Hackers trying log-in to accounts here

rtblues

New member
Joined:
Apr 6, 2009
Posts:
16
Liked Posts:
0
I got a message from the site today that there have been several failed log-in attempts to my account, not by me.
In-fact, they sent me the IP Address of the user trying to hack my account:
37.130.227.133

Some quick searches reveal this user to be a habitual abuser.
Since this is known, can the user be barred by IP Address?
It would seem to make sense.

Thank you.

rtblues
 

Ares

CCS Hall of Fame
Donator
CCS Hall of Fame '19
Joined:
Aug 21, 2012
Posts:
41,437
Liked Posts:
39,639
Yeah Crys, get'em!
 
Last edited by a moderator:

Crystallas

Three if by air
Staff member
Donator
Joined:
Jun 25, 2010
Posts:
19,890
Liked Posts:
9,618
Location:
Next to the beef gristle mill
My favorite teams
  1. Chicago Bulls
Thanks for bringing it up. I've been trying to stay on top of known compromised systems, and unlisted TOR nodes. New ones pop up as fast as they are found out.

What happened?
Someone using a botnet to compromise common password strings through a TOR connection, then run them as whitelisted accounts that push out spam through PMs/VMs/Signatures and/or flat out posting.

Going forward in 2015, as this is an ongoing occurrence with 99% of the Internet. The age of using weak passwords are long gone. On our side, we can only filter known attempts pro-actively. The fact that someone tried to log into your account and failed means part of the system worked as intended (we have a number of anti-brute force prevention/strike systems, both built in and custom to twart common scripts). However, that doesn't mean all is well. It's a two way street here. we and other sites still need to take steps to discourage this kind of activity. And users need to also secure their information as well to discourage such activity. Short of introducing security features that increase the costs for the site beyond any ability to economically keep the site going, or adding automatic MFA(multifactor authentication), these occurrences are basically just reminders to practice good password hygiene.


Also, none of it is hacking. It's someone other than the intended user, basically trying to log in to the site, and using automated scripts they downloaded online to do so.
 

Crystallas

Three if by air
Staff member
Donator
Joined:
Jun 25, 2010
Posts:
19,890
Liked Posts:
9,618
Location:
Next to the beef gristle mill
My favorite teams
  1. Chicago Bulls
And if you want to know how these scripts prioritize their password attempts? Here I'll explain the most common intelligent force method used today, maybe this bit of knowledge will help you not just on CCS, but everywhere.

Before I get into the most likely method used by this script, I'm not going to explain any intelligent algorithms for guessing passwords blindly. You can search for that stuff on your own if you really want to know, but most of them don't work unless you use very common passwords.

This specific method by the attacker employs a datamined method of gathering accounts. What does that mean? Any sites with databases that were poorly secured or hacked, are tested against other sites.
ie: They got your login details somehow on ONE site. So they try to log into other popular sites to see you use the same password.

One way this happens, you use some iOS/Android app that installs and pops up with a notification telling you it needs access to your data to run. Well, that app datamines your activity, sells the stuff to someone who wants to exploit your data. Or you use another high target site/system that heavily relies on datamining for income, like certain aspects of facebook, google/youtube, and any page that uses flash or shared cookies can pull unencrypted account data fairly easily.

How would they know you use CCS? Whatever method used to steal information, stole cookies. Any site with active log-ins uses cookies. OR they used GeoIP, which narrows your general location down through an IP address given out to computers in that area. Being a Chicago site, anyone that is hacked in the chicagoland area might get tested against our system.

So okay, someone got your favorite username combination, and they got your email, and they got a password you like to use.
Guess what? That means some kid in China/South America(not to say it's always them, just the two most common right now as an example) is trying to see if you use that email/username + password elsewhere. Maybe paypal, maybe CCS. And it takes a long time to check passwords across networks, especially by using money transfer services that actively look for this activity. Making it a wasted cause to spook users by letting them know they have your password.

This leads me to CCS and other sites like us. We can either be used for those who want accounts for spam. Or use CCS as a test site, before flagging a bank or paypal(something with real money waiting to be jacked), which could give the thief a second verification on habits to check against their database of login details.

