Someone Tried to Hack My AZ Billiards Account

Fast Lenny

Fast Lenny

Faster Than You...
Silver Member
Well just getting going right now and looked in my email as I do every morning and got an email from AZ Billiards that someone tried to log into my account atleast 5 times unsuccessfully and also twice this happened. Here is the 2 IP addresses it gave me that tried to log in. 205.188.116.17 and 75.60.23.226 . If anyone can help me track it back to the owner of the IP that would be cool, I tried online and just got that one was America Online (Virginia) and the other was AT&T (Texas). :cool:
 
That sucks Lenny, but it means you have a good password. Some don't...like some use their username as their password. Big no-no on forums or anywhere really.
 
mosconiac said:
That sucks Lenny, but it means you have a good password. Some don't...like some use their username as their password. Big no-no on forums or anywhere really.
Click to expand...

Yeah it will be tough for them to get in as my password is not easy, might still change all mine to something new. :cool:
 
Fast Lenny's alter-ego?

Fast Lenny said:
Well just getting going right now and looked in my email as I do every morning and got an email from AZ Billiards that someone tried to log into my account atleast 5 times unsuccessfully and also twice this happened. Here is the 2 IP addresses it gave me that tried to log in. 205.188.116.17 and 75.60.23.226 . If anyone can help me track it back to the owner of the IP that would be cool, I tried online and just got that one was America Online (Virginia) and the other was AT&T (Texas). :cool:
Click to expand...

Fast Lenny:

That must've been your alter-ego, Slow Lenny, although he/she might not be too slow to go from Virginia to Texas in the span of a short time! :D

Seriously though, your "whois" lookup on those IPs are correct; the 205.188.116.17 IP is part of AOL's pool, and the 75.60.23.226 is part of AT&T's Plano, TX pool.

Here's the relevant whois lookups:

205.188.116.17
https://ws.arin.net/whois/whois/?queryinput=205.188.116.17

75.60.23.226:
https://ws.arin.net/whois/?queryinput=! NET-75-60-20-0-1

...and here's some relevant reverse DNS lookups (the pertinent info is in bold):

$ dig -x 205.188.116.17

; <<>> DiG 9.3.5-P2 <<>> -x 205.188.116.17
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 406
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;17.116.188.205.in-addr.arpa. IN PTR

;; ANSWER SECTION:
17.116.188.205.in-addr.arpa. 3600 IN PTR cache-dtc-aa13.proxy.aol.com.

;; Query time: 80 msec
;; SERVER: [...deletia...]
;; WHEN: Mon Nov 2 11:24:16 2009
;; MSG SIZE rcvd: 87

$ _​

...and the same for the Plano, TX IP:

$ dig -x 75.60.23.226

; <<>> DiG 9.3.5-P2 <<>> -x 75.60.23.226
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 298
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;226.23.60.75.in-addr.arpa. IN PTR

;; ANSWER SECTION:
226.23.60.75.in-addr.arpa. 7200 IN PTR adsl-75-60-23-226.dsl.emhril.sbcglobal.net.

;; Query time: 98 msec
;; SERVER: [...deletia...]
;; WHEN: Mon Nov 2 11:27:05 2009
;; MSG SIZE rcvd: 99

$ _​

I hope this is helpful info!
-Sean
 
Last edited:
From Geobytes IP Locator, your 1st IP address - with an 83% certainty originated in Long Island. That's somewhat low in certainty.

IP Address to locate: 205.188.116.17

The second IP with a 96% certainty is Elgin, ILL.

Go to: http://www.geobytes.com/IpLocator.htm?GetLocation

enter the IP address and see the info. It's free.

You'll even get a map of where the suspect IP originated. Good luck finding the culprit. No one likes to have strangers peaking under their skirt. :eek:


KK9 <-- used to run message boards in a family biz and had to root out some unsavory folk
 
sfleinen said:
Fast Lenny:

That must've been your alter-ego, Slow Lenny, although he/she might not be too slow to go from Virginia to Texas in the span of a short time! :D

Seriously though, your "whois" lookup on those IPs are correct; the 205.188.116.17 IP is part of AOL's pool, and the 75.60.23.226 is part of AT&T's Plano, TX pool.

