+ Reply to Thread
Page 3 of 8 FirstFirst 1 2 3 4 5 6 7 ... LastLast
Results 31 to 45 of 117

Thread: Has your account been hacked? Read here.

  1. #31
    Ascendant ThatTomGuy's Avatar
    Join Date
    Feb 2011
    Location
    Seattle
    Posts
    2,306

    Default

    Registrant: Make this info private
    Greatis Software
    Turgeneva 1, 65
    Yaroslavl, YAROSLAVL 150054
    RU


    Domain Name: GREATIS.COM

    Administrative Contact :
    Sokolov, Dmitry
    dsokolov@TELKOM.NET
    Turgeneva 1-65
    Yaroslavl, Yaroslavl 150054,
    RU

    Phone: 7-0852-72-14-58

    Technical Contact :
    Media3 Technologies,
    admin@media3.net
    33 riverside drive
    pembroke, MA 02359
    US
    Phone: 781-826-1213
    Fax: 781-826-1513

    Record expires on 17-Feb-2012
    Record created on 17-Feb-2000
    Database last updated on 05-Feb-2007

    Russia? no thanks

  2. #32
    Shadowlander MentaLrz's Avatar
    Join Date
    Feb 2011
    Posts
    39

    Default

    I've already reported the possible problem and its not even remotely the users fault. Basically the game launches via a seperate target and it only REQUIRES the user id. So using a custom command line you can simply log into anybodys account with that user id.

    Its been there since beta, I did report it but this post will more than likely get removed. There is nothing you can do

  3. #33
    Shadowlander TwiggLe's Avatar
    Join Date
    Jan 2011
    Posts
    38

    Default

    I just ran all the things the original post said to run. Found 0 nothing...

    I was also hacked/phished/compromised whatever you want to call it...

    Haven't been on since about 3am wednesday log in at 5am thursday and my characters are naked next to mail boxes.

  4. #34
    General of Telara
    Join Date
    Jan 2011
    Posts
    925

    Default

    Quote Originally Posted by Tarmalen View Post
    From a "tech", The easiest way to combat any trojan/keylogger is to make sure you backed up your game and any other data you want to keep and either do a Factory Restore or fdisk/ install fresh from CD. Takes less time and is 100% effective.
    Well for me that means backing up almost a terabyte of info.

    What?

    IM NOT GIVING UP MY **** DAMMIT!
    Quote Originally Posted by Lmaoboat View Post
    I drew a nice picture of some mountains today. It, too, looks good on paper.

  5. #35
    General of Telara
    Join Date
    Jan 2011
    Posts
    925

    Default

    Quote Originally Posted by Anajansi View Post
    I've found a trojan on my system that I believe is related to the accounts being stolen in Rift. I'm going to give you a step-by-step guide on how to get rid of this, and similar, garbage. Read and print out these instructions before attempting to do anything. If you aren't sure what you're doing, don't do anything. I accept no responsibility if you **** something up. This is do-at-your-own-risk.

    First things first, I suggest you download these:
    Malwarebyte's Anti-Malware: http://www.malwarebytes.org/
    Dr. Web CureIt: http://www.freedrweb.com/cureit/?lng=en
    Dr. Web Live CD: http://www.freedrweb.com/livecd/?lng=en (optional)
    UnHackMe: http://www.greatis.com/unhackme/download.htm
    MSE: http://www.microsoft.com/security/pc-security/mse.aspx

    You may be asking, "Why do I need so many things? Shouldn't any anti-virus software work!?" No! These softwares all provide a very different service, and should be used as they are designed to. Additionally, no anti-virus software will detect every virus (even if you keep up to date). Instead, we're going to work at the root of the problem and prevent the malware from running to begin with.

    Now, about the trojan, itself. The trojan will actually be hidden from you and difficult to remove. This is because you, probably, have a rootkit installed. A rootkit subverts the kernel (the Windows OS core, in this case -- I doubt any of you are playing under Linux yet) and may actually prevent the OS itself from seeing files or performing certain actions. Many trojans rely on rootkits to hide themselves and allow them to perform successfully. This particular trojan works as a backdoor, allowing the attacker to install additional malware onto your system without your knowledge. Among them is another piece of malware which is responsible for logging information (ie. your email/password). After some time, a new process is launched that will actually upload the logged information to (one of) the attackers server(s).

