Hack Attacked! But why? (heads up, something stinks....)

Discussion in 'Off Topic' started by GreenMantis, Jul 7, 2015.

  1. GreenMantis

    GreenMantis Member

    I got the strangest email from the MotoredBikes.com forum bot, titled "failed login notification" that read:

    Dear GreenMantis,

    Someone has tried to log into your account on Motorized Bicycle Forum | MotoredBikes.com with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

    The person trying to log into your account had the following IP address:

    All the best,
    Motorized Bicycle Forum | MotoredBikes.com

    Well, that's not my IP address, and 5 consecutive failed password attempts can't really be a mistake, now, can it? I added a whois dropdown search engine, so finding (and contacting) their ISP was simple enough, and a quickie to the IC3, just to make sure they don't try doing it to anyone else, and to educate them on how the IP address system works, to remind them that every computer has to know every computer from every other computer for the whole internet thing to be able to work at all, maybe they don't know that they are doing the digital version of sticking their heads in the sand.

    But what I can't get my head around is why bother? What is the purpose of trying to hijack my identity on this forum? What possible purpose could that serve? That makes about as much sense to me as "gun control prevents crime".

    And FYI for whatever it's worth. I don't know what to tell you to watch out for, "anything out of the ordinary" but something stinks, and I want to make sure you all smell it before someone ends up stepping in it. Whatever "it" is that stinks, that is.

    Huge kudos and thanks to the MotoredBikes BOT!! HIP, HIP, HOORAY! That was well done, letting me know about that, you might be just a program, but you are alright in my book.

  2. KCvale

    KCvale Motorized Bicycle Vendor

    This comes up every now and again.
    Plenty of topics about it here.

    Unless you were an Admin here it is pointless for anyone to hack an account here.
    All they do is PM people spam links as you, which gets caught right away, deleted, and their IP banned.

    Just don't use any of the Common Passwords.
    That's what the hackers start with.
  3. Anton

    Anton Administrator Staff Member

    It's the latest way for spammers to spam forums. It has been happening for a while now on forums all over the web. The system is doing its job by locking out the spammer for 15 minutes.

    For extra security I've implemented a modification which brings up a captcha after 4 incorrect login attempts. This will stop the "Failed login notification" email and prevent the spammers from having more than 4 attempts at guessing passwords.
  4. KCvale

    KCvale Motorized Bicycle Vendor

    Nice Anton.

    I don't get many hack attempts on my forums, they tend to just make new member names so it's pretty easy to block them, but I tend to block entire IP ranges for a given country.
    Russa, Indonisia, much of China, etc that tend to do this crap and would never be a customer anyway.

    It doesn't block them from reading, just from posting or Contact Form spamming me, I really hate that more than anything else.

    Anyway, regular forum users anywhere don't really need to worry about it, they are just trying to spam links to make a penny, not screw with your personal identity or info as there simply isn't any there ;-}
  5. GreenMantis

    GreenMantis Member

    Well, there is one less spammer out there, his ISP was really prompt about shutting him down. He picked on the wrong account, and got spanked. Good riddance. I love that this site alerted me and gave me his IP like that, priceless!