Failed Login Notification on PC Specialist Forums

alexdw · Feb 16, 2015

Earlier today I received the following automated email from "PC Specialist Forums <[email protected]>", despite not having attempted to login recently:
---
Dear alexdw,

Someone has tried to log into your account on PC Specialist Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 117.171.124.81

All the best,
PC Specialist Forums
---

A quick Google search suggests the IP address is in China:
http://www.ip-tracker.org/locator/ip-lookup.php?ip=117.171.124.81

Not sure why anyone would want to hack into my account here - anyone else received similar?

mantadog · Feb 16, 2015

Looks like someone has been trying to log in with your details, the message is genuine that much I can say... Why someone would want to hack your forum account, well it would give access to your PCS account and presumably some more detailed info about you and your orders etc.

It looks like they don't know your password anyway so I wouldn't be overly concerned ( but I would change it to something IMPOSSIBLE to guess)... Apart from that it could be someone with a similar username that has mistyped it....

alexdw · Feb 16, 2015

mantadog said:
Looks like someone has been trying to log in with your details, the message is genuine that much I can say... Why someone would want to hack your forum account, well it would give access to your PCS account and presumably some more detailed info about you and your orders etc.

It looks like they don't know your password anyway so I wouldn't be overly concerned ( but I would change it to something IMPOSSIBLE to guess)... Apart from that it could be someone with a similar username that has mistyped it....

Yeah I suppose maybe my billing/delivery address would be on this account, but I'm not worried about them brute-forcing the password (especially as they can only try around 20 times an hour).

moosEh · Feb 17, 2015

I can confirm no personal details are saved against your forum account and its most likely someone just picking your forum name from the members list and trying the usual pws.

We will have a look into it.

Androcles · Feb 17, 2015

It was someone in China by the looks of it.

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '117.128.0.0 - 117.191.255.255'

inetnum: 117.128.0.0 - 117.191.255.255
netname: CMNET
descr: China Mobile Communications Corporation
descr: Mobile Communications Network Operator in China
descr: Internet Service Provider in China
country: CN
admin-c: JS686-AP
tech-c: HL1318-AP
remarks: service provider
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-CN-CMCC
mnt-routes: MAINT-CN-CMCC
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: [email protected] 20070717
source: APNIC

person: haijun li
nic-hdl: HL1318-AP
e-mail: [email protected]
address: 29,Jinrong Ave, Xicheng district,beijing,100032
phone: +86 1052686688
fax-no: +86 10 52616187
country: CN
changed: [email protected] 20141118
mnt-by: MAINT-CN-CMCC
source: APNIC

person: Jinxia Sun
address: China Mobile Communications Corporation
address: 29, Jinrong Ave., Xicheng District, Beijing, 100032
country: CN
phone: +86-10-52686688
fax-no: +86-10-66006012
e-mail: [email protected]
nic-hdl: JS686-AP
remarks: ------------------------------
remarks: Please send abuse e-mail to
remarks: [email protected]
remarks: Please send probe e-mail to
remarks: [email protected]
remarks: -------------------------------
mnt-by: MAINT-CN-CMCC
changed: [email protected] 20141118
source: APNIC

% Information related to '117.168.0.0/14AS9808'

route: 117.168.0.0/14
descr: China Mobile communications corporation
origin: AS9808
mnt-by: MAINT-CN-CMCC
changed: [email protected] 20080407
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

helen500 · Feb 17, 2015

I've just opened a similar email from PC Specialist Forums, sent today, 17 Feb at 14.01. The IP address for the person trying to log into my account was 223.83.211.119. I haven't joined the forums this year until I looked at this thread. Can't think why anyone would bother trying to hack my account.

SpyderTracks · Feb 17, 2015

helen500 said:
I've just opened a similar email from PC Specialist Forums, sent today, 17 Feb at 14.01. The IP address for the person trying to log into my account was 223.83.211.119. I haven't joined the forums this year until I looked at this thread. Can't think why anyone would bother trying to hack my account.

That's another china based IP... they're having fun!

