Somebody's trying to hack ITT - Page 2 - maemo.org

curiousj | # 11 | 2007-08-08, 18:38 | Report

yet another.

what would this guy gain from having my lame forum account?

Rocketman | # 12 | 2007-08-08, 19:01 | Report

This site isn't exactly known for the most proactive administration. The ip needs to get banned immediately and reported to the ISP. Reverse DNS reveals it to be a static ip provided by a hosting company called "The Planet" in Texas. It is likely a compromised rented server, but equally possible it could be a rented server which some script kitty is using for hacking purposes. I sure hope they didn't rent that server on daddy's credit card, cause if they did, they are in for a world of hurt.

unique311 | # 13 | 2007-08-08, 19:28 | Report

I got the same ******** email also..."Hi i am new here blah blah blah..."
I thought it was a joke, because of a thread i started that was being attack on the basis that it was thought to be spam.
but i guess not.

brendan | # 14 | 2007-08-08, 19:54 | Report

i happen to be a member at forums.remote-exploit.org and both sites gave me that email. seems like there is something more than meets the eye going on here.

FirebirdFeuervogel | # 15 | 2007-08-08, 20:01 | Report

I'm starting to think this might be a fully automated attack, this box might just be trying to brute force forums in general, not for the forum accounts but for the passwords. Logic possibly being that people have a tendency to use the same username and password across multiple websites, and the person behind this is probably hoping that your PayPal account is the same thing as your ITT account. So. Make sure it isn't.

glabifrons | # 16 | 2007-08-08, 20:06 | Report

Sounds like 2 things going on here...

1. Brute force attack.
Likely rotating usernames with the passwords in an attempt to keep from getting locked out, but obviously running into dupes too quickly (causing the temporary lockouts).

2. Social engineering(?)
The guy I got the same lame private message from called himself "einstein2".
I'm not sure if there might be something embedded in the message (I didn't bother reading through the HTML), but it did include a link to http://stein.freehostia.com (which is blocked by our proxy). I would not recommend following the link, as it may host malware.

Reggie | # 17 | 2007-08-08, 20:35 | Report

I'm investigating the problem and have just blocked the IP from the firewall.

Thanks.

luketoh | # 18 | 2007-08-09, 07:44 | Report

same, i got an email from einstein2

Originally Posted by

Hello,
I'm new here and just wanted to say "hi"

How's it going?

"Buddhism has the characteristics of what would be expected in a cosmic religion for the future: it transcends a personal God, avoids dogmas and theology; it covers both the natural & spiritual, and it is based on a religious sense aspiring from the experience of all things as a meaningful unity" - Albert Einstein

---
einstein2
http://stein.freehostia.com

Frankowitz | # 19 | 2007-08-09, 09:23 | Report

Originally Posted by luketoh View Post

same, i got an email from einstein2

I got that mail too, Luke. I deleted it as I thought someone was playing a joke on me.
Looking a bit further at the link at the end of the message:

'Site stein.freehostia.com blocked; this is a known spyware/adware website.'

So don't visit.

Last edited by Frankowitz; 2007-08-09 at 09:26.

Tragos | # 20 | 2007-08-09, 14:16 | Report

I just got this private message from "einstein2", too. Let's see how soon my account is locked...