ACCOUNT HACKING ATTEMPTS, MERGED THREAD

Read the forum code of contact

Member for

9 years 11 months

Posts: 264

yes i never thought this would happen, but thanks to the awesome team @ KP this did not go undetected..

sir i know your ip, ur from brazil, your in either Sobral or Rio de genero, so please stop my friend. i wana live in peace ...

IP Address Country Region City ISP
201.9.26.235 Brazil Ceara Fortaleza Oi Velox/ Telemar Norte Leste S.a.

Continent Latitude Longitude Organization
South America -3.3167 -41.4167 Oi Velox/ Telemar Norte Leste S.a.

Original post

Member for

14 years 8 months

Posts: 43

Dear crow11, Yesterday the guy's at KP emailed me too, as someone from China was trying to access my account as well,again they provided me with their IP address 117.169.1.177.

Member for

9 years 11 months

Posts: 264

well there is nothing we can do to stop them from trying .. i just dont know why they try when you can just create a free account and contribute to the forums... :)

Member for

15 years 9 months

Posts: 652

Probably because they want to do something bad disguised as a genuine user.

Member for

14 years

Posts: 1,234

Hi all, not been on the forum for about 4 years and got an Email from the admin. saying somebody has tried logging in my ID, 5 times and they have been blocked for 15 minutes.
Just be aware folks. I don't put too much personal detail on the net if I can help it, it's just one method of how ID theft is done.
And I changed password.

Member for

9 years 6 months

Posts: 66

Just for member's awareness, I have been notified twice in the last few weeks of hacking attempts against my account. The first attempt was described simply as coming from Australia (?), while the second IP address specifically traced to a source in China. Clearly, discussions of military aviation and past military association may be of interest to various nefarious sources, so I suggest members may want to watch for more of this type of activity, and possibly change passwords as a precaution if concerned.

Edit: Sorry, I just noticed that PeeDee reported a similar incident on his account several days ago. Obviously, someone is interested in the background of people on this site. It might be a good time for all to consider changing to a stronger password if appropriate.

Member for

13 years 1 month

Posts: 274

You're right PD, a friend of ours has had attempts too, best to stick to the subjects in hand and keep any personal stuff that is potentially useful to them out of the way - after the way China ripped off a Merc 4x4 some years ago and got away with it in their 'courts' and then built their own YF-22 derivative (badly) from reputedly stolen plans, its clear that they have copying in their national psyche - the latest offended is Jaguar, who have seen their Evoque jeep ripped off @ around £20k less - shields up everyone.

Member for

24 years 2 months

Posts: 3,566

I doubt it has anything to do with the 'nature' of this site unless they are after making copies of WWII aircraft (not everyone frequents the Military Aviation forum)...

It will be more likely an attempt to bypass the registration system and gain control of an account or accounts to use for spamming members by way of the PM system due to the anti-spam measures in place for new registrations...

Seemples really...

And this was first noted here -
http://forum.keypublishing.com/showthread.php?133833-Log-in-attempt-NOT-ME

Member for

9 years 6 months

Posts: 66

I agree with the reference to the site's direct contents, but some entities use these sites to find people who might be possible targets for additional investigation because of their background, and others simply to hack for commercial/criminal purposes. I get particularly suspicious of attempts from Chinese sources, as they have a very active information gathering network. I'm not paranoid, but anytime I see this activity, I tend to start changing passwords. Just a suggestion...

Member for

24 years 2 months

Posts: 10,168

There have been the odd instance where folk's have received odd messages by private message etc.. when in doubt change your password and make sure it is a strong one.

Member for

24 years 2 months

Posts: 3,566

I've spent years fighting off Chinese spammers. And other regions too, to be fair. Of course you have a point about ensuring you use a robust password in the first place (hence the locked account emails Key send out - they failed to crack the passwords!) but they are using all sorts of IP proxies to thwart forum antispam software. I recently got a "locked account email" from a Mac forum I hadn't posted in since 2005. The IP address was for Dublin.

