MacRumors Account Being Hacked

Discussion in 'Site and Forum Feedback' started by SandboxGeneral, Dec 20, 2010.

  1. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #1
    My MacRumors account has had someone trying to crack it in the last hour. Has anyone else had this happen to them today or recently? I received two automated emails from MR telling me this and gave me the IP's of each attempt.

    195.71.226.87 was the first attempt at 0546 -0500 GMT and location is Germany

    174.36.199.200 was the second attempt at 0608 -0500 GMT and this location was Wichita, Kansas , United States.

    My account was locked for 15 minutes by MR automatically after 5 failed attempts.

    I was asleep when this happened so I know it wasn't me, especially since I am nowhere near either location. Fortunately I have a strong password and kudos to MR for locking the account and sending me a notification of the attempts.
     
  2. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #2
    Wonder if you had a Gawker account and someones trying to use that info?
     
  3. SandboxGeneral thread starter Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #3
    Nope, I don't have a Gawker account.
    :confused:
     
  4. R94N macrumors 68020

    R94N

    Joined:
    May 30, 2010
    Location:
    UK
    #4
    I don't want to sound mean or horrible, but surely there's always people trying to hack accounts on websites? It's great that the accounts are automatically locked after so many attempts though.
     
  5. SandboxGeneral thread starter Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #5
    Oh of course there are always people trying to crack accounts. I'm just surprised that out of 522,574 MR's members, I got "chosen" to be attacked!

    I guess the point of my thread was to see how many other folks had their accounts here attacked.
     
  6. MacDawg macrumors P6

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #6
    Someone tried to hit mine a while back
    I reported it, and had no further issues
     
  7. Apple OC macrumors 68040

    Apple OC

    Joined:
    Oct 14, 2010
    Location:
    Hogtown
    #7
    maybe they are practicing to then go after your FaceBook account and get the really juicy stuff. :cool:
     
  8. SandboxGeneral, Dec 20, 2010
    Last edited: Jun 22, 2013

    SandboxGeneral thread starter Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #8
    It's quite possible. Good thing for me I don't do Facebook, Twitter or MySpace! ;)
     
  9. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #9
    I don't think it's you personally, SandboxGeneral. Many hackers are in fact software, systematically trying many passwords on many accounts. It looks like this is one of those cases since we've heard multiple reports about it.

    To all:

    The key to protecting your MacRumors account, and accounts at other sites, is a non-guessable password. No obvious patterns of letters and digits and no dictionary words or people's names. And never use your user name as your password -- yes, people have done this!

    Many people have the false impression that adding a digit somehow makes a password secure. If your password is "robert1" or "3liz1beth", it's still guessable. Passwords don't have to be long, just not meaningful to anyone else.
     
  10. SandboxGeneral thread starter Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #10
    I agree with you, I never thought it was a personal account attack and probably a bot network or something running a dictionary attack.

    I assume it's bot networks or something that creates false accounts here and posts things to sell sometimes.
     
  11. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #11
    How can you tell, that someone was trying to do this?
     
  12. SandboxGeneral thread starter Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #12
    After 5 failed attempts to login to MR, your account is locked for 15 minutes and an automatic notification email is sent to you advising of the failed attempts. Plus it gives you the IP address of where the failed attempts come from.
     
  13. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #13
    Thanks, for the info. I'll keep that in mind if it occurs to me
     
  14. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #14
    Another good reason to use programs like 1Password to generate random passwords and store them for you--and makes it easy to never use the same password for more than one account. :)
     
  15. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #15
    A corollary: If anybody gets a spam PM, such as an ad from a forum user they don't know, please click the "Report Private Message" [​IMG]icon in the top right corner to report the PM. It may indicate that the PM-sender's account was successfully broken into.
     
  16. R94N macrumors 68020

    R94N

    Joined:
    May 30, 2010
    Location:
    UK
    #16
    I recently just started doing this with LastPass. Very pleased with it so far.
     
  17. gr8whtd0pe macrumors 6502a

    gr8whtd0pe

    Joined:
    Feb 21, 2008
    Location:
    Belle, WV
    #17
    Or an Vbulletin forum for that matter. It's not a MacRumors only thing.
     
  18. WildCowboy Administrator/Editor

    WildCowboy

    Staff Member

    Joined:
    Jan 20, 2005
    #18
    To be clear, it's an optional setting for board administrators, but most sites have it enabled.
     
  19. eRondeau macrumors 6502a

    eRondeau

    Joined:
    Mar 3, 2004
    Location:
    Canada's South Coast
    #19
    Been there too....

    In January 2007 my MR account was hacked by two IP Addresses registered to the South African arm of a well-known online sales corporation based in Seattle. MR's security protocols functioned properly and other than being locked-out for a while I've had no further problems. :apple:
     
  20. SandboxGeneral thread starter Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #20
    I had a fairly strong password for MR when my account was attacked, but I went and changed it to an even stronger one afterward. One can never be too careful.
     

Share This Page