Closing Accounts

[LadiSilverfox]

So today was a historic day for me. I had to delete my three Live Journal accounts (one was for updates on my daughter, one was my fun/original account and one was my serious account). When I came to log on to Gaia this morning I was slightly disturbed to find that my account was closed to me for 15 minutes due to too many login attempts.

Now I am sure this has happened to everyone now and again, random people being dumb. However to top it off at least one if not more than one of my emails had been compromised, and because of a recent forum I joined that had sent my password to that email account I found that my live journal and possibly facebook had been compromised as well.

Luckily LJ allows you to manage your log-in sessions and I found two unknown ISP:
74.14.25.216 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
68.184.38.114 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; acc=; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

I used an ISP lookup to find one went to a Charter customer and one went to a Bell Canada customer. I wish they would give you names so you could press charges against stalkers. I also wish more sites would allow you to manage your log-in sessions the way LJ does so I could prove it was all the same person.

I have a pretty good idea of who it was. Now the question becomes, is it worth me staying on Gaia because said person has been trying to hack this account as well.

Ladi Quiz - heart - Ladi Johari - heart - Ladi Nohari

 

[The Dinosaur Next Door]

Sure it is. Change your password to something random that they can't know. Delete all the emails with passwords in them, and keep them written down until the heat is off.
With regards to finding out who did it, I think there's actually a law against revealing information like that... I'll try to find out for you, if you'd like.  

[LadiSilverfox]

Generally I don't keep passwords in my emails, I usually delete/empty my trash can right away when a site sends one to me. I keep them all in my head.

However I signed up for a new site the other day and they sent my login information to the email and I was not aware they had until today. Thus adding to this mess.

Ladi Quiz - heart - Ladi Johari - heart - Ladi Nohari

 

[124-C]

What you need is a random, 64 character password.

pRubraSaCraQafruqechUKuThexAyeJeprafaprumajUc5WUvAdustuC9tHuK53r

I had my eBay account and the related email account compromised once. It was a b***h to get everything straightened out. Particularly with the email, since I had everything running through that account...

...and Google's just a b***h to work with... >.>  

[The Dinosaur Next Door]

Ooooh. That's not good at all. I have a folder of log-ins and whatnot cause I pay my bills online, but only my mom and I know that password.  

[LadiSilverfox]

I found out that the way they may have gained access to one of my other emails (to gain access to the one in question), I had two emails hooked up to each other for password recovery. Not realizing that the Gmail was hooked to a Yahoo that was hooked to a no longer existing Charter email. All the hacker had to do (seeing they have a charter account - proven by the ISP address) was make a new charter email that matched. Than send the Yahoo email password to the charter email they controlled and than once in the Yahoo email request a copy of the gmail password to the yahoo account...delete all evidence and boom...they have two of my emails and access to any of the accounts tied to them. Than if I had used the same passwords for anything else...boom. Instant break down of almost all my accounts.

Of course to know what email address to create with charter, well for that you would have had to have known me while I was living with Thaliat and palnoki. Kind of cuts the suspect list down a little...doesn't it. *raises a brow*

Edit:
Of course there might have been another way to do it, but it isn't as likely. Or rather, the suspect list is still mighty short. Nor does it change my Chief Suspect.

Ladi Quiz - heart - Ladi Johari - heart - Ladi Nohari

 

[The Dinosaur Next Door]

That's madness. I'm sorry. sad  

[LadiSilverfox]

No need for you to apologize Steph, you didn't do it. XD

But thanks.

Ladi Quiz - heart - Ladi Johari - heart - Ladi Nohari

 

[The Dinosaur Next Door]

But I've been hacked on other accounts... it's a little like having your diary read by strangers. I feel for you.
Again, I'm more than happy to find out if you want me to whether there's a legal way to find names for the ISPs. My mom's a paralegal, so she has access to stuff like that.  

[LadiSilverfox]

That would be awesome, so long as no one (you or your mom) would get in trouble for doing it.

Ladi Quiz - heart - Ladi Johari - heart - Ladi Nohari

 

[124-C]

xxstephasaurusxxrexxx

That's madness. I'm sorry. sad

THAT. IS. SPARTAAAAAAAAAAA!

...it had to be done... >.>  

[The Dinosaur Next Door]

Ha ha, well if there's a way to get it, she'll find it. And we won't get in trouble for it. I think she has a subscription to a site with all these laws and codes on it.
xd @ Tsuji.  

[LadiSilverfox]

*huggles Steph and her mom* That would be the greatest thing ever. Thank you in advance! Hahahaha! I am going to make them pay for violating my privacy!

*laughs at Tsuji*

Ladi Quiz - heart - Ladi Johari - heart - Ladi Nohari

 

[The Dinosaur Next Door]

Let me just be sure we can get that info, first. sweatdrop I'll feel bad if there's no way to find it out...  

[Kalstolyn]

Guessing passwords is not hacking. Just thought I would point that out. Running a script that systematically guesses your password is hacking. So is running a program that captures your password when you log in to a legitimate (ie not phishing) site -- something like a keylogger.

It will be much harder for someone to either guess or hack your password if you have a really secure and hard to guess one. Password cracking is pure mathematics. It involves permutations, patterning, and probability.

Passwords are just about the only time where L33t sp34k and raNdom cAps are actually useful -- you can make your password a word you can remember, like p4s5w0Rd, for instance. This is not an actual password that I am using, it's an example. It does not contain any word in the dictionary, has at least one uppercase letter, and has numbers throughout it, not just at the beginning or end. This kind of password is especially useful for sites that won't allow you to use punctuation or special characters.

If you use all lower-case letters in your password (ie. password) then there are 26 possible characters for each letter of the word, and using permutations, it would be relatively easy to figure it out eventually. Especially if it has actual words in it. As a matter of fact, "password" is probably the first thing someone will try. If you use upper case AND lower case letters (ie. PassWord) the character set is doubled, and there are 52 possibilities.throw in some numbers, and there are 62 possible characters. If you can use punctuation and special characters, your password is harder to guess because there are so many of those. It's really nice when you're allowed to use an apostrophe or a € or a tilde.