• Registered users are encouraged to enable MFA/2FA to add an aditional layer of security to their account. More information can be found here: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/activate-2-step-verification-on-your-email

possible attempted hack?

F

fimmo

Messages
5
hi, i joined this forum a while back, probaly when i had an earlier ep3 and after selling it i had no need to come back,since then had a few and in fact i've just put a deposit down this week an my 4th type r.. anyhoo... randomly got an email from this forum saying someone had attempted to login as me ad had entered the wrong details 5 times so my account login has been cancelled for 15 mins.

it def wasnt me and i dont know if anyone else has had this problem but i logged on no probs, but just thought i'd let admin know!
 
Probably just a bot bruteforcing passwords. Bot will read the usernames from the posts, and then use those against a list of common passwords to try and harvest the account. If successful the email address would probably go first, then they'd try the password with the email to gain access to the email account. Small chance it would be used to spam the boards with the forum account, but likely they'd be going for alternative vectors to email accounts.

I'd wager a cold pint it's originating from a Chinese or Russian IP address, in that order.
 
I've just had this email too, I'm never on here now since selling my civic. Email said IP address: 162.247.72.212

Means nothing to me but may help out lol.
 
ive also just had this email . [FONT=Segoe UI, Segoe UI Web Regular, Segoe UI Symbol, Helvetica Neue, BBAlpha Sans, S60 Sans, Arial, sans-serif]following IP address: 192.42.116.16 is the tor network . Id make sure your email password is different from this forum . Id change your passwords just to be on the safe side. [/FONT]
 
Just make sure your main email account has a strong password and you'll be fine. Your account here can always be saved when it's hacked. Keep a good unique password on that aswell though so there's no headaches.
 
Just had the same...

The person trying to log into your account had the following IP address: 176.10.99.202
 
jambox said:
I just had the same IP address: 178.20.55.18
Click to expand...

Anonymous web proxy

Dave C said:
Just had the same...

The person trying to log into your account had the following IP address: 176.10.99.202
Click to expand...

TOR Router.

Intersting. Well certainly less brazen than I've seen in the past. Also interesting that they seem to be varying vector, well not intersting - fcking annoying but hey what can you do.
 
scruffy_ said:
fcking annoying but hey what can you do.
Click to expand...

Exactly that.

Short of disabling Tapatalk and implementing a captur type system, then you aren't going to stop spurious automated attempts and then that wouldn't stop manual ones.

We can't stop blocking access to specific IP ranges either.
 
It's getting more well known now. A lad who used to work at my place used to use it all the time. Freely told us about him buying "meds" from America. :rolleyes:

It will be a group thinking they are a hacker organisation trying to mask their IP bouncing off a server on the Tor network. Brute force account attacks are hardly the pinnacle of finesse on a system that restricts access after 5 attempts.

My guess is they are using a common passwords list and hitting the 5 block.
 
Loxy said:
Exactly that.

Short of disabling Tapatalk and implementing a captur type system, then you aren't going to stop spurious automated attempts and then that wouldn't stop manual ones.

We can't stop blocking access to specific IP ranges either.
Click to expand...

You'd have no complaints from me by disabling Tapatalk, can't stand it and the incessent badgering when you visit the site on mobile boils my p*ss. :lol: A Captur system wouldn't be the worst thing in the world, the new ones just require a single mouse click. Or something like this would be fun. :D

http://portal.areyouahuman.com/installation/vbulletin

Loxy said:
It's getting more well known now. A lad who used to work at my place used to use it all the time. Freely told us about him buying "meds" from America. :rolleyes:

It will be a group thinking they are a hacker organisation trying to mask their IP bouncing off a server on the Tor network. Brute force account attacks are hardly the pinnacle of finesse on a system that restricts access after 5 attempts.

My guess is they are using a common passwords list and hitting the 5 block.
Click to expand...

It's most likely the first tier of an organisation that ultimately ends up selling identities online. We get them on another forum popping up with the harvested details every now and then, offering several hundred guaranteed online identities with credit card details, social security numbers etc. Must be farms of people out there just harvest away poorly stowed details ripe for the picking. Sickening, but in a world where security isn't taken seriously enough it's hardly surprising.
 
Had this come up today as well.

Updated my password just to be safe. (was about time I did)

'The person trying to log into your account had the following IP address: 89.234.157.254'

another TOR relay
 
Yep i got the same, wondered what that was all about, completely random new password time so.

"The person trying to log into your account had the following IP address: 109.163.234.7"
 
Just had this done on mine as well! Can I just get my account deleted please?
 
You must log in or register to reply here.
Back
Top