Author Topic: Malicious Attempt Made On My Account  (Read 3955 times)

0 Members and 1 Guest are viewing this topic.

Offline SugarD-x

  • Full Member
  • ***
  • Posts: 190
  • Proud Avast! User
    • Clan Xperience
Malicious Attempt Made On My Account
« on: January 04, 2013, 08:12:08 PM »
It seems someone attempted to unsuccessfully "hack" my Avast! Forums account today. I just received an email with a password reset link, which I did not initiate. Thankfully it includes an IP address, which I am more than willing to share with the Administrators of this forum.

Gotta love how someone tries to gain unauthorized access to a forum account on a forum specific to technological security...
~SugarD-x~

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: Malicious Attempt Made On My Account
« Reply #1 on: January 04, 2013, 09:11:50 PM »
I wouldn't worry about it, certainly not the first time, if it were to become a regular occurrence that would be different. I have had one such incident, haven't a clue why and never gave it another thought.

Why you might ask, well the request to reset the password sends the request to 'your' registered email address so only you can receive it. As it says in the email if this wasn't you sending it ignore and the password remains the same (or words to that effect).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline SugarD-x

  • Full Member
  • ***
  • Posts: 190
  • Proud Avast! User
    • Clan Xperience
Re: Malicious Attempt Made On My Account
« Reply #2 on: January 04, 2013, 09:33:07 PM »
I wouldn't worry about it, certainly not the first time, if it were to become a regular occurrence that would be different. I have had one such incident, haven't a clue why and never gave it another thought.

Why you might ask, well the request to reset the password sends the request to 'your' registered email address so only you can receive it. As it says in the email if this wasn't you sending it ignore and the password remains the same (or words to that effect).
As far as I know, assuming it's on, SMF also has a feature to reset your password by answering some pre-set questions. That, unfortunately, won't email you until after the password is changed. A "hacker" could simply change the email address before the legitimate user gets a chance to read the email.

What worries me more is the IP traces back to a city about 45 minutes from me, so I'm beginning to wonder if it's someone I know making a personal attack. :P
~SugarD-x~

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: Malicious Attempt Made On My Account
« Reply #3 on: January 04, 2013, 09:36:06 PM »
The IP where, as any IP in the email would be the senders email server service and or any other email servers in the routing of the email to you. So it isn't that clear cut.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline SugarD-x

  • Full Member
  • ***
  • Posts: 190
  • Proud Avast! User
    • Clan Xperience
Re: Malicious Attempt Made On My Account
« Reply #4 on: January 04, 2013, 09:37:49 PM »
The IP where, as any IP in the email would be the senders email server service and or any other email servers in the routing of the email to you. So it isn't that clear cut.
In SMF, it sends the IP of the person requesting the password reset, just as it does when it logs errors on any users in the Admin panel.
~SugarD-x~

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33973
  • malware fighter
Re: Malicious Attempt Made On My Account
« Reply #5 on: January 04, 2013, 09:51:44 PM »
Hi sugarD-x,

There could be a more innocent technical reason for all of this. The misread on geo-location is normal with some in-browser blocking on. They go even further off mark as 45 miles depending on where your nearest service provider access point is being located or your mail server access location as such. As our good friend, DavidR, says, I would not worry too much about it. Change password and you are good to go...
Why would an attacker go into all the trouble of creating a personally crafted attack to gain access to an account that he could achieve himself access to for free. I cannot figure out any explainable reason for such an attack, as it ever really was being performed....

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: Malicious Attempt Made On My Account
« Reply #6 on: January 04, 2013, 09:52:36 PM »
The IP where, as any IP in the email would be the senders email server service and or any other email servers in the routing of the email to you. So it isn't that clear cut.
In SMF, it sends the IP of the person requesting the password reset, just as it does when it logs errors on any users in the Admin panel.

Well that too is subject to geographical error when you do a whois check on the IP. I see lots of issues like this in hunting spammers you can be checking an IP in two or more whois sites and get different results.

Even when I check my own IP address it isn't accurate as it depends on the main/nearest connection point is to the backbone. One is probably within 75 miles of where I am the other is hundreds of miles off, not even on the area covered by the little map.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline SugarD-x

  • Full Member
  • ***
  • Posts: 190
  • Proud Avast! User
    • Clan Xperience
Re: Malicious Attempt Made On My Account
« Reply #7 on: January 04, 2013, 10:35:47 PM »
Why would an attacker go into all the trouble of creating a personally crafted attack to gain access to an account that he could achieve himself access to for free. I cannot figure out any explainable reason for such an attack, as it ever really was being performed...
If it's a personal attack, I could think of many reasons. I know of a lot of people that hate me for catching them in the act of doing questionable things online. ;D
~SugarD-x~

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: Malicious Attempt Made On My Account
« Reply #8 on: January 04, 2013, 11:35:07 PM »
Then they are also fools if they think it would be that simple, just where do they think the change email request would be sent. But I rather doubt it is anything this sinister.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33973
  • malware fighter
Re: Malicious Attempt Made On My Account
« Reply #9 on: January 04, 2013, 11:47:47 PM »
Hi SugarD-x,

I am completely with DavidR on this. Mind you that he has the lasting avast webforum experience here to back up what he says. I found he has been right on a lot of issues and on many occasions.
After I had given it some thought I had to agree with him. I think what you experienced was just a coincidence, just like this year's Easter Monday equals April Fool's Day ;D. ....

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!