The AE Board

[lfl91]

I copied these posts from another site that indicates they are apparently getting hacked from the same address that we suspect hit a few of us on the AE board. I wonder if we have anything in common.

Author Date Posted Tools



john albrich Mar 09, 2006, 11:27 PM Message - Profile - Add Buddy - Alert Moderators



Within the past week or so, my system started reporting hacking attempts against my computer.

The source is identifed as
222.122.52.102:xxxx, where xxxx varies with each attempt.

Anyone else seeing this? (trying to determine if this is a widespread attack or targeted)

====================================
"You can't expect to wield supreme executive power just because some watery tart threw a sword at you."--Monty Python




Mr. McFly Mar 09, 2006, 11:32 PM Message - Profile - Add Buddy - Alert Moderators



Re: Recent hacking attempts by 222.122.52.102.xxxx
As long as your firewall(s) is/are taking care of it, I wouldn't even worry about it. That could be almost anything, even just a ping. BTW, the number after the colon is the remote port number.
Post Edited On: Mar 09, 2006, 11:33 PM
_______ www.openwrt.org _______
AMD Athlon 64 3200+ Venice (2.60 GHz)
DFI LANParty UT nF4 Ultra-D
2GB G.SKILL Extreme Series (DDR520, 3-4-3-8 1T)
connect3D ATI Radeon X800GTO (R423, 16p, 540/1060)
Windows XP Professional x64 Edition





Matt Tonner Mar 10, 2006, 12:26 AM Message - Profile - Add Buddy - Alert Moderators



Re: Recent hacking attempts by 222.122.52.102.xxxx
are you wireless? could be someone trying to 'borrow' bandwidth.

__________________________
| Specs of my computer in bio. |




a a Mar 10, 2006, 01:07 AM Message - Profile - Add Buddy - Alert Moderators



Re: Recent hacking attempts by 222.122.52.102.xxxx
hack his a$$ back ! or just don't care about it lol





john albrich Mar 10, 2006, 02:08 AM Message - Profile - Add Buddy - Alert Moderators



Re: Recent hacking attempts by 222.122.52.102.xxxx
I used the "xxxx" because I realize its just sub-port IDs running under the same base address. Since it's going to keep changing, I saw no point in being specific for those 4 digits. This might not even be the original source if someone's covering their tracks.

I know this happens, and I'll keep up the security, but I'm really more interested in if this hacker is trying to hack a lot of computers or just onesy-twoesy piddling stuff. It's new repeating activity, so I thought there could be something else to it. And, if a number of other people were all recently getting touched by the same entity it would put it into a more significant category.

Now this has me wondering if the various security software companies compile any info of this type when/if they get security reports from user computers, and if they do, what they do with it (like report it to the feds, etc.)? In other words, does any one try to go after these attackers actively, or do they all just sit back and only write defense software.

If I wrote the security software, I'd tell the user a lot more than just an address. I'd go out and get the info on the originating country (or with as much granularity as possible) , send an inquiry to the security software company to see if this tracks with any known scams, spyware injectors, etc, and let the user know exactly what's going on and what kind of potential threat it might represent.

Just essentiallly telling someone "Hey, this is a HIGH THREAT to your computer security, and here's the address" and then nothing ...seems kind of lame, unproductive, and it would likely needlessly scare a lot of casual users to the point where they panic. But, maybe that's the objective...to keep them in a state of panic so they'll keep buying every piece of security software on the planet.
Guess it's research time.

====================================
"You can't expect to wield supreme executive power just because some watery tart threw a sword at you."--Monty Python




Michael Adames-Hill Mar 10, 2006, 03:15 AM Message - Profile - Add Buddy - Alert Moderators



Re: Recent hacking attempts by 222.122.52.102.xxxx
John,

The IP is registered to the Asia Pacific Network Information Centre in Australia. If you are on a dynamic high-speed connection such as mine is: check your IP, disconnect the modem for a few seconds, and turn it back on to obtain a new IP. (This works for me on SBC, not sure how other ISPs do things.) If things continue I'd consider looking into things deeper.

Kind regards,

Michael Adames-Hill

[nightdriver]

Proxy server?? Available to anyone for a price? Of all the suspect messages I've received, some are from there, but many others are not. I doubt we could have anything in common with those people. It's some of the other numbers that got an interesting reaction from someone when I mentioned them.

[smprfi]

ND, you wanted to know who "Mr. Feelgood" is.....why? what has he done?

[smprfi]

all I could do is pad my elbows and boobytrap my backside. Dr. Feelgood will make a wise choice, I am sure of that.

[dengas]

I sure hope that we aren't being attacked by yet another couple who wish to cause havoc to a web site. A couple of postings are looking like they belong back on A & E. Anyone else agree?

The A & E board is in a sad state...to say the least.

[dengas]

I'm not freezing up when I go "into" the site, but haven't tried posting yet. I'll go check it out to see if I can post.

[smprfi]

Night driver wanted to know who "Mr. Feelgood" is. Sounded important to him as a crime solver.
I am asking a question, that is all.

[dengas]

Interesting...My first post went through beautifully. When I responded to my own post -- the freeze.

[nightdriver]

Yep, here we go again. Smprfi, if you think you can come on here and throw completely out of context questions like that at me, think again. If I really remembered what you are referring to, I'd probably blow smoke up your yazoo just for the fun of it.

With everything that's happened to me and a few others lately, your questions seems so trivial as to not even deserve an answer. Besides, time has long since tolled on anything a "Dr. Feelgood" has done. Now, relevance please??

[smprfi]

Just looking at some old posts. Did not mean to irritate anyone. Thanks for clarifying.

[nickg]

who is dp? was that someone posting on the other board - I stopped looking

[dengas]

I was able to go into, look, post one time only. Second try -- freeze. Ista, I saw that you said the powers that be are aware...will they be able to do anything about the problems we are experiencing, or should we just give up? I don't see LFL or ND posting very often either, so I assume they are still having the freeze problem.

[nightdriver]

Nick, DP is the initials given by Samthesupercop. You know, the name of the supposedly dead person.

Dengas: more like a "thinking" mode as far as I'm concerned. Gotta get all those ducks in line. Plus I'm looking more at my other favorite case right now. some of the crap that has come down there would make "all My Children" pale by comparasion. Lets just say that when someone lies to me to my face about what they did on the night of a triple, (and everyone else), then they better figure out what the word "spotlight" means.

[wintergirl]

Something weird happened. Right after I signed up for this board I am unable to log in at A&E board. I have been posting there for over a year without problems, now I can't get on.

[wintergirl]

It took me 2 days and an email to A&E but now I'm back on that board. Weird.

[guessting]

Anyone have a wow suspect? Port thanks for the info on the conspirators in that case. I was shocked to see that individuals was involved. I am checking on a couple of things today and I will let you know. G