someone appears to be trying to hack into my account

[beaker]

I have a couple of dozen of these messages in my email as of this morning:

Someone has tried to log into your account on Northeastshooters.com with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 166.248.0.130
The person trying to log into your account had the following IP address: 166.248.3.203

It has happened dozens of times since yesterday afternoon. Any ideas? If it isn't some hacker, could it be tapatalk? That is the only other thing that I can think of that would be trying to log in on its own from my end.

 

[Admin]

Let me see if those IPs matche anyone on the forum.

 

[Admin]

verizon wireless IP that doesn't resolve any names here. Make sure you have a complicated PW.

 

[BIG1PUN]

Damn, how can I set it up to get email to see if some one doing that to mine?

 

[dnepro-mike]

we have these similar kinds of problems at work all the time.
peeps are changing theirs passwords on their computers but forget to do so on their mobile devices and accounts get locked out.
did you change your pw recently and forgot to update everywhere?

another thought someone might have similar account name and trying to login not suspecting spelling error.
we have these issues at work as well, mostly with common last names.

 

[jasons]

The IP block is owned by an ISP out of Pennsylvania:


Final results obtained from whois.arin.net.
Results:
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=166.248.0.130?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 166.128.0.0 - 166.255.255.255
CIDR: 166.128.0.0/9
OriginAS:
NetName: NETBLK-CDPD-B
NetHandle: NET-166-128-0-0-1
Parent: NET-166-0-0-0-0
NetType: Direct Assignment
RegDate: 1993-07-09
Updated: 2005-01-07
Ref: http://whois.arin.net/rest/net/NET-166-128-0-0-1


OrgName: Service Provider Corporation
OrgId: SPC-10
Address: 73 Old Dublin Pike
Address: Suite 10 #315
City: Doylestown
StateProv: PA
PostalCode: 18901-2491
Country: US
RegDate: 1993-07-09
Updated: 2009-11-16
Ref: http://whois.arin.net/rest/org/SPC-10

OrgAbuseHandle: WDSPC-ARIN
OrgAbuseName: WDSPCo Helpdesk
OrgAbusePhone: +1-215-857-2526
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.net/rest/poc/WDSPC-ARIN

OrgNOCHandle: WDSPC-ARIN
OrgNOCName: WDSPCo Helpdesk
OrgNOCPhone: +1-215-857-2526
OrgNOCEmail: [email protected]
OrgNOCRef: http://whois.arin.net/rest/poc/WDSPC-ARIN

OrgTechHandle: WDSPC-ARIN
OrgTechName: WDSPCo Helpdesk
OrgTechPhone: +1-215-857-2526
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.net/rest/poc/WDSPC-ARIN

RTechHandle: WDSPC-ARIN
RTechName: WDSPCo Helpdesk
RTechPhone: +1-215-857-2526
RTechEmail: [email protected]
RTechRef: http://whois.arin.net/rest/poc/WDSPC-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

 

[BenDover]

Pretty cool password strength checker if anyone was wondering how strong their password is:

https://www.grc.com/haystack.htm

 

[dnepro-mike]

verizon wireless IP that doesn't resolve any names here. Make sure you have a complicated PW.

if it turns out to be a malicious and not acidental, can you ban IP from accessing forum server?

 

[Chet0729]

Those IP addresses are in Verizon wireless ranges. Most likely a phone or an air card. They use different ranges for their DSL.
WDSPCo is one of many Verizon network providers

 

[Scarecrow]

if it turns out to be a malicious and not acidental, can you ban IP from accessing forum server?

IP Banning is ineffective, and causes problems for legitimate users, as (coming from memory) IP's have a 24 hour "shelf-life" before they are dropped and a new one is leased. Odds of grabbing the same IP again is rather large, as someone would have to be requesting a new one virtually the instant you release yours, but it happens. If that happened, one of us could grab that banned IP, and suddenly lose access to the forums until we manually released and renewed our IP. Only way to get around it is to set a static IP, but that's internal network. When i worked for Sitel, doing tech support for Cox, the only people who got static IP's from our end were large businesses who paid a premium to have a static IP.

YMMV, as always.

 

[Admin]

if it turns out to be a malicious and not acidental, can you ban IP from accessing forum server?

Yes but as scarecrow says it's not that great.

 

[beaker]

I have a complicated PW, and changed it twice this morning, including my phone. I use tapatalk. The phone seemed able to access the forum just fine before I changed it, if it isn't malicious, the only thing I can think of is that tapatalk did an update and it was fuuuked somehow. Last email from the forum was at 10:41 this morning.

 

[pdm]

You don't happen to have Verizon for your phone service do you?