    The first thing you should do is install UnHackMe. Once installed, open it up and click 'Check Me Now!' It will state that there is no trojan found; this is fine. Very rarely will it actually find anything at this stage. You should now see a window that gives you three options. Choose 'Scan for Malware...' Now, you'll have an additional 3 options. Select 'Scan Windows Startup...', and when it asks you to reboot your system, do so using the button in the bottom left of the window.

    Once you have restarted and logged in, a subset of UnHackMe will scan your startup programs and report any unknown softwares as well as known malware. Do not be alarmed if something is found! It will give many false positives. You should select "Get It Out!" for anything that resides in the 'Windows' folder (including 'system32', 'SysWOW64', etc.), and the 'User' folder ('C:/Documents and Settings/Username/' [which is aliased to 'C:/Users/...' in Vista and 7] and similar) unless you are absolutely certain that it is legitimate. You might also have entries from 'Program Files' and 'Program Files(x86)'. You can be a bit more relaxed with those and virii typically don't make use of those paths (but expect a lot of malware from 'Program Data'), however, you should still "Get It Out!" on anything suspicious; especially something with a very strange name such as "x8sdf900.exe". After you've gone through everything, you'll be asked to restart again to delete anything suspicious. Do so.
    In this step, I found 2 hidden drivers (.sys files) in the 'SysWOW64' directory, as well as some other arbitrary garbage. The names of these files will most likely be random, so I cannot tell you what to expect.

    Now, hopefully, you're back at your desktop. Go ahead and run Dr. Web's CureIt! It'll run in a protected environment that prevents you from doing anything in the background, so you'll have to find something else to do while waiting. First, do the essential scan (or whatever it is called), and then the complete scan (even if the basic scan finds nothing). Move anything that it finds that you aren't absolutely certain is legitimate.
    In this step, I found one infected file: C:\Documents and Settings\USERNAMEHERE\AppData\Local\instschedule.e xe
    It was a 'normal' executable with the infection concatenated to the file.
    You may also see mention of 'KMS.exe', 'KMS Schedule.exe', or similar variants.

    You may again be asked to restart your computer. Do so.


    Hopefully, by this point, you've removed or at least hindered the underlying rootkit. You should now boot into safemode with networking (press F8 while Windows is starting; but do so after your BIOS or it may ask you to select a boot device). Install Malwarebyte's Anti-malware and update it. Now, perform a complete scan. Now that the rootkit isn't hiding the trojans, you'll probably actually find something. Allow it to remove anything that you are not certain is legitimate. Restart again (this time into normal mode).

    Install Microsoft's Security Essentials. Now, very rarely will you actually see me promoting a Microsoft product, but I actually have to give credit to MS for this one. It actually does something without being a resource hog, intrusive, and annoying to use. Go ahead and let it run a complete scan, as well.

    If you decided to download the Dr. Web Live CD, go ahead and burn it to a disk now and pop it in. Restart your computer and allow it to run from the disc. Dr. Web's Live CD is a minimalist Linux-based environment that provides virus scanning. Why are we doing this? Because you are potentially infected with a Windows-based virus and we may want to avoid scanning for viruses within an infected Windows environment where said infection could prevent us from removing it. Simple as that. This is recommended for advanced users only. It's ridiculously easy to use (provided you're not a complete idiot), so I won't give further instructions here.

    Now, boot into your normal Windows setup again. Open the registry editor (Start->run, type regedit [Windows XP and older] Or just click the Start button and type regedit under Vista and 7).
    Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects
    Delete EVERYTHING inside here. Yes. Everything. They are not necessary and will only slow your computer down. {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (if you have this) will make mention of 'WormRadar' but do not be alarmed; this is actually part of AVG's link scanner.

    Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
    Delete everything that you aren't certain is legitimate. Yes, this includes things in the Windows directory. Everything inside this registry location can be deleted safely. It only controls which softwares start up with Windows. Do the same for HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run

    Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    Look for a key named 'explorer.exe' If it exists, delete it!

    You can now close the registry editor. Now, open Explorer (Start->Computer, My Computer, whatever you want to do). Go to C, then Windows. At this point, change your folder view options to display extensions (if you haven't already). To do this, go to Tools->Folder Options (Under Windows 7, you need to press the ALT key to display this menu at the top of the window). Click the 'View' tab and look below to find the 'Show hidden files, folders, and drives' and make sure it is checked. Look for 'Hide extensions for known file types' and make sure it is unchecked. Click OK, and you'll be back in the Windows directory. Look for 'explorer.exe' (Just select any file/folder and begin typing 'expl'; it should automatically bring you down to the correct file). If you see any mention of 'explorer.bat' or 'explorer.lnk', DELETE THEM! There should only be 'explorer.exe'.

    I would go ahead and do one last boot scan with UnHackMe to make sure you got everything at this point.

    You should, hopefully, now be all clean. You can now uninstall UnHackMe, but the other installed softwares you are recommended to keep. You should, of course, now change your Rift password. If you have any questions or concerns, let me know.
    Hey OP, first of all thanks for writing this excellent post.

    Now,

    For your step 1 with unhackme, it did find something with the word kernel in the name. Im assuming that is the rootkit.

    For step 2 wirh Dr. Web i did both scans. Initial scan did nothing, full scan revealed many items. I was confused though because under actions taken it didnt say anything for most of them and the rest just said "moved". Did it actually do anything with what it found? Also almost everything it found was labeled as a java exploit.

    For step 3 when i rebooted into safe mode unhackit came back up on its own for some reason and did another scan and this time there were two more problems including the rootkit that had supposedly been removed earlier. Removed it and rebooted into safe mode again. Once again unhackit took it upon itself to scan on startup but this time it found nothing.

    Now im running malwarebyteds and it doesnt seem to be finding anything at all, which is kind of a deviation from what you said to expect. Have i messed something up?

    Thanks.
    Last edited by Nonsensei436; 03-10-2011 at 04:49 AM.
    Quote Originally Posted by Lmaoboat View Post
    I drew a nice picture of some mountains today. It, too, looks good on paper.

  6. #36
    Rift Chaser rekrab's Avatar
    Join Date
    Feb 2011
    Location
    Texas
    Posts
    332

    Default

    Quote Originally Posted by Anajansi View Post
    I've found a trojan on my system that I believe is related to the accounts being stolen in Rift. I'm going to give you a step-by-step guide on how to get rid of this, and similar, garbage. Read and print out these instructions before attempting to do anything. If you aren't sure what you're doing, don't do anything. I accept no responsibility if you **** something up. This is do-at-your-own-risk.

    First things first, I suggest you download these:
    Malwarebyte's Anti-Malware: http://www.malwarebytes.org/
    Dr. Web CureIt: http://www.freedrweb.com/cureit/?lng=en
    Dr. Web Live CD: http://www.freedrweb.com/livecd/?lng=en (optional)
    UnHackMe: http://www.greatis.com/unhackme/download.htm
    MSE: http://www.microsoft.com/security/pc-security/mse.aspx

    You may be asking, "Why do I need so many things? Shouldn't any anti-virus software work!?" No! These softwares all provide a very different service, and should be used as they are designed to. Additionally, no anti-virus software will detect every virus (even if you keep up to date). Instead, we're going to work at the root of the problem and prevent the malware from running to begin with.

    Now, about the trojan, itself. The trojan will actually be hidden from you and difficult to remove. This is because you, probably, have a rootkit installed. A rootkit subverts the kernel (the Windows OS core, in this case -- I doubt any of you are playing under Linux yet) and may actually prevent the OS itself from seeing files or performing certain actions. Many trojans rely on rootkits to hide themselves and allow them to perform successfully. This particular trojan works as a backdoor, allowing the attacker to install additional malware onto your system without your knowledge. Among them is another piece of malware which is responsible for logging information (ie. your email/password). After some time, a new process is launched that will actually upload the logged information to (one of) the attackers server(s).

