23. I think maybe they're all from the same person or something. Any suggestions?
    -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full
    Tags: None
    #2
    Re: Website, CSF, and lots of attacks.

    Oh, here's one from China:
    Code:
    Time:  Wed Sep 21 17:19:59 2016 -0400
IP:   119.142.214.95 (CN/China/-)
Hits:  6
Blocked: Permanent Block

Sample of block hits:
Sep 21 17:18:17 franklin kernel: [60435227.564237] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=119.142.214.95 DST=104.238.117.105 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=28970 PROTO=TCP SPT=26132 DPT=23 WINDOW=60614 RES=0x00 SYN URGP=0
Sep 21 17:18:48 franklin kernel: [60435258.794419] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=119.142.214.95 DST=104.238.117.105 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=28970 PROTO=TCP SPT=26132 DPT=23 WINDOW=60614 RES=0x00 SYN URGP=0
Sep 21 17:19:05 franklin kernel: [60435275.934858] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=119.142.214.95 DST=104.238.117.105 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=28970 PROTO=TCP SPT=26132 DPT=23 WINDOW=60614 RES=0x00 SYN URGP=0
Sep 21 17:19:41 franklin kernel: [60435312.039721] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=119.142.214.95 DST=104.238.117.105 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=28970 PROTO=TCP SPT=26132 DPT=23 WINDOW=60614 RES=0x00 SYN URGP=0
Sep 21 17:19:44 franklin kernel: [60435315.001672] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=119.142.214.95 DST=104.238.117.105 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=28970 PROTO=TCP SPT=26132 DPT=23 WINDOW=60614 RES=0x00 SYN URGP=0
Sep 21 17:19:54 franklin kernel: [60435324.471412] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:51:1a:39:f2:00:26:98:08:34:c1:08:00 SRC=119.142.214.95 DST=104.238.117.105 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=28970 PROTO=TCP SPT=26132 DPT=2323 WINDOW=60614 RES=0x00 SYN URGP=0
    Notice how it's TCP DPT 23 again, except for the last one, DPT 2323.

    EDIT: It seems I might have forgotten to check my e-mail for a day or two. Been so busy, I guess I didn't realize it. I'd still like to know why soooo many people are trying to connect to port 23 or 2323. I wonder what was running on this IP before I obtained it. I figure since I've had it for like a year now, people would know the domain belongs to someone else now. I still get 404's in the logs for a Jet Li video. The Jet Li stuff was like 6 years ago!!!! Maybe old search engines or something that haven't updated their crawling database?
    Last edited by Spork Schivago; 09-22-2016, 10:00 AM.
    -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

    Comment

      #3
      Re: Website, CSF, and lots of attacks.

      they probably arent from china, china is under 24/7 flood attack by some western government.
      makes it a right pain in the ass to download large files from chinese servers!

      most likely it's coming out of the u.s. or israel and being proxied a few times.
      as for what they are looking for - maybe they are looking for "internet of shit" / dedicated devices.

      Comment

        #4
        Re: Website, CSF, and lots of attacks.

        Most attacks are run from scripts that try the same attacks endlessly on any IP address and TCP/UDP ports they can connect to. Telnet is normally on port 23, and some people are known to run a telnet server at port 2323 (although nobody should be using telnet for remote access anymore), just as HTTP normally runs on port 80, and some people run an HTTP server at 8080. These "attacks" you are seeing are just probes looking for known weaknesses so they can start a real attack. It's just Internet life in 2016.

        I generally find that after setting up a new server the first probes will find it and start looking for weaknesses within an hour.

        Comment

          #5
          Re: Website, CSF, and lots of attacks.

          Originally posted by stj View Post
          they probably arent from china, china is under 24/7 flood attack by some western government.
          makes it a right pain in the ass to download large files from chinese servers!

          most likely it's coming out of the u.s. or israel and being proxied a few times.
          as for what they are looking for - maybe they are looking for "internet of shit" / dedicated devices.
          I figured it was being proxied. I thought it was coming from the same person / group / whatever. I mean I'm sure there's a few that are just random people, but the majority of them are all TCP port 23. There's a few that start with 2323 or end in 2323 but even in them, minus that one 2323 port, the rest from that IP are 23. Almost like it's a script and someone had a typo and accidently put in port 2323 instead of 23. Maybe they're trying some sort of brute force telenet attack (although I don't have a telnet server setup).
          -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

          Comment

            #6
            Re: Website, CSF, and lots of attacks.

