Reply With QuoteI'm no computer security expert, but in light of a few TZers having their accounts hacked in the past, I would make sure I had a very secure password - the sort with a variety of numbers, upper and lower case letters and some 'special' characters.
I received an email this afternoon to tell me that my tz-uk account had been locked because someone had tried (incorrectly) 5 times to put in a password. It was not me. The email told me what IP address was used for this.
What should I do? Now it is unlocked again, but should I be taking security precautions? They don’t seem to have hacked my password and I can’t see that they have posted anything in my name. Is there any point in trying to track down the IP address and, if so, how?
Thanks for any tips and sorry if this has been covered before.
Thanks
Ben
Sent from my iPhone using Tapatalk
I'm no computer security expert, but in light of a few TZers having their accounts hacked in the past, I would make sure I had a very secure password - the sort with a variety of numbers, upper and lower case letters and some 'special' characters.
Sometimes this is Tapatalk I think.
Worth checking something like https://whois.domaintools.com/ to see if the IP was vaguely local, at least UK.
What was the IP address?Originally Posted by bmpf
212.187.124.203
Sent from my iPhone using Tapatalk
Amsterdam
That was Daddel.
https://iplocationtools.com/212.187.124.203
Someone who lies about the little things will lie about the big things too.
On a serious note, unless you posted your email somewhere on the forum, I find these hacking attempts puzzling. Obviously there are many email/password combinations from the various data hacks in circulation and I can see how it is tempting for people to try these on various sites, knowing that many people will still use the same password across a number of sites. However, as TZ-UK to the best of my knowledge does not accept email addresses but only user names, it is difficult to see how the email/password combo could be matched to your user ID.
But then I do not believe in coincidence, it's not like those people just take a random user and try five random passwords - they must have something in their possession why they are targeting you. Was there a security incident at another forum/site where you are using the same user name? Any other way to link your username with your email?
In any case, a good idea to change your password.
Someone who lies about the little things will lie about the big things too.
I see that ip address appears on three blacklists but is not on 50+ others. I'm never sure about the significance of an ip appearing on just a few blacklists, anyone know about these things?
I just realised that you are living in Amsterdam?
Suppose you can look for the perpetrator in your private surroundings.
Someone who lies about the little things will lie about the big things too.
IP address is an irrelevance. It can easily be obfuscated (e.g. by NAT) or disguised (e.g. by using a VPN), and doesn't really tell you anything.
Or it might just be finger trouble or a glitch, and not be a targeted attack.
Genuine question: when I get a report from a website telling me the IP addresses of all the failed logins that have occurred, is there any point blocking them?
Most of the IPs will be shared addresses from the large ISP providers, no point blocking them.
The real bad boys will work with obfuscation anyway, the chances to catch them via their IP are very low.
IP addresses in the public internet are overrated as an identifier.
Someone who lies about the little things will lie about the big things too.
Are you sure it’s not your own IP? Sometimes Tapatalk does that.
Nice theory, but in reality most websites demand passwords with capital letters, numbers and symbols.
Best is to use a password manager and create long unique strings (12+ characters).
Someone who lies about the little things will lie about the big things too.
It's not a theory, it's a mathematical fact
That many websites demand passwords with capital letters, numbers and symbols is the point the image is illustrating. We've taught people to use passwords that are easier to crack and harder to remember.
Password managers are a good/convenient alternative, albeit they have their downsides too.
I use 18 character strings with capitals, numbers and symbols and these are better than 20 character strings made from minor letters.It's not a theory, it's a mathematical fact
That many websites demand passwords with capital letters, numbers and symbols is the point the image is illustrating. We've taught people to use passwords that are easier to crack and harder to remember.
Password managers are a good/convenient alternative, albeit they have their downsides too.
That is a mathematical fact.
Someone who lies about the little things will lie about the big things too.
Not if your starting point is zero knowledge of the password. In that instance, the computer will be checking every variation, and 20 is longer than 18. There's no reason to take the assumption someone has only used minor letters.
I also suspect many folk using an "18 character string with capitals, numbers and symbols" aren't remembering the password themselves. They're either using the same one in lots of places (introduces vulnerability) or they're relying on 3rd party password storage (introduces vulnerability). Not saying you specifically, just generally.
Anyway if you're interested, check out the opinion of the guy who wrote the book on passwords: https://www.wsj.com/articles/the-man...1-d-1502124118
Both methods have strengths and weaknesses, and if used correctly they are both impenetrable to attack by almost all hostile actors. The problems occur when users compromise that integrity such as by repeating passwords across multiple sites, using 'random' words that have specific relevance to themselves or using a poorly protected vault.
Don't just do something, sit there. - TNH
Right, I’ve just finished changing all my passwords to correcthorsebatterystaple.
Dunno what I’d do without this place sometimes 👍
I'd still write it down somewhere just in case. The last page of a notebook is safe, nobody ever thinks to look there.
Don't just do something, sit there. - TNH
I’m thinking I could add some more bits-and-pieces of hen trophies by doing mirror writing, or invisible ink.
I'm going to be using that.
Don't just do something, sit there. - TNH
Posting Permissions