    The first thing you should do is install UnHackMe. Once installed, open it up and click 'Check Me Now!' It will state that there is no trojan found; this is fine. Very rarely will it actually find anything at this stage. You should now see a window that gives you three options. Choose 'Scan for Malware...' Now, you'll have an additional 3 options. Select 'Scan Windows Startup...', and when it asks you to reboot your system, do so using the button in the bottom left of the window.

    Once you have restarted and logged in, a subset of UnHackMe will scan your startup programs and report any unknown softwares as well as known malware. Do not be alarmed if something is found! It will give many false positives. You should select "Get It Out!" for anything that resides in the 'Windows' folder (including 'system32', 'SysWOW64', etc.), and the 'User' folder ('C:/Documents and Settings/Username/' [which is aliased to 'C:/Users/...' in Vista and 7] and similar) unless you are absolutely certain that it is legitimate. You might also have entries from 'Program Files' and 'Program Files(x86)'. You can be a bit more relaxed with those and virii typically don't make use of those paths (but expect a lot of malware from 'Program Data'), however, you should still "Get It Out!" on anything suspicious; especially something with a very strange name such as "x8sdf900.exe". After you've gone through everything, you'll be asked to restart again to delete anything suspicious. Do so.
    In this step, I found 2 hidden drivers (.sys files) in the 'SysWOW64' directory, as well as some other arbitrary garbage. The names of these files will most likely be random, so I cannot tell you what to expect.

    Now, hopefully, you're back at your desktop. Go ahead and run Dr. Web's CureIt! It'll run in a protected environment that prevents you from doing anything in the background, so you'll have to find something else to do while waiting. First, do the essential scan (or whatever it is called), and then the complete scan (even if the basic scan finds nothing). Move anything that it finds that you aren't absolutely certain is legitimate.
    In this step, I found one infected file: C:\Documents and Settings\USERNAMEHERE\AppData\Local\instschedule.e xe
    It was a 'normal' executable with the infection concatenated to the file.
    You may also see mention of 'KMS.exe', 'KMS Schedule.exe', or similar variants.

    You may again be asked to restart your computer. Do so.


    Hopefully, by this point, you've removed or at least hindered the underlying rootkit. You should now boot into safemode with networking (press F8 while Windows is starting; but do so after your BIOS or it may ask you to select a boot device). Install Malwarebyte's Anti-malware and update it. Now, perform a complete scan. Now that the rootkit isn't hiding the trojans, you'll probably actually find something. Allow it to remove anything that you are not certain is legitimate. Restart again (this time into normal mode).

    Install Microsoft's Security Essentials. Now, very rarely will you actually see me promoting a Microsoft product, but I actually have to give credit to MS for this one. It actually does something without being a resource hog, intrusive, and annoying to use. Go ahead and let it run a complete scan, as well.

    If you decided to download the Dr. Web Live CD, go ahead and burn it to a disk now and pop it in. Restart your computer and allow it to run from the disc. Dr. Web's Live CD is a minimalist Linux-based environment that provides virus scanning. Why are we doing this? Because you are potentially infected with a Windows-based virus and we may want to avoid scanning for viruses within an infected Windows environment where said infection could prevent us from removing it. Simple as that. This is recommended for advanced users only. It's ridiculously easy to use (provided you're not a complete idiot), so I won't give further instructions here.

    Now, boot into your normal Windows setup again. Open the registry editor (Start->run, type regedit [Windows XP and older] Or just click the Start button and type regedit under Vista and 7).
    Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects
    Delete EVERYTHING inside here. Yes. Everything. They are not necessary and will only slow your computer down. {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (if you have this) will make mention of 'WormRadar' but do not be alarmed; this is actually part of AVG's link scanner.

    Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
    Delete everything that you aren't certain is legitimate. Yes, this includes things in the Windows directory. Everything inside this registry location can be deleted safely. It only controls which softwares start up with Windows. Do the same for HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run

    Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    Look for a key named 'explorer.exe' If it exists, delete it!