            Originally posted by Uniballer View Post
            Most attacks are run from scripts that try the same attacks endlessly on any IP address and TCP/UDP ports they can connect to. Telnet is normally on port 23, and some people are known to run a telnet server at port 2323 (although nobody should be using telnet for remote access anymore), just as HTTP normally runs on port 80, and some people run an HTTP server at 8080. These "attacks" you are seeing are just probes looking for known weaknesses so they can start a real attack. It's just Internet life in 2016.

            I generally find that after setting up a new server the first probes will find it and start looking for weaknesses within an hour.
            I figured it was a script as well. I've seen some people try running an SSH brute force attack. Before I had security software setup, one person was flooding my logs trying a brute force SSH attack but he was connected to a closed port. Must not have been very intelligent. I figured one of them script kiddies.

            One of these days, if they keep trying, they'll probably find away in. Sooner or later, I'm sure something will be exploitable. My provider isn't the best and I'm running an outdated version of CentOS. I'd love something a bit newer, you know? Maybe one of these days I'll switch to someone else.

            Reverse DNS pointers, for instance, I cannot set them up. Kinda sucks. I thought I'd have control over that, but they run some custom anti-mass-mailing program or something and everything goes through their relay or whatever you want to call it. I guess that's why I cannot have reverse DNS pointer records setup.
            -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

            Comment

              #7
              Re: Website, CSF, and lots of attacks.

              it could have been an indexing tool.
              either private scum (Israeli / NSA / GCHQ etc)

              or something like shodan.
              https://www.shodan.io/

              Comment

                #8
                Re: Website, CSF, and lots of attacks.

                For the port 2323 / 23 stuff? Or the SSH stuff?

                What do you mean by indexing tool? Kinda like a web crawler (like what Google might use) but recording open ports? I'd think if that was the case, they'd be trying more than just port 23 and 2323.

                I'm starting to think the 23 / 2323 thing isn't so much an attack, just some misconfigured service or something. I mean if it was an attack, why just those two ports? My server blocks them after a certain number of attempts. They are permanently banned and cannot connect again. Do you think maybe they're trying to bring down my server with some sort of simple DDoS? Connect, get banned, connect from another IP address, get banned, do it enough, fill up enough memory...
                -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                Comment

                  #9
                  Re: Website, CSF, and lots of attacks.

                  a crawler would only try one port if it's well written and try a lot of i.p.'s
                  if it tried to walk through all the port numbers it would trip firewalls and be blocked instantly - by only trying one port each pass, it avoids that.

                  Comment

                    #10
                    Re: Website, CSF, and lots of attacks.

                    Originally posted by stj View Post
                    a crawler would only try one port if it's well written and try a lot of i.p.'s
                    if it tried to walk through all the port numbers it would trip firewalls and be blocked instantly - by only trying one port each pass, it avoids that.
                    Yeah, I believe crawlers are just for HTTP / HTTPS stuff, right? Is an indexer one that does one port each pass? Maybe try a port, wait a day, try another port, wait a day, etc?

                    These TCP port 23's have been going on for a long time now, since I setup CSF. They've just recently increased in frequency. That worried me a little.
                    -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                    Comment

                      #11
                      Re: Website, CSF, and lots of attacks.

                      There's also lots of viruses that infect servers and home computers and join botnets (for mass email spam, mass flood of servers for ransom as in send bitcoin here and we'll stop ddos-ing your servers) and these automatically scan ip ranges to detect other computers and then try to infect them though known vulnerabilities.

                      Probably some of those viruses know of some vulnerabilities on a particular version of telnet server app and try to detect if your server runs it.
                      Last edited by mariushm; 09-23-2016, 03:07 AM.

                      Comment

                        #12
                        Re: Website, CSF, and lots of attacks.

                        I had this one that said they are from Microsoft and all my accounts were being scan and credits were compromised. It told me that there was a virus and to call a 1-800 number to correct the problem. If I closed the window I would not be able to use my machine. This was on firefox, internet explorer and google chrome. It took me awhile to get rid of it. The final thing is I had to increase security levels on my router and computer. Of course this then slows the computer on the internet.
                        Last edited by keeney123; 09-23-2016, 11:25 AM.

