The Furious Angels
FA Discussion => General => Topic started by: Tbone on January 14, 2005, 12:11:10 pm
-
As you know, every once in a while someone or some group like to try to hack our site. Don't know why...guess they get bored. Anyway, we had another attempt last night. The IP is: 202.33.24.60
Likwidtek and I both received one email about someone trying to reset our password. I was wondering if the rest of you received a similar email. The reason I ask is that the log shows the person loaded up the lost password page quite a few times, but we only received one email each. It appears the "hacker" was trying to brute force his way in - he was still trying WHILE I was reading the log...lol. We banned the IP, but I was just wondering if he was somehow able to access our member list. Your help is appreciated. Thanks!
-
So far myself, likwidtek, and Grim all received an email. Who else?
-
Tbone
likwidtek
GrimKitten
Boombye
Zink
-
It might have something to do with our event tomorrow night.
What a perfect target it is for machines and merovinginans clans. Some players have already said that they wish they could crash it. Maybe someone wants to get in our site to learn exactly where and when it is.
-
Could be, Anyway, I got one. T already knows but here is the low down.
Subject: Confirmation code for Aaura
From: tbone@followtheangel.org
Date: Fri, 14 Jan 2005 04:14:49 -0600
Sent from IP: 202.33.24.60
It was sent nearly three hours ago from the time of this post. It's 18:52 my time.
Somone likes us! :d
Probablly somone looking to hack in and get the details of tomorrows event.
-
Just in case you are interested.....
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
ReferralServer: whois://whois.apnic.net
NetRange: 202.0.0.0 - 203.255.255.255
CIDR: 202.0.0.0/7
NetName: APNIC-CIDR-BLK
NetHandle: NET-202-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS.RIPE.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1994-04-05
Updated: 2004-03-30
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin at apnic.net
# ARIN WHOIS database, last updated 2005-01-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
... here is another whois look up result for 202.33.24.60 from whois.apnic.net :
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 202.32.0.0 - 202.35.255.255
netname: JPNIC-NET-JP
descr: Japan Network Information Center
country: JP
admin-c: JNIC1-AP
tech-c: JNIC1-AP
remarks: JPNIC Allocation Block
remarks: Authoritative information regarding assignments and
remarks: allocations made from within this block can also be
remarks: queried at whois.nic.ad.jp. To obtain an English
remarks: output query whois -h whois.nic.ad.jp x.x.x.x/e
mnt-by: MAINT-JPNIC
changed: apnic-ftp at nic.ad.jp 19991208
status: ALLOCATED PORTABLE
source: APNIC
role: Japan Network Information Center
address: Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
address: Chiyoda-ku, Tokyo 101-0047, Japan
country: JP
phone: +81-3-5297-2311
fax-no: +81-3-5297-2312
e-mail: hostmaster at nic.ad.jp
admin-c: SS13-AP
tech-c: SY7-AP
nic-hdl: JNIC1-AP
mnt-by: MAINT-JPNIC
changed: apnic-ftp at nic.ad.jp 19990629
changed: ip-staff at nic.ad.jp 20030806
source: APNIC
inetnum: 202.33.24.0 - 202.33.24.255
netname: MIL-HS
descr: JENS Corporation
country: JP
admin-c: HO035JP
tech-c: HO035JP
remarks: This information has been partially mirrored by APNIC from
remarks: JPNIC. To obtain more specific information, please use the
remarks: JPNIC whois server at whois.nic.ad.jp. (This defaults to
remarks: Japanese output, use the /e switch for English output)
changed: apnic-ftp at nic.ad.jp 20021010
remarks: This information has been partially mirrored by APNIC from
remarks: JPNIC. To obtain more specific information, please use the
remarks: JPNIC whois server at whois.nic.ad.jp. (This defaults to
remarks: Japanese output, use the /e switch for English output)
changed: apnic-ftp at nic.ad.jp 20021112
source: JPNIC
** You can contact this ISP and inquire about the user of 202.33.24.60 at the time of the incident....
Don't F**k with the Angels! We can find you anywhere.
**There are other tools I could use to track further and get closer to the source/user who attempted the attack, but I do not have the time at this moment...
-
i knew it was the azns...their always after us. hehe yah looks like he was going for "veteran" members, something like that?
-
I got one, too. I didn't respond for obvious reasons. :)
-
Just for the record, I didn't get anything.
-
I got one
-
I recieved one... I guess it is nice to know that we are known as individuals as well as F.A. :D
-
I did not recieve one. However, that's because I dont have my email listed in my account..
-
I got one.... does that mean my password has been reset?
-
I didn't get one... :(
-
I got one...
-
I didn't get one, but it's probably because my MxO forum name is different than my FA forum name.
About the host, the person was probably using a public proxy hosted by that ISP, attempting to mask his identity.
-
As far as I know I didn't receive one, however my spam blocker may have got it and it never even got to me.
-
i didnt get one either *shrug*
-
same here .. i didn't get one... i think they were just picking names at random... or ones they identified easily.
-
thats cause u guys r noobs, lol arch, not sure why u didn't get one, lithium you prob didn't get one cause your name is new, not as old as us :)
-
I got nada
-
so is it an aussie or japanese person??
check if we kicked out anyone from australia
-
hmmmn, well it seemed it was most likely a proxy. If someone was gonna do anything like this, I would hope they are smart enough to proxy it. JP? If it's a JP proxy, I expect the "portal" (the info for the proxy) is in Japansese too. I did a quick search, and couldn't find any listing for this IP. However, this site is in English?
IP resolved to:
https://kaam0.misawa.attmil.ne.jp:455/ - can't get in.
However - this gives http://www.attmil.ne.jp
WIFI access for areas of Japan. In English? Strange. Regardless, it looks like Japan is "unwired", but the guy would still have to have an account. They (WIFI ISP) also serve the Military. So, I think we are looking for some Japanese guy, or some guy in the military. Indeed, most of the areas served by the ISP all match US Military base locations.
LOL..
Japan search in MxO brings up a few candidates, but kazuki_unplugged would be my best suggestion since recent activity. I'm not pointing the finger tho.
tayvl is the only user to refer to a name that this WIFI ISP connects in japan - Misawa. So MISAWA appears in the IP resolution (https://kaam0.misawa.attmil.ne.jp:455/) which seems to be the SERVER for MISAWA, Japan (a Military Base), and TAYVL is the only guy in MxO to mention the word MISAWA.
Military is too broad, but I'm guessing its a military guy. Why he's in Japan is anyones guess. Anyone we might have known?
This is like the FA challenge... :D