    You can now close the registry editor. Now, open Explorer (Start->Computer, My Computer, whatever you want to do). Go to C, then Windows. At this point, change your folder view options to display extensions (if you haven't already). To do this, go to Tools->Folder Options (Under Windows 7, you need to press the ALT key to display this menu at the top of the window). Click the 'View' tab and look below to find the 'Show hidden files, folders, and drives' and make sure it is checked. Look for 'Hide extensions for known file types' and make sure it is unchecked. Click OK, and you'll be back in the Windows directory. Look for 'explorer.exe' (Just select any file/folder and begin typing 'expl'; it should automatically bring you down to the correct file). If you see any mention of 'explorer.bat' or 'explorer.lnk', DELETE THEM! There should only be 'explorer.exe'.

    I would go ahead and do one last boot scan with UnHackMe to make sure you got everything at this point.

    You should, hopefully, now be all clean. You can now uninstall UnHackMe, but the other installed softwares you are recommended to keep. You should, of course, now change your Rift password. If you have any questions or concerns, let me know.
    2nd acct in home was hacked and left naked by a mailbox. Took 5days or harassing phone and in game support but it was finally fixed...

    Sadly players are getting corrupt data and ninja shard/server transfered.

    Ninja transfers are the new problem.
    50 Rogue Seastone(200+hit), 50 Rogue Spitescar(200+hit), 50 WAR Seastone (140 tough) 36 Warrior Spitescar, 37 mage Seastone
    Suggestion for a summer expansion/patch. --- The Official Rift PVP Video Library --- POLL : Guild Bank
    POLL : Player Housing and Guild Castles Proposed System - Check out the idea of a joint gaming company development for Rift

  7. #37
    Shadowlander
    Join Date
    Jan 2011
    Posts
    38

    Default

    Quote Originally Posted by Nonsensei436 View Post
    Hey OP, first of all thanks for writing this excellent post.

    Now,

    For your step 1 with unhackme, it did find something with the word kernel in the name. Im assuming that is the rootkit.

    For step 2 wirh Dr. Web i did both scans. Initial scan did nothing, full scan revealed many items. I was confused though because under actions taken it didnt say anything for most of them and the rest just said "moved". Did it actually do anything with what it found? Also almost everything it found was labeled as a java exploit.

    For step 3 when i rebooted into safe mode unhackit came back up on its own for some reason and did another scan and this time there were two more problems including the rootkit that had supposedly been removed earlier. Removed it and rebooted into safe mode again. Once again unhackit took it upon itself to scan on startup but this time it found nothing.

    Now im running malwarebyteds and it doesnt seem to be finding anything at all, which is kind of a deviation from what you said to expect. Have i messed something up?

    Thanks.
    Excellent questions. For your first question (or, at least, I'm accepting it as a question even though it was not formed as one), it probably was a hidden driver that used 'kernel' in it's name in an attempt to look important and part of the OS (in hopes that you wouldn't trash it). Since you've removed it and everything is working OK, it's a good thing that you got rid of it.

    For your second question, yes, it quarantined (moved) the files. You can now go to "My Documents/DoctorWeb" and delete the Quarantine folder then empty your recycle bin.

    The rootkit may or may not be gone. It's not always possible to remove them. I would say that you should continue to let it run the start-up scan for awhile and keep an eye on it. If you continually have to remove malicious start-ups, you're in a pretty bad situation. Your best option would probably just to format and reinstall your OS. If, however, you stop seeing it, then you can feel that much more secure.

    Now im running malwarebyteds and it doesnt seem to be finding anything at all, which is kind of a deviation from what you said to expect. Have i messed something up?
    Nope. You may not always find something, it is just expected that you do. Sounds like UnHackMe and CureIt! have done the job already. Malwarebyte's is just always a good idea to use to clean-up after killing a rootkit or virus infestation just to make sure you clear out everything else that was left behind.



    Russia? no thanks
    So, because the servers are hosted in Russia you're assuming it is malicious? I'm not even sure how to respond to that. Don't use it. It's your choice.