                        Comment

                          #13
                          Re: Website, CSF, and lots of attacks.

                          Originally posted by mariushm View Post
                          There's also lots of viruses that infect servers and home computers and join botnets (for mass email spam, mass flood of servers for ransom as in send bitcoin here and we'll stop ddos-ing your servers) and these automatically scan ip ranges to detect other computers and then try to infect them though known vulnerabilities.

                          Probably some of those viruses know of some vulnerabilities on a particular version of telnet server app and try to detect if your server runs it.
                          Okay. So, do you think they're just constantly scanning that port every day in case I finally setup a telnet server or something?

                          I'd have to say it's some sort of botnet, based on the sheer number of attempts, always from a different IP address...I guess they could be spoofing their IP address, but that'd be pretty pointless, wouldn't it be? They'd never get any responses from my server. Does the TCP implement any type of handshaking at all? If not, maybe they could be flying blind. For example, spoof their IP, try sending an exploit to my server, assume the exploit was successful, have the exploit open port 2323, try connecting to port 2323, etc.

                          Is that possible at all or no?
                          -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                          Comment

                            #14
                            Re: Website, CSF, and lots of attacks.

                            Originally posted by keeney123 View Post
                            I had this one that said they are from Microsoft and all my accounts were being scan and credits were compromised. It told me that there was a virus and to call a 1-800 number to correct the problem. If I closed the window I would not be able to use my machine. This was on firefox, internet explorer and google chrome. It took me awhile to get rid of it. The final thing is I had to increase security levels on my router and computer. Of course this then slows the computer on the internet.
                            Those things can be a bit nasty. I've ran across one that took advantage of some vulnerability in some browser. It prevented me from closing the window. I just CTRL-ALT-DELETE'd and ended the browser. Then, when I restarted the browser, I very quick like just closed the tab that was loading the bad stuff.
                            -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                            Comment

                              #15
                              Re: Website, CSF, and lots of attacks.

                              Originally posted by Spork Schivago View Post
                              Those things can be a bit nasty. I've ran across one that took advantage of some vulnerability in some browser. It prevented me from closing the window. I just CTRL-ALT-DELETE'd and ended the browser. Then, when I restarted the browser, I very quick like just closed the tab that was loading the bad stuff.
                              This was way more aggressive. As I could close the browser like Firefox and open a completely different browser like internet explorer and it was right there. It completely ignore the start and home page and went directly to its page. I block the domain with Bit Defender and it started loading on another domain. It did not matter what site I went to it was there. I increased the security of the browsers to high and it did not matter. I completely deleted the browser and then reloaded it and it was there. I finally loaded Google Chrome and it was clean for about three or four searches and then it appeared. I then set my Bit Defender to max gaming mode and then went into my modem and set that to Max security and that solved the problem. The problem then is the web searches are slower.

                              Comment

                                #16
                                Re: Website, CSF, and lots of attacks.

                                re-install Windows. DONE.
                                Don't buy those $10 PSU "specials". They fail, and they have taken whole computers with them.

                                My computer doubles as a space heater.

                                Permanently Retired Systems:
                                RIP Advantech UNO-3072LA (2008-2021) - Decommissioned and taken out of service permanently due to lack of software support for it. Not very likely to ever be recommissioned again.
                                Asus Q550LF (Old main laptop, 2014-2022) - Decommissioned and stripped due to a myriad of problems, the main battery bloating being the final nail in the coffin.


                                Kooky and Kool Systems
                                - 1996 Power Macintosh 7200/120 + PC Compatibility Card - Under Restoration
                                - 1993 Gateway 2000 80486DX/50 - Fully Operational/WIP
                                - 2004 Athlon 64 Retro Gaming System - Indefinitely Parked
                                - Main Workstation - Fully operational!

                                sigpic

                                Comment

                                  #17
                                  Re: Website, CSF, and lots of attacks.

                                  Originally posted by keeney123 View Post
                                  This was way more aggressive. As I could close the browser like Firefox and open a completely different browser like internet explorer and it was right there. It completely ignore the start and home page and went directly to its page. I block the domain with Bit Defender and it started loading on another domain. It did not matter what site I went to it was there. I increased the security of the browsers to high and it did not matter. I completely deleted the browser and then reloaded it and it was there. I finally loaded Google Chrome and it was clean for about three or four searches and then it appeared. I then set my Bit Defender to max gaming mode and then went into my modem and set that to Max security and that solved the problem. The problem then is the web searches are slower.
                                  Keeney123, I feel that I owe you for one reason or another. Anyway, it sounds like your PC was actually infected and might still be. If you don't mind running some tests, we might be able to figure out if it is or not.

                                  One thing you might want to do first is to download Malwarebytes and run that:

                                  https://www.malwarebytes.com/mwb-download/

                                  You probably want the free download. Once you start installing, eventually it will bring up a pop-up window with some check marks. One will say Enable free trial of Malwarebytes Premium. Uncheck that unless you plan on purchasing the premium version.

                                  Once Malwarebytes starts, don't click Scan Now. Wait until it finishes updating. Then, click on Settings. On the left hand side, you'll see a category titled: Detection and Protection. Click that and you should see some check boxes. Click the one that says Scan for rootkits.

                                  After that, click the option that says Scan. It's after Dashboard and before Settings on the top of Malwarebytes. Click on Custom Scan. Then click the big blue button that says CONFIGURE SCAN. Make sure Scan for Rootkits is checked on the left hand side. Also, make sure your drive is checked. You might have more than one drive to pick from. For example, here, we have the C: drive and the D: drive. Our D: drive is the blu-ray burner so there's no sense for us to scan that. If you're not sure, you can check them all. It shouldn't hurt anything. After that, click Scan Now.

                                  Go do something for a while. It can take a while to scan. Once it's done scanning, let us know what it says for Detected Objects:

                                  There's more programs I'll have you run, if you're okay with it, but we should start there.
                                  -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                                  Comment

                                    #18
                                    Re: Website, CSF, and lots of attacks.

                                    TechGeek is correct. Ultimately, if you are infected, you should always reinstall Windows. If you need to do this, contact me via e-mail and I'll walk you through it. If you have more than one PC connected to the internet, it'd be easier.
                                    -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                                    Comment

                                      #19
                                      Re: Website, CSF, and lots of attacks.

                                      Originally posted by Spork Schivago View Post
                                      TechGeek is correct. Ultimately, if you are infected, you should always reinstall Windows. If you need to do this, contact me via e-mail and I'll walk you through it. If you have more than one PC connected to the internet, it'd be easier.
                                      QFT and also wipe the entire drive! You don't want ghost Windows reminants!
                                      ASRock B550 PG Velocita

                                      Ryzen 9 "Vermeer" 5900X

                                      32 GB G.Skill RipJaws V F4-3200C16D-32GVR

                                      Sapphire Nitro+ Radeon RX 6750 XT

                                      eVGA Supernova G3 750W

                                      Western Digital Black SN850 1TB NVMe SSD

                                      Alienware AW3423DWF OLED




                                      "¡Me encanta "Me Encanta o Enlistarlo con Hilary Farr!" -Mí mismo

                                      "There's nothing more unattractive than a chick smoking a cigarette" -Topcat

                                      "Today's lesson in pissivity comes in the form of a ziplock baggie full of GPU extension brackets & hardware that for the last ~3 years have been on my bench, always in my way, getting moved around constantly....and yesterday I found myself in need of them....and the bastards are now nowhere to be found! Motherfracker!!" -Topcat

                                      "did I see a chair fly? I think I did! Time for popcorn!" -ratdude747

                                      Comment

                                        #20
                                        Re: Website, CSF, and lots of attacks.

                                        Originally posted by RJARRRPCGP View Post
                                        QFT and also wipe the entire drive! You don't want ghost Windows reminants!
                                        What do you mean by QFT? Quick Format?

                                        This can be a bit tricky. Although I personally don't care much for recovery partitions and images and prefer a clean installation, some people like them very much. When they pay me and they have some pre-installed version of something like Cyberlink and I wipe the entire drive, they might get pretty upset when I give the PC back without Cyberlink. If they want it reinstalled, a lot of times, they might be forced to either purchase it directly or purchase recovery disks....

                                        So, depending on whether Keeney123 wants a clean install or his pre-installed bloatware, I mean software, I think that would determine what way is the best.

                                        Some BIOSes use partitions for system tools, like UEFI type BIOSes. If those partitions are destroyed, those tools won't work.
                                        -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                                        Comment

                                        Previous 1 2 3 4 template Next
                                        Working...
                                        X