VBA hacker? How can I protect?

Bastard - sod the evidence, just sack them!

Starting simple:

1) Have you protected the vba project? (right click, properties...protection)
2) Create a backup routine in the file that saves the data to another file on a regular basis. Maybe add some checking such that if count(records in new file) < count (records in old file) don't to the backup - send you a mail...
3) Did I mention sack them?
4) Create an access log to track who's entered the file. this should be more robust than the track changes feature (see here for an interesting example:

http://j-walk.com/ss/excel/odd/odd26.htm

5) depending on the user requirements, you can disable various menu options (eg save as)...


...sure there are other things that can be done...

paddy

My advice is you really need to speak with your IT director or your IT manager. This is not so good.

I work hard and have for a long time to have the IT dept on my side as friends so issues are less. IT depts don’t like guys telling them a single thing so be careful

If this is the case you have a problem

I would make sure i have backups of all files and just replace them as needed, even if i said nothing

I might even blame the server dual box server cache refresh rates and flagging of file ownership, that will stop most IT managers in there tracks


Be careful no good can come from this i suggest put yourself first and back up locally

Jack

Have you locked the VBA code for viewing as suggested above and you suspect that they are using a VBA Password cracking program? May I suggest a meeting with your CEO (I always like going to the top). If this were external sabotage then I’d say that Excel was never designed to be a secure environment so you can’t really keep users from un-sharing, but this sound like internal sabotage….and your best way to keep any co-worker from sabotaging your work is to let your CEO know that there is somebody within his/her organization who is purposefully hurting the organization.

Are the files on your network not backed up each night? Can IT not retrieve those files as your request? There are many tricks to keep users from messing with VBA and Excel, but a very advanced user can still get in. Before you spend days/weeks learning the little tricks used to deter hackers, I suggest you follow up internally with management. I suspect that they will have a vested interest in the success of the firm.

I'll address both posts here:

Paddy:
I found a post that showed how to password protect (accessing VBA) that I can use to lock out a VBA hacker...

I am not familiar with how to set up the auto-save routine to an alternative file -- however, I've made a point to go to the server several times a day to grab a copy of it. Today, there was no time-- it was constant phone calls and emails screaming about issue after issue...loss after loss...

If you can tell me how to set up the save and ESPECIALLY the SAVEAS disable process -- this would help me survive tomorrow - perhaps!??

Jack:
You bring to mind the possibility that this trouble could be due to a ticked off server administrator that got jumped on by my boss when the whole file got deleted. When I made the request to have the folder protected from deletes the server guy said: "No, can do -- it is administratively burdensome to perform the request." I sent my boss a note ( who's not real computer savvy ) and said this was ridiculous and how every file housed within our servers are open to anyone to destroy or delete at—will-- if proper permissions and protections are not put in place. Well, all last week --we had major server problems and discovered the administrator indeed had made the whole folder read-only so even "I" was unable to upload new data to the file... So, it's possible my boss jumped all over him and now HE is the one that's having the hay-day.... making our life HELL!
From what I heard, this server person is a remote worker from home in another state an is hard to reach - and hard to get to do anything.... My company is so large - there are IT depts at each location -- and some parts are corporately managed from afar...
THIS is the case with this server....

Tell me more about the "stop in the tracks" verbiage ---- not sure I follow you - and sounds like I need all the help I can get to protect this file and all it's critical data.....

What would you guys recommend – to be able to find out who’s doing this? And/or verify that these new issues are due to this administrator’s ‘power-trip’…..

Mary:
I agree - sounds like internal for sure-- by someone we don't even know!
Initially, it looked like it might be a lady at another site-- but don't believe she has VBA knowledge.... ( she probably knows the SAVEAS work-a-round)but I now think it's the server guy that's taken it to a new level!!

In a nutshell: I dread tomorrow
Keep the good info coming -- I will need to provide suggestions/resulolutions with my mgmt tomorrow - when they ask - What are our options?

Hello a few thoughts, yes lock down the VBE.

Here's a vba proc. to disallow saving:

http://www.mrexcel.com/board2/viewtopic.php?t=29978&highlight=beforesave

Note, an intermediate Excel user can easily thwart this by disabling events.

Use a workbook_open procedure to log (Lan User Names & Times) using sequential access to a text file. Here's the code for sequential text file appending:

http://www.erlandsendata.no/english/vba/fileaccess/sequential.php

Double it with an auto_open procedure in the event that events are disabled.