  8. #38
    Ascendant ThatTomGuy's Avatar
    Join Date
    Feb 2011
    Location
    Seattle
    Posts
    2,306

    Default

    Quote Originally Posted by MentaLrz View Post
    I've already reported the possible problem and its not even remotely the users fault. Basically the game launches via a seperate target and it only REQUIRES the user id. So using a custom command line you can simply log into anybodys account with that user id.

    Its been there since beta, I did report it but this post will more than likely get removed. There is nothing you can do
    Say what? Another no proof conspiracy theory that doesnt even sound plausible (more made up)

  9. #39
    Telaran
    Join Date
    Feb 2011
    Posts
    68

    Default

    I'm overly paranoid so I decided to do this even though I haven't been hacked... I haven't found too much info on UnHackMe but I installed it anyways (). I guess I just decided to go for it because Bleepingcomputer said it was safe.

    Anyway I scanned with it and it found 7 suspicious (yellow) items but I didn't remove them. I recognized all of them, for example MarvellTray. None of them except for 1 were located in a Windows folder. That one exception was located in Syswow64, and I didn't remove that on either because from what I've understood it's an audio codec: Vorbis.acm, msacm.vorbis

  10. #40
    Plane Touched
    Join Date
    Feb 2011
    Posts
    208

    Default

    It is a bad idea to have multiple background-scanning AV products installed at the same time. They will fight with each other; they will monitor each other's actions and cause slowness and false positives.
    Last edited by Arrow_Raider; 03-10-2011 at 05:40 AM.
    Raaaawwr

  11. #41
    Shadowlander
    Join Date
    Jan 2011
    Posts
    38

    Default

    Quote Originally Posted by Arrow_Raider View Post
    It is a bad idea to have multiple background-scanning AV products installed at the same time. They will fight with each other; they will monitor each other's actions and cause slowness and false positives.
    Please read the original post again. All of the softwares I mentioned perform entirely different tasks. Only one of them will stay installed and provide a background scan (MSE).

  12. #42
    Ascendant
    Join Date
    Feb 2011
    Posts
    1,713

    Default

    Just to be safe I decided to install unhackme because I never used it before. I scanned the windows start up and for viruses after reboot but nothing came up. I proceeded to install dr web cure it and scanned, still nothing.

    However dr web asked me to reboot. After I reboot it, unhack me picked up something that didn't show up the first time.

    Could Dr Web Cureit have installed it? Why didn't it show up the first time?

  13. #43
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    128

    Default

    I am going to place this post here for a Bump.

  14. #44
    Shadowlander
    Join Date
    Jan 2011
    Posts
    24

    Default

    Quote Originally Posted by Kazed View Post
    /signed, informative thread.

    And since i have heard of quite a few getting hacked they should check this out, though i dont get how stupid people are online now a days, allways clicking way to much **** online.
    Condescending much?

    I see this way too much. Every time there is a thread talking about folks getting hacked, you A**es get on here with your "OMG ur so stupid" crap.

    Take some advice from my mother, if you can't say anything productive, ****.
    http://files-cloud.enjin.com/60018/module_gallery/full/83333.jpg

  15. #45
    Shadowlander MentaLrz's Avatar
    Join Date
    Feb 2011
    Posts
    39

    Default

    If you want real security and peace of mind then use the following;

    - Eset smart security (you'll get a very good virus/trojan detection base with a low memory footprint. Its very very very well written and surpasses all other antiviruses on the market. It includes a custom firewall to monitor all incoming and out going connections.)

    - Spybot (a freely distributed anti malware/spyware and trojan database. Its not so great for the antivirus/trojan properties but it picks up an awful lot of malware and spyware, together with Eset you are really in a good position.

    - Hijack this. (in the event your computer has been comprimised, hijack this will allow you manually remove any edits from the system including hidden backround processes. Its for the more experienced user).


    When browsing use FIREFOX with adblock plus, noscript and betterprivacy. This will stop allow of javascript / active x based infections.


    Dont be a dingbat... listen to me.

+ Reply to Thread
Page 3 of 8 FirstFirst 1 2 3 4 5 6 7 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts