Old 09-14-2013, 08:32 PM   #1
ACR_Ted
Member
 
Join Date: Feb 2012
Location: Mesa, AZ
Posts: 80
Default Russian Hackers!!

I got this email earlier today:

Dear ACR_Ted,

Someone has tried to log into your account on RailPictures.Net Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 188.143.232.144

All the best,
RailPictures.Net Forums


Anyone else ever get one like this? The IP is somewhere in Russia...thats as far as I went in researching it.

Ted
ACR_Ted is offline   Reply With Quote
Old 09-14-2013, 10:53 PM   #2
jac_murphy
Senior Member
 
Join Date: Sep 2011
Posts: 376
Default

Whoa - you managed to actually get an e-mail from the admins??

-Jacques
jac_murphy is offline   Reply With Quote
Old 09-14-2013, 11:07 PM   #3
Holloran Grade
Banned
 
Join Date: Mar 2010
Location: In the California Republic
Posts: 2,774
Lightbulb

Automated email.
Holloran Grade is offline   Reply With Quote
Old 09-23-2013, 12:10 PM   #4
Daniel SIMON
Senior Member
 
Daniel SIMON's Avatar
 
Join Date: Aug 2009
Posts: 324
Default

I have received the same message from the admins today. Anybody knows more about these hackers?

******************************
Dear Daniel SIMON,

Someone has tried to log into your account on RailPictures.Net Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 188.143.234.6

All the best,
RailPictures.Net Forums
Daniel SIMON is offline   Reply With Quote
Old 09-23-2013, 01:55 PM   #5
ddavies
Senior Member
 
ddavies's Avatar
 
Join Date: Dec 2002
Location: Fairfax, VA
Posts: 381
Default

Yesterday, I got one that IDed 188.143.235.118
ddavies is offline   Reply With Quote
Old 09-23-2013, 01:58 PM   #6
adickson
Senior Member
 
adickson's Avatar
 
Join Date: Nov 2011
Location: Central NC
Posts: 236
Default

Quote:
Originally Posted by ddavies View Post
Yesterday, I got one that IDed 188.143.235.118
I've gotten 2 or 3 from this IP and one from the original post.
__________________
Anthony Dickson
www.vidivides.com
www.flickr.com/photos/adickson87/
adickson is offline   Reply With Quote
Old 09-23-2013, 02:59 PM   #7
Andrew Crosby
Senior Member
 
Join Date: Dec 2011
Location: New Jersey
Posts: 124
Default

I've also received 3 or 4 of these emails in the past week, supposedly from Chris Kilroy at RP Forums, citing a similar IP address.

Now, of course, it looks like some hack job, and not anything from RP. (I was wondering who'd want to impersonate me. Chase, Joe, or Janusz, yes, but me?)

So - Are these emails from a hacker, or is RP notifying us of a hacker they've caught onto??
Andrew Crosby is offline   Reply With Quote
Old 09-23-2013, 03:26 PM   #8
Appalachianrails
Junior Member
 
Join Date: Feb 2013
Location: West Virginia
Posts: 1
Default

I have gotten a similar email three times within the past week.

-JE

"Dear Appalachianrails,

Someone has tried to log into your account on RailPictures.Net Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 188.143.234.6

All the best,
RailPictures.Net Forums"
Appalachianrails is offline   Reply With Quote
Old 09-23-2013, 06:24 PM   #9
troy12n
Banned
 
Join Date: Jun 2008
Location: Tampa, FL
Posts: 5,333
Default

Netblock is owned by some russian company:

reverse-ip: sexmuviki.ru
inetnum: 188.143.234.0 - 188.143.234.255
netname: ToussaintDesaulniers-net
descr: dedicated server client
country: RU
admin-c: TD2673-RIPE
tech-c: TD2673-RIPE
status: ASSIGNED PA
mnt-by: MNT-PIN
source: RIPE # Filtered

person: Toussaint Desaulniers
address: 57, cours Franklin Roosevelt 13007 MARSEILLE
phone: +49 0 9401 784 003
nic-hdl: TD2673-RIPE
mnt-by: MNT-PINSUPPORT
source: RIPE # Filtered

route: 188.143.234.0/23
descr: PINROUTE
origin: as44050
mnt-by: MNT-PIN
source: RIPE # Filtered
troy12n is offline   Reply With Quote
Old 09-23-2013, 11:31 PM   #10
JMC
Senior Member
 
Join Date: Nov 2008
Location: Youngstown, Ohio
Posts: 168
Default

Can you break that down Barney-level for folks like me?
JMC is offline   Reply With Quote
Old 09-24-2013, 01:38 AM   #11
Deano12056
Member
 
Join Date: Oct 2009
Posts: 50
Default

Me too....
Deano12056 is offline   Reply With Quote
Old 09-24-2013, 01:39 AM   #12
Deano12056
Member
 
Join Date: Oct 2009
Posts: 50
Default

Got two messages Sunday and one tonight.
Deano12056 is offline   Reply With Quote
Old 09-24-2013, 02:36 AM   #13
CSX1702
Senior Member
 
CSX1702's Avatar
 
Join Date: Dec 2009
Location: Cincinnati, Ohio
Posts: 1,268
Default

Ditto.....
__________________
Derek

Flickr

Out Of Place Album
CSX1702 is offline   Reply With Quote
Old 09-24-2013, 03:50 AM   #14
troy12n
Banned
 
Join Date: Jun 2008
Location: Tampa, FL
Posts: 5,333
Default

In soviet Russia, computer hacks you!
troy12n is offline   Reply With Quote
Old 09-24-2013, 04:05 AM   #15
Andrew Crosby
Senior Member
 
Join Date: Dec 2011
Location: New Jersey
Posts: 124
Default

I'm still hoping for the Barney-level take on this matter, too.