Here's how to grab the Windows login name:

http://www.mrexcel.com/board2/viewtopic.php?t=33027&highlight=getusername

You'll know who accessed your file and when. Use a formatted version of Date in the:

Open "z:\FOLDERNAME\Backup_" & format(date,"mm-dd-yyyy") & ".TXT" For Append

Note, this approach will append to existing files or create non-exisiting ones.

Another possibility is to use thisworkbook.saveas in the workbook_open event:

ThisWorkbook.SaveAs "z\:bkUp.xls"

Set your application's displayalerts = false, then to true at the beginning and end of your procedure respectively to overwrite the back-up.

Going to the CEO may be over the top, but the lowest common supervisor ought to work after you've compiled who's using your file and when.

Password protect your file, perhaps the sabateur shouldn't even be using the file (i.e., you won't have given them the password).

None of which is fool-proof, but hopefully will present a challenge to your foe, hopefully, they're not reading this. Food for thought.

Regards,
Nate

Create a new workbook and call your present workbook with this code provided by Ivan F Moala. It won't allow any vba changes to your original workbook... however, of course this workbook is accessible unless...(censor)
<pre>Private Sub Workbook_Open()

Application.VBE.MainWindow.Visible = False '// Close ALL windows 1st!
CmdControl 1695, False '// Visual basics Editor
CmdControl 186, False '// Macros...
CmdControl 184, False '// Record New Macro...
CmdControl 1561, False '// View Code
CmdControl 1605, False '// Design Mode
Application.OnDoubleClick = "Dummy"
Application.CommandBars("ToolBar List").Enabled = False
Application.OnKey "%{F11}", "Dummy"
Workbooks.Open "C:\" 'add your stuff here
ActiveWorkbook.RunAutoMacros xlAutoOpen
End Sub
Private Sub Workbook_BeforeClose(Cancel As Boolean)
CmdControl 1695, True '// Visual basics Editor
CmdControl 186, True '// Macros...
CmdControl 184, True '// Record New Macro...
CmdControl 1561, True '// View Code
CmdControl 1605, True '// Design Mode
Application.OnDoubleClick = ""
Application.CommandBars("ToolBar List").Enabled = True 'thisone
Application.OnKey "%{F11}", ""

End Sub
Sub CmdControl(Id As Integer, TF As Boolean)
Dim CBar As CommandBar
Dim C As CommandBarControl
On Error Resume Next
For Each CBar In Application.CommandBars
Set C = CBar.FindControl(Id:=Id, recursive:=True)
If Not C Is Nothing Then C.Enabled = TF
Next
End Sub</pre>
I hope this will help you screw that bastard!
edit..whoops almost censored again

A few have suggested ThisWorkbook.SaveAs, but you want ThisWorkbook.SaveCopyAs to save a backup.

This is really a job for the concerted efforts of the IT, HR, and Legal departments.

- Jon
-------
Jon Peltier, Microsoft Excel MVP
http://www.geocities.com/jonpeltier/Excel/index.html
_______

Thank you --- Thank you --- Thank you!!!
I'm not (yet) a VBA expert -- so trying to implement code within the ALT+F11 area to successfully stop a VBA "expert" will be a challenge.... I will immediately begin to work toward that "expertise" - but until then......

Hopefully, I can locate someone within our IT department that is more knowledgable and employ these GREAT suggestions to try to locate / track/ and "EXECUTE" the guilty party/parties....

As I laid in bed last night, I wondered if perhaps this expert is smiling as he/she reads this board!!!! ( I hope not ! ) RRRR!


Keep it coming -- I'll check back often!

I had a similar problem once. So, after carefully documenting the transgressions, I placed a code like this in the On Open Event.

<font face=Courier New><SPAN style="color:darkblue">Private</SPAN> <SPAN style="color:darkblue">Sub</SPAN> Workbook_Open()
    <SPAN style="color:darkblue">If</SPAN> Environ("UserName") = "the idiots network name" <SPAN style="color:darkblue">Then</SPAN>
        MsgBox ("You are an idiot and can not open this file")
        Me.<SPAN style="color:darkblue">Close</SPAN>
    <SPAN style="color:darkblue">End</SPAN> <SPAN style="color:darkblue">If</SPAN>
<SPAN style="color:darkblue">End</SPAN> <SPAN style="color:darkblue">Sub</SPAN></FONT>

He got the message