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '223.64.0.0 - 223.117.255.255'

inetnum: 223.64.0.0 - 223.117.255.255
netname: CMNET
descr: China Mobile Communications Corporation
descr: Mobile Communications Network Operator in China
descr: Internet Service Provider in China
country: CN
admin-c: LCJ-AP
tech-c: HL1318-AP
status: ALLOCATED PORTABLE
remarks: service provider
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
mnt-by: APNIC-HM
mnt-lower: MAINT-CN-CMCC
mnt-irt: IRT-CHINAMOBILE-CN
changed: [email protected] 20120106
source: APNIC

irt: IRT-CHINAMOBILE-CN
address: China Mobile Communications Corporation
address: 29, Jinrong Ave., Xicheng District, Beijing, 100032
e-mail: [email protected]
abuse-mailbox: [email protected]
admin-c: CT74-AP
tech-c: CT74-AP
auth: # Filtered
mnt-by: MAINT-CN-CMCC
changed: [email protected] 20141118
source: APNIC

person: haijun li
nic-hdl: HL1318-AP
e-mail: [email protected]
address: 29,Jinrong Ave, Xicheng district,beijing,100032
phone: +86 1052686688
fax-no: +86 10 52616187
country: CN
changed: [email protected] 20141118
mnt-by: MAINT-CN-CMCC
source: APNIC

person: li changjun
address: 29 jinrong ave. xicheng district, beijing China
country: CN
phone: +86 52686688
e-mail: [email protected]
nic-hdl: lcj-ap
mnt-by: MAINT-CN-CMCC
changed: [email protected] 20071010
source: APNIC

% Information related to '223.64.0.0/11AS9808'

route: 223.64.0.0/11
descr: China Mobile communications corporation
origin: AS9808
mnt-by: MAINT-CN-CMCC
changed: [email protected] 20120215
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

totomas · Mar 11, 2015

Same here yesterday, also from some Chinese dude

Duncoman · Mar 20, 2015

Yep, got the same email yesterday, from another Chinese ip - 117.171.248.228

dante7154 · Apr 2, 2015

Just had the email so thought I better post too IP address: 117.167.195.194 Chinese IP

imski · Apr 27, 2015

Just had the same from 178.168.68.7

Nakrid · Jul 20, 2015

Just had the same here, IP was 35.0.127.52 .

bencha · Jul 21, 2015

Same, IP was 213.136.75.42

moosEh · Jul 23, 2015

Sorry for this guys, we have removed the ability to view the member list for non-members and users awaiting mod to see if this stops the spam!

Dicky-Art · Jul 26, 2015

Today I got the same message so either your messages are delayed or it isn't stopping attempts.
From the following IP address: 77.109.141.138

Matva · Jul 31, 2015

Hi guys. Got the same email today:

The person trying to log into your account had the following IP address: 5.199.165.3

danmoi · Aug 2, 2015

I got it today from IP 176.126.252.11
Depending which site I use to locate it, it could be Luxembourg/Texas/Romania/Somewhere off the West coast of Africa?!

I'll just delete my account if possible as I don't use it and this doesn't feel secure at all if people are actively targetting this site.

odie147 · Aug 2, 2015

Got an email today at 6:23 PM GMT time with the IP address 62.212.89.117 which is an exit node for TOR

I'm guessing the reason for it is they are looking for people who use the same username across multiple sites and hoping they use the same password and trying to brute force it so they access to more meaningful accounts.

Pete1564 · Aug 19, 2015

Just got same email - access attempted from 176.10.104.240 which is also a TOR IP address. Bit worrying.

mantadog · Aug 19, 2015

Pete1564 said:
Just got same email - access attempted from 176.10.104.240 which is also a TOR IP address. Bit worrying.

As stated before, noting too much to be concerned about. Just make sure your password is fairly strong and you can sit back and forget about it.

Failed Login Notification on PC Specialist Forums

Member

Superhero Level Poster

Member

Administrator

Rising Star

Member

We love you Ukraine

Active member

Member

Member

Member

New member

Member

Administrator

Active member

Member

Member

Active member

New member

Superhero Level Poster