And does anyone know if those emails we received came from this Russian place, or was RP notifying us about real attempts to hack in?
Andrew Crosby is offline   Reply With Quote
Old 09-24-2013, 09:15 AM   #16
Mgoldman
Senior Member
 
Mgoldman's Avatar
 
Join Date: Apr 2006
Posts: 3,641
Default

I don't get it - what's the point of such a hack?

They didn't ask for anything? No password or address, nothing?

/Mitch


Quote:
Originally Posted by ACR_Ted View Post
I got this email earlier today:

Dear ACR_Ted,

Someone has tried to log into your account on RailPictures.Net Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 188.143.232.144

All the best,
RailPictures.Net Forums


Anyone else ever get one like this? The IP is somewhere in Russia...thats as far as I went in researching it.

Ted
Mgoldman is offline   Reply With Quote
Old 09-24-2013, 12:44 PM   #17
bigbassloyd
Senior Member
 
bigbassloyd's Avatar
 
Join Date: Dec 2006
Location: Hilldale, West Virginia
Posts: 3,740
Default

Quote:
Originally Posted by troy12n View Post
In soviet Russia, computer hacks you!
+1

Loyd Lowry
__________________
Social Media elevates the absurd and mediocre to a point where they aren't anymore, and that is a tragedy.

My personal photography site
bigbassloyd is offline   Reply With Quote
Old 09-24-2013, 02:12 PM   #18
Andrew Crosby
Senior Member
 
Join Date: Dec 2011
Location: New Jersey
Posts: 124
Default

Mitch - If this is hacking, the only thing I can think of is perhaps hackers will hack anything trying to obtain any identifying info (email addresses, IDs, passwords, zip codes) on anyone. That can then be used to hack into something else - like bank accounts or credit / debit card accounts.

A friend of mine had her debit card account hacked by someone who apparently obtained her email address and zip code somehow, then used that to change a password on the account. Then he accessed the account and purchased a couple thousand bucks worth of computer games and garbage online.

Of course, this could just be a simple glitch, too.

So ... does anyone have any more info on this?
Andrew Crosby is offline   Reply With Quote
Old 09-25-2013, 08:17 PM   #19
jac_murphy
Senior Member
 
Join Date: Sep 2011
Posts: 376
Default

Welp, I thought I was immune, until I got one this morning. IP was 188.143.234.6

-Jacques
jac_murphy is offline   Reply With Quote
Old 09-25-2013, 10:00 PM   #20
James Heinrich
Junior Member
 
James Heinrich's Avatar
 
Join Date: Aug 2010
Location: Northern Ontario
Posts: 28
Default

Since this is apparently widespread (I also just received a similar warning, which I believe to be a legitimate feature of vBulletin), can an admin please add
Code:
deny from 188.143.
to .htaccess (or forum-level IP blacklist if server-level blacklisting isn't possible)?
__________________
my photos
James Heinrich is offline   Reply With Quote
Old 09-25-2013, 11:25 PM   #21
troy12n
Banned
 
Join Date: Jun 2008
Location: Tampa, FL
Posts: 5,333
Default

Quote:
Originally Posted by James Heinrich View Post
Since this is apparently widespread (I also just received a similar warning, which I believe to be a legitimate feature of vBulletin), can an admin please add
Code:
deny from 188.143.
to .htaccess (or forum-level IP blacklist if server-level blacklisting isn't possible)?
Doing that will block potentially 65,000 IP addresses. The company who owns the entire class B netblock 188.143.0.0/16 is a company in Amsterdam called RIPE. They own the address space and have leased at least 188.143.232-235.0/24 to some Russian ISP or hosting provider.

You dont want to block an entire class B network, no one does that... even foreign netblocks.
troy12n is offline   Reply With Quote
Old 09-25-2013, 11:38 PM   #22
James Heinrich
Junior Member
 
James Heinrich's Avatar
 
Join Date: Aug 2010
Location: Northern Ontario
Posts: 28
Default

Quote:
Originally Posted by troy12n View Post
You dont want to block an entire class B network, no one does that... even foreign netblocks.
Well, at least 188.143.232-235 then.
Or, at the very least, the 4 offending IPs noted in this thread:
188.143.232.144
188.143.234.6
188.143.234.14
188.143.235.118
__________________
my photos

Last edited by James Heinrich; 09-26-2013 at 06:39 PM. Reason: updated list of reported IPs
James Heinrich is offline   Reply With Quote
Old 09-26-2013, 02:16 AM   #23
jay124
Senior Member
 
Join Date: Apr 2010
Posts: 122
Default

I just received one to.
Oh the fun
Jason
jay124 is offline   Reply With Quote
Old 09-26-2013, 02:43 AM   #24
JMC
Senior Member
 
Join Date: Nov 2008
Location: Youngstown, Ohio
Posts: 168
Default

At what point does someone of importance step in and say "no need to worry, we are working this issue"?
JMC is offline   Reply With Quote
Old 09-26-2013, 04:04 AM   #25
JRMDC
Senior Member
 
JRMDC's Avatar
 
Join Date: Nov 2006
Posts: 11,202
Default

I suspect this is not within RP's control. In fact, they are doing what needs to be done, they are blocking further log-in attempts.
__________________
My RP pix are here.
My Flickr pix are here.

My commentaries on rail pictures are in my blog.

RP Photo Albums:
Cabooses
Engine Details
Farm and Train
Plumes!
Railroad Details
Signal Details
Switchstand Shots
JRMDC is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT. The time now is 12:06 AM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.