One thing that seems to attract these 'account hacks' is a dormant account - some of the ones here have not been used in a while as reported by the account owners. This is attractive to the spammers as the password could be a weak one due to the early days of forums etc. Spamming from hijacked accounts was not a workaround then - they just bombarded forums with spam from new registrations due to the lack of any real anti-spam software.

Member for

24 years 2 months

Posts: 10,168

Merged all three treads regarding account hacking attempts. Please keep all relevant discussion to this one.
Peter,
Mod

Member for

13 years 1 month

Posts: 274

yes i never thought this would happen, but thanks to the awesome team @ KP this did not go undetected..

sir i know your ip, ur from brazil, your in either Sobral or Rio de genero, so please stop my friend. i wana live in peace ...

IP Address Country Region City ISP
201.9.26.235 Brazil Ceara Fortaleza Oi Velox/ Telemar Norte Leste S.a.

Continent Latitude Longitude Organization
South America -3.3167 -41.4167 Oi Velox/ Telemar Norte Leste S.a.

Hi,

Can all the people getting hacking attempts please confirm if they are running Kaspersky anti-virus on their PC's plz?

Member for

13 years 5 months

Posts: 2

Apparently my account has had a hacking attack. I don't use Kaspersky, but Avast

Member for

10 years

Posts: 1

Hacking attempt ID'd by Key Publishing at 3.20am, 27 Apr 15 from IP: 202.114.144.15

Not running Kapersky.

Member for

24 years 2 months

Posts: 3,566

The 'blend' of anti-virus software you are running makes no difference to these attempts to 'crack' your forum account. Neither does your choice of operating system - Mac owners will also be affected by attempts to access your forum account.

While no attempt was made to access my KP account I did have a long dormant account on a Mac centric forum which suffered an access attempt. I run a Mac with minimal anti-virus software.

The people/spambots behind these attempts to access forum accounts, have no interest in you - they merely want to bypass the registration system and anti spam measures in order to use the forums to post spam messages either openly in the forum, covertly by embedding URLs into seemingly innocuous posts* (often using the quotes option and bizarre replies) or by flooding the PM system with spam private messages.

*They are often linkbots that try to build Google juice for their sites by spamming the Internet with hidden links; search engines look at raw HTML, so they pick these things up even when they don't appear in the rendered posts.

As many forums have restrictions on the number of private messages new members send, or even restrictions on posting URLs, the easiest way is to take over an existing established (and often dormant) account. They can then spam to their hearts content, pretty safe in the knowledge, that the owner of the account will not be alerted until they get a stern email from the forum owners about "their" activity.

Best way to stop them is to ensure that you have a robust password for your account - many people tend to use a simple password for their forum accounts because often it is/was deemed to be 'low risk', in that very little personal info is held in your profile. They may harvest your email for spamming but their target is actually the wider audience of the forum membership...

Member for

13 years 11 months

Posts: 1

Hacking attempt ID'd by Key Publishing at 12.59, 01 May 15 from IP: 178.16.208.57

I don't use Kaspersky, but Avast.

Member for

10 years 6 months

Posts: 155

I received an email from key this morning after an attempt on my account

The person trying to log into your account had the following IP address: 185.14.29.221

Member for

13 years 9 months

Posts: 8,306

Received a message from K.P. this morning, my account was hacked 5 times, then Key locked down for 15 mins.
I.P. address was...50-7-159-178..
Any of you guys able to tell where this pillock is from?.
Jim.
Lincoln .7

Member for

18 years 11 months

Posts: 8,847

Sorry to say that 'pillock' would appear to be from Frankfurt, Germany. (Don't blame me!).

Member for

13 years 9 months

Posts: 8,306

Thanks Newforest, just can't understand the mentality of these idiots. Good job Key keeps an eye out for us on here.
Jim.
Lincoln .7