Foo - My account trying to be hacked....

On another forum, one I really don't even frequent (posted there one time) I got an automated email that said:



Dear KingTermite,

Your account on COWON America Forums has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 74.53.243.34

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
http://www.cowonamerica.com/forums/login.php?do=lostpw

All the best,
COWON America Forums


According to this website:
http://www.geobytes.com/IpLocator.htm?GetLocation

It appears to be from the Chicago area.

Anything I can/should do? I replied to email and asked them to ban the IP address. I'd love to actually find the bugger and surprise him somehow. Any ideas on how I can (relatively easily because I'm not spending a "lot" of time on this)?

Did an IP Location track and it's located here:
Your IP address is 74.53.243.34
City: Chantilly Virginia
Country: United States
Continent: North America
Time Zone: EST

Did an IP Location track and it's located here:
Your IP address is 74.53.243.34
City: Chantilly Virginia
Country: United States
Continent: North America
Time Zone: EST

That's great, but can I actually trace it back to a real person? That's what I'd like to be able to do.

Generally, no - IP addresses usually resolve to the location of the ISP.

I'd definitely try and have them delete everything off there of yours. :(

I'd definitely try and have them delete everything off there of yours. :(
I emailed them and asked the account be deleted. I only posted there once to try to get an answer to question quick, so there is no personal info on account, just basics. Its a forum for a media player software that I use now (JetAudio).

Happened to me once, and it was someone who decided to register on the forum with my username. Since the username already existed, he assumed he'd registered it himself and forgot (after all, how many people would use "cydewaze"?).

I found out after he registered with another name and used the "email member" feature to contact me.

hehe, I'm registered in quite a few forums, but basically use, um, 5 -- and oh yeah - am in one for bugs, and one for betta fish where I'm sure I'm talking fishy stuffs to a lot of 9 yr olds:p

hehe, I'm registered in quite a few forums, but basically use, um, 5 -- and oh yeah - am in one for bugs, and one for betta fish where I'm sure I'm talking fishy stuffs to a lot of 9 yr olds:p

Rookie.

Overall, I'm probably registered in dozens of forums. Only a few that I'm even remotely active in. Really just this one and one other anymore and the other one I'm barely active in (maybe about 5 posts per week).

I do not think that the IP tracking will work, as you think I am in the Chicago area and I am in Texas.....


I mean good luck catching that sneaky bastage, KT!

What's your password on that site? I'll look into it. Also, what's your mother's maiden name? You remind me of a KingTermite I met once and I just want to see if I knew your mother before she was married. ;)

I got the same EXACT message yesterday. :eek:

http://www.cowonamerica.com/forums/showthread.php?p=35907

http://iaudiophile.net/forums/showthread.php?p=139981#post139981

First thing I would do is make the password as long as their software allows...and make it as nasty and nonsensical as possible until they nab this tard (keep the password on PDA to read it later to login).

SOmething like "eui8923((@)092[pP{0394...1290dffadK\+-321<>><lkdl" should really piss off any password cracker.

I'd consider downloading KeePass, and using that to make (and store) the password. KeePass is open source, and generates passwords in as secure a way as possible.

I keep my passwords on a detachable flash drive for reference. I set up strong and impossible to memorize passwords anymore and need a reference.....what can I say?

example, not a real PW: mxlptlk74%^534

Okay Tom and Catatonic, probably pure happenstance, but you two just posted my passwords. Cat was first, I changed it and now Tom gets it! Dang, I am just gonna go back to using my mom's maiden name for everything. Uhmelmuhay is easier to remember.

mxlptlk74%^534 is what I named my dog! They say not to use a pet's name as a password, though.

Contact his ISP's abuse department.

Use the American Registry for Internet Numbers to find who owns an IP address range (if it says APNIC (Asia Pacific Network Information Center), LACNIC (Latin American and Carribean Network Information Center), RIPE NCC (Réseaux IP Européens Network Information Center), or AfriNIC (African Network Information Center), then look on THOSE sites.)

And, the ARIN lookup on that IP shows that it's ThePlanet.com Internet Services who owns the IP range that that IP is in. Their abuse contact is abuse@theplanet.com.