The user then sees that out of 5000 accounts they have from some stollen database, 1000 use the same password for multiple/every site. Or they see 500 are also their netflix logins, and they sell those accounts as a service. Or you have amazon prime, itunes, xbox live, etc. So many ways to skin a cat and make a buck as a cyber criminal.


TL;DR,
then you're a fool, because you're going to learn this lesson the hard way, no matter how easy some service claims to make these steps. But practice good password hygiene.
 
Last edited:

Ares

CCS Hall of Fame
Donator
CCS Hall of Fame '19
Joined:
Aug 21, 2012
Posts:
41,437
Liked Posts:
39,639
My password is a very complex combination of my birthday and my old dog's name..... no one will ever guess that.
 
Last edited by a moderator:

CreepyBasementGuy

CCS Donator
Donator
Joined:
Aug 20, 2012
Posts:
1,818
Liked Posts:
625
I got the same message too..and I don't even post on the forums much. Probably no one even knows who I am, this is just weird.

It was a different IP though.
 

Crystallas

Three if by air
Staff member
Donator
Joined:
Jun 25, 2010
Posts:
19,890
Liked Posts:
9,618
Location:
Next to the beef gristle mill
My favorite teams
  1. Chicago Bulls
If you want to post the IP addresses, go for it.
 

Novak

Mod in Training/Fire Forum
Donator
CCS Hall of Fame '21
Joined:
Sep 7, 2014
Posts:
16,086
Liked Posts:
12,652
If you watched less horseporn, you'd have less spyware on your comp. Just a suggestion!
 

Ares

CCS Hall of Fame
Donator
CCS Hall of Fame '19
Joined:
Aug 21, 2012
Posts:
41,437
Liked Posts:
39,639
If you watched less horseporn, you'd have less spyware on your comp. Just a suggestion!

dis true.... horseporn inevitably leads to Computer AIDS....
 

Samurai50

New member
Joined:
Nov 25, 2012
Posts:
3
Liked Posts:
0
Location:
Elgin, IL
Got the same message today.

"Someone has tried to log into your account on ChiCitySports, #1 Chicago Sports Fan Message Board with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 198.100.144.75 "

Hell, I made this account almost 3 years ago and don't think I have logged in about 2.

So yeah, something weird is going on. No clue why someone would try to access message board accounts of people who aren't active posters.
 

Chief Walking Stick

Heeeh heeeeh he said POLES
Donator
Joined:
May 12, 2010
Posts:
45,540
Liked Posts:
29,545
Got the same message today.

"Someone has tried to log into your account on ChiCitySports, #1 Chicago Sports Fan Message Board with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 198.100.144.75 "

Hell, I made this account almost 3 years ago and don't think I have logged in about 2.

So yeah, something weird is going on. No clue why someone would try to access message board accounts of people who aren't active posters.

Welcome to CCS!
 

Samurai50

New member
Joined:
Nov 25, 2012
Posts:
3
Liked Posts:
0
Location:
Elgin, IL
Thanks, I do read these forums daily, just don't bother to log in.
 

Crystallas

Three if by air
Staff member
Donator
Joined:
Jun 25, 2010
Posts:
19,890
Liked Posts:
9,618
Location:
Next to the beef gristle mill
My favorite teams
  1. Chicago Bulls
Yeah, these exploiters don't care if you log in every day or made a one and done account.
 

Warrior Spirit

The Truth
Donator
Joined:
Sep 12, 2010
Posts:
41,561
Liked Posts:
13,619
I've gotten the same message and my password is so weak I don't know how they didn't get in.
 

Schmidtaki

Just your everyday fail.
Donator
Joined:
Aug 21, 2012
Posts:
3,087
Liked Posts:
2,103
Location:
Lost OMW to the Point
Dear Schmidtaki,

Someone has tried to log into your account on ChiCitySports, #1 Chicago Sports Fan Message Board with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 46.19.137.132

All the best,
ChiCitySports, #1 Chicago Sports Fan Message Board
 

Top