I received this email today: Dear Pete, Someone has tried to log into your account on SciForums.com with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes. The person trying to log into your account had the following IP address: 70.173.52.108 All the best, SciForums.com Maybe it's a one-off, maybe not. Has anyone else been tagged?
Hm, that IP belongs to suspected network sharing device (Cox Communications, Las Vegas, NV), according to whatismyipaddress.com. I suggest you to clean cache and change password. Also, you may use programs like CCleaner to wipe clean temp files and cookies.
isn't declaration of private messages against sciforums protocol? Obviously whoever it was missed it 5 times, so no biggie.
Hey Pete, Ive been running some tracer programs on that IP here is what I have come up with: They tried to get into your account from Los Vegas Nevada They did not use a proxy They tried to get into your account through a server by Cox communications ip70-173-52-108.lv.lv.cox.net Pretty darn sure this is the person's e-mail genete7896@gmail.com Now there is another email address linked to that ip, is it yours? i asterixed parts of it so nobody else knows. ****golferb********.com If it is yours that means the person trying to get into your account used your computer
cause obviously fedr we cant look it up on google and immedeately figure out its petegolferboy...like hello...this isnt bronze age.
Weird. No, it's not me. I'm in Australia, with no connection to Nevada. I've now had two more of the same email, including the same IP, and (this is the weird part), an identical email from a different vbulletin forum (with which I am registered but don't participate), again listing the same IP. I guess petegolferboy really wants to be just Pete?
theyre trying to bruteforce(hacking term to describe randm guessing either by person or bot) their way in. Pete, remove all info from your profile, anything that can be used to link to you. ie, e-mail, aim, aol, etc... If they get through your account they could see that and if they know e-mail, and those other things, that will be the next thing they will try to bruteforce their way into those. Id suggest writing down a lis of 10 random letters and numbers. And change your password on this forum to that, and on the other forum to a different set of 10 numbers and letters. Dont use names those are too easy. It is neigh impossible to brute force by human guessing into a password with just numbers and letters. Make sure it is not something personal. After 3 months when the hacker gives up you can switch to a different password. And Id ask the admins if they can take that hackers ip and put it on a filter so even if he does get the right password he cant log in.
Cheers. Done the security things, thanks. I'm more puzzled than concerned, but we'll see what comes of it.
The idea is that you dont want them to take over your identity, if theyre good, they wont use a forum account for anything at all. What they will do is look at your details, find things like e-mail addresses and instant messangers and things like that, and than try and hack into those. The forum account may seem useless for identity theft, but it provides a roadmap which could lead to that destination. You see what I mean?
Pete and everyone else, Possible reason for attempt It's possibly a step up by spammers (without checking further). You see they know their IP ranges are caught, their madeup usernames are too easy to get being newly created, so they are likely to attempt Bruteforce or XScripting techniques to attempt to steal away legitimate users accounts for their spam purposes. Pete you were probably picked by making your Username viewable publically, you might want to change to not showing your online status. Further investigation proves that the IP is already assigned to an Account which has automatically found their way into the "Spammers" usergroup. They joined on the 1st of November. Notes on Sciforums security Your password is only ever human readible at your end, on your computer, Sciforums can't be held responsible for accounts being hijacked if your computer has gained a trojan since thats out of the control of sciforums. The Forum software is done in a way that when you first create your password it's created into an MD5 Digest, which means it's completely irreversable. Password attacks can be done using a Rainbow array method, but the number of collidable Hashes would generate an unrealistic chance of someone hijacking your account. It's suggested that should you be using a public machine, or even your home one. It's a good idea to clear the cookies by logging out of the site properly (if not manually deleting them). This can aid in stopping cookies from being "swiped". It's suggested also that sciforums members do not use proxies(should really be policy to block them as they can undermine the security of the forum.), proxies might be advertised as a way to make you anonymous or increase your safety online, this can be true but for the most part it's actually misleading. Some proxies are generated by Hackers to create a point of entry for "Man in the Middle" attacks. By having your surfing data going through a third party server you potentially put all your data at risk. You should only ever use a proxy if you intend to use a Secure tunneling method with the endpoint server (SSL, or SSH tunnels). Since sciforums doesn't use SSL, Proxies are insecure.
Thanks Stryder. I'm surprised that they would pick an active account. It would seem more sensible to pick an account that hasn't seen use for a long time (easy criteria mined from the member's list would be old creation date, few posts).
