PDA

View Full Version : Account Hacking Attempts?



Ana_
July 17th, 2015, 09:25 PM
Hello,

I got an email today informing me that someone has tried to log in to my account here 5 times today. I am in California and was provided with the IP address. It comes from both Germany and France which strikes me as very strange. Has anyone had this problem and can anyone provide some help and or advice? I'm not sure whether or not to change my password because if someone is trying to hack me then have they yet and if so, will changing it prevent it in future?
Any/All advice is appreciated.

Ana_

mhguda
July 17th, 2015, 10:39 PM
Now would be the time to talk to Eric...

tenney
July 17th, 2015, 11:12 PM
I got one too. Gee, it would be nice to use something modern and a bit secure like "HTTPS"!!!!!!!

elesquire
July 18th, 2015, 02:14 AM
I also got that notification email. It's a bit disturbing.

gwgtaylor
July 18th, 2015, 05:59 AM
Me too. Not sure what anybody would want with my account credentials though. I never looked up the IP

Waski_the_Squirrel
July 18th, 2015, 07:28 AM
I just got one of these E-mails moments ago. What do you do with this information?

I see that the IP address is at the University of Michigan in Ann Arbor.

antirealist
July 18th, 2015, 09:26 AM
I also got a hack attempt warning. The IP address (85.10.211.53) is an anonymous Tor exit router.

jar
July 18th, 2015, 11:11 AM
Relax, likely a spambot and a failed one. The ip addresses are almost certainly spoofed and so tell nothing.

Follow the wisdom and advice of Alfred E. Neuman.

tandaina
July 18th, 2015, 12:03 PM
I.P. Addresses really mean nothing these days. They are so easy to spoof that it doesn't tell you much at all.

If you have a good password and your system is clean of malware you are fine. Nows the time to say that a good password (one that can't be brute forced which is what these spam bots are doing) should be long (longer than you can remember or want to type) and should contain letters (both caps and lower), numbers, and special characters. Find an encrypted password manage you like and go through your accounts generating passwords of 20 or so characters with as many different types of characters as that account system will allow. The likelihood of you being hacked after that is pretty darn low. (make sure the master password that decrypts your database is good and strong, if you are using a password manager it is the only one you'll have ot remember so you can make it complicated.

Cob
July 18th, 2015, 12:45 PM
Tandaina:

"make sure the master password that decrypts your database"

What is this password? Can you explain that to me please?

Thanks

Cob

tandaina
July 18th, 2015, 01:18 PM
Tandaina:

"make sure the master password that decrypts your database"

What is this password? Can you explain that to me please?

Thanks

Cob

So password management software works like this. Basically the only *really* good password is one that a human cannot remember or type reliably. Something like this sJF9(F^%$$ NFdsks 1SH8f.2zk9 )2! That's a good password. But you wouldn't ever want to type that junk and you certainly couldn't remember it. But brute forcing it? Hard. And guessing it? Impossible.

So there is software available (here are some examples (http://www.pcmag.com/article2/0,2817,2407168,00.asp)) that take care of the actual passwords for you. The really fancy ones will automatically fill in your username and password the minute you hit a site that needs them. They have mobile versions, etc. There are free versions (I use KeePass (http://keepass.info/)) that are a little less fancy but get the job done. So all your accounts are stored in an encrypted database. Encrypted means it can't be read without having a key (your master password) and the right algorithm to decrypt it. All that happens behind the scenes and you don't need to worry about it.

Basically you have *one* password that you have to remember. That password is the password into your password manager. It is what gives you access to all the passwords the software is generating and managing for you. So instead of remember of password for your email, this forum, another pen forum, Amazon, Barns and Nobles, your bank, your other bank, your pharmacy, your doctor's web portal... etc you remember *one* password. And all the rest are auto generated and managed by your software. You never even know what they are. Because of this they can be far more secure because human beings simply cannot remember truly secure passwords for multiple sites.

But you can remember *one* good secure password and with a password manage that's all you need to remember.

carlc
July 18th, 2015, 03:56 PM
For instance I use Roboform.

My passwords are generated as a random sequence of a length allowed by the website by Roboform and they are so random and long there is no way I could remember them but that means I don't reuse any password and they are unguessable even if you knew my first car/pet/school etc.

Jon Szanto
July 18th, 2015, 04:42 PM
One drawback to this approach is if you ever have to log into such sites from a different computer that doesn't have your password-generating software on it. Some days, this all becomes so damned tiring.

jar
July 18th, 2015, 05:20 PM
The important thing is to make sure there is no personal information at a site like this that can endanger your credit standing, that you do not use passwords that you might use at a bank or insurance company or work or health care or anywhere important.

carlc
July 18th, 2015, 05:34 PM
One drawback to this approach is if you ever have to log into such sites from a different computer that doesn't have your password-generating software on it. Some days, this all becomes so damned tiring.


Roboform everywhere sorts out that issue (at a cost though).

tandaina
July 18th, 2015, 05:43 PM
One drawback to this approach is if you ever have to log into such sites from a different computer that doesn't have your password-generating software on it. Some days, this all becomes so damned tiring.


Roboform everywhere sorts out that issue (at a cost though).

Yeah many of the tools have ways to deal with this. I haven't had it a problem and it solves so many headaches. Most people who are trying to remember passwords are reusing passwords (a huge security issue), or using *similar* passwords which is nearly as bad. It's worth the slight inconvenience to have to worry less. (My financial sites all use two factor identification. IE after I enter my password they send a text to my phone with an unlock code. If this is available on important accounts it is a good idea to use.)

Jon Szanto
July 18th, 2015, 05:58 PM
My solution is to self-generate passwords that I can then put into a password keeper on my phone, thereby using just the password to *that* as a gateway, and they are with me if I travel or need access while at a business. The onus is on me to create difficult-to-break passwords, and what I come up with might not be ideally as robust very long and complex random passwords. I do believe I know enough of the basic data elements that my passwords are strong, and I'm still somewhat mobile. And, still, pretty pissed it has come to this. This is not enjoyable at all.

tandaina
July 18th, 2015, 06:40 PM
Totally agree with that last sentence. :\ Honestly, with all the hacks lately it's really like sticking your finger in a dike anyway.

Miss Thundercat
July 19th, 2015, 01:09 PM
Yep I have gotten one of these log in emails as well with this IP address 141.255.167.101 and by looking it up seems like this one has been reported several times... annoying...

85AKbN
July 19th, 2015, 01:57 PM
I got the Failed Login Notification (http://fpgeeks.com/forum/showthread.php/12707-Failed-Login-Notification-on-FPGeeks-Forum?p=139038#post139038) just after 2am Pacific this morning.

Speaking of passwords - that's how I got my fpgeeks username / nick - password generator.

tenney
July 20th, 2015, 01:14 AM
I still maintain it's just wrong to not be using https.

velo
July 20th, 2015, 05:31 AM
Got the email as well.

sargetalon
July 20th, 2015, 07:25 PM
I also received this notice...

penultress
July 21st, 2015, 08:33 PM
I'm glad this is being discussed. I was disturbed by the email I got too.

MelanieWI
July 23rd, 2015, 06:39 PM
I got the email as well. For what it's worth, I have been happy with LastPass though I do change my master password occasionally. I kind of love (sarcastically) that there are books available to purchase with "Passwords" on the cover where you can write down your websites and passwords. And I have heard of people actually keeping their passwords in their Filofaxes/planners. What if you lost that notebook or planner? I guess if you had a system of encoding them it might be okay, but risky.

Curtisvan
August 12th, 2015, 07:21 AM
I received this also