Contact his ISP's abuse department.

Use the American Registry for Internet Numbers to find who owns an IP address range (if it says APNIC (Asia Pacific Network Information Center), LACNIC (Latin American and Carribean Network Information Center), RIPE NCC (Réseaux IP Européens Network Information Center), or AfriNIC (African Network Information Center), then look on THOSE sites.)

And, the ARIN lookup on that IP shows that it's ThePlanet.com Internet Services who owns the IP range that that IP is in. Their abuse contact is abuse@theplanet.com.

Now THERE is the kind of info I was looking for. Thanks bhtooefr!!! :beer:

Did an IP Location track and it's located here:
Your IP address is 74.53.243.34
City: Chantilly Virginia
Country: United States
Continent: North America
Time Zone: EST

sounds like the FBI...:rolleyes:

FBI's Electronic Surveillance Technology Section in Chantilly, Va.

Funny how the website I found to track it, put it in Chicago area, the one Tom found put it in Virginia, and ARIN (the most official looking one that I think I'll trust) put it in Texas. :rolleyes:

Yeah, funny!

Hey look over there, is that Elvis?>>>>>>>>>>>>>>>>>>


*tiptoes off quietly*

Funny how the website I found to track it, put it in Chicago area, the one Tom found put it in Virginia, and ARIN (the most official looking one that I think I'll trust) put it in Texas. :rolleyes:

Well most IPs are dynamic and get re-used. So I think without knowing the ISP it's kind of hopeless.

Well most IPs are dynamic and get re-used. So I think without knowing the ISP it's kind of hopeless.

Which is what ARIN told me. See bhtooefr's post.

Well most IPs are dynamic and get re-used. So I think without knowing the ISP it's kind of hopeless.

The ISP has been identified along with the abuse contact information. Pay no attention to the location of the ISP, it may have no relationship to the location of the offender.

Dynamic IPs are always within range[s] assigned to and managed by the ISP. So you can always locate the ISP by the IP.

Here is what I get:



Results:

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange: 74.52.0.0 - 74.54.255.255
CIDR: 74.52.0.0/15, 74.54.0.0/16
NetName: NETBLK-THEPLANET-BLK-14
NetHandle: NET-74-52-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
Comment:
RegDate: 2006-02-17
Updated: 2007-07-11

RTechHandle: PP46-ARIN
RTechName: Pathos, Peter
RTechPhone: +1-214-782-7800
RTechEmail: admins@theplanet.com

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-782-7802
OrgAbuseEmail: abuse@theplanet.com

OrgNOCHandle: TECHN33-ARIN
OrgNOCName: Technical Support
OrgNOCPhone: +1-214-782-7800
OrgNOCEmail: admins@theplanet.com

OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: admins@theplanet.com

# ARIN WHOIS database, last updated 2007-08-09 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

http://www.frontrowking.com/comedians/ron%20white/ron_wh10.jpg
Ya caught me. Ya done caught the Tater!

Exactly.

How all of this works is... all of these Network Information Centers get together, and determine what IP address ranges belong to them. Then, those address ranges are assigned to either countries (and then ISPs) or ISPs as needed.

That IP address was in a range assigned to ThePlanet.com, therefore it was a ThePlanet subscriber.

Given the date and time of the infraction, and the IP address, they can find who it was.

Given the date and time of the infraction, and the IP address, they can find who it was.Unless it was a Tor node, which it may not be since I haven't checked the list.

None of you sukkas will ever guess my password :D

On another forum, one I really don't even frequent (posted there one time) I got an automated email that said:





According to this website:
http://www.geobytes.com/IpLocator.htm?GetLocation

It appears to be from the Chicago area.

Anything I can/should do? I replied to email and asked them to ban the IP address. I'd love to actually find the bugger and surprise him somehow. Any ideas on how I can (relatively easily because I'm not spending a "lot" of time on this)?

KT, I was cleaning out my email the other day and found a similar email from BF from several months ago. I forgot it had happened, but now I remember trying to log in and getting the "come back in 15 minutes" message.