Here's the relevant whois lookups:

205.188.116.17
https://ws.arin.net/whois/whois/?queryinput=205.188.255.255

75.60.23.226:
https://ws.arin.net/whois/?queryinput=! NET-75-60-20-0-1

...and here's some relevant reverse DNS lookups:

$ dig -x 205.188.116.17

; <<>> DiG 9.3.5-P2 <<>> -x 205.188.116.17
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 406
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;17.116.188.205.in-addr.arpa. IN PTR

;; ANSWER SECTION:
17.116.188.205.in-addr.arpa. 3600 IN PTR cache-dtc-aa13.proxy.aol.com.

;; Query time: 80 msec
;; SERVER: [...deletia...]
;; WHEN: Mon Nov 2 11:24:16 2009
;; MSG SIZE rcvd: 87

$ _​

...and the same for the Plano, TX IP:

$ dig -x 75.60.23.226

; <<>> DiG 9.3.5-P2 <<>> -x 75.60.23.226
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 298
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;226.23.60.75.in-addr.arpa. IN PTR

;; ANSWER SECTION:
226.23.60.75.in-addr.arpa. 7200 IN PTR adsl-75-60-23-226.dsl.emhril.sbcglobal.net.

;; Query time: 98 msec
;; SERVER: [...deletia...]
;; WHEN: Mon Nov 2 11:27:05 2009
;; MSG SIZE rcvd: 99

$ _​

I hope this is helpful info!
-Sean
Click to expand...

Thanks Sean, that is what I did and got Virginia and Texas, not sure what the deal is with that but the messages were sent at 1:08am and 3:20am, very weird as I have never had this happen before.
 
KoolKat9Lives said:
From Geobytes IP Locator, your 1st IP address - with an 83% certainty originated in Long Island. That's somewhat low in certainty.

IP Address to locate: 205.188.116.17

The second IP with a 96% certainty is Elgin, ILL.

Go to: http://www.geobytes.com/IpLocator.htm?GetLocation

enter the IP address and see the info. It's free.

You'll even get a map of where the suspect IP originated. Good luck finding the culprit. No one likes to have strangers peaking under their skirt. :eek:


KK9 <-- used to run message boards in a family biz and had to root out some unsavory folk
Click to expand...

Crazy how we have 4 different locations for 2 IP addresses. :eek:
 
Fast Lenny said:
Crazy how we have 4 different locations for 2 IP addresses. :eek:
Click to expand...

Lenny:

Even though the IP pools themselves were registered in VA and TX, it's possible (and common practice with ISPs) to internally split those pools amongst several locations. This internal-only splitting is not reflected in the IP registrar info, so the IP geographic mapping sites may be more accurate as to what geographic location it originated from.

However, if you had to lodge a formal complaint with an Internet Service Provider (say, AZBilliards wanted to lodge a complaint because they were the "attacked" site), they're only interested in the IP itself and the Registrar info, because that IP ownership info is more important. They don't care about the geographic mappings in most cases, because the "attacked" ISP would directly contact the corporation mentioned in "attacker IP's" Registrar info. (It's then up to that "attacker's IP" ISP to ferret out where the offender originated from, since only they know how they internally split the block of IPs and from what location the attacker originated from.)

Hope that's helpful!
-Sean
 
sfleinen said:
Lenny:

Even though the IP pools themselves were registered in VA and TX, it's possible (and common practice with ISPs) to internally split those pools amongst several locations. This internal-only splitting is not reflected in the IP registrar info, so the IP geographic mapping sites may be more accurate as to what geographic location it originated from.

However, if you had to lodge a formal complaint with an Internet Service Provider (say, AZBilliards wanted to lodge a complaint because they were the "attacked" site), they're only interested in the IP itself and the Registrar info, because that IP ownership info is more important. They don't care about the geographic mappings in most cases, because the "attacked" ISP would directly contact the corporation mentioned in "attacker IP's" Registrar info. (It's then up to that "attacker's IP" ISP to ferret out where the offender originated from, since only they know how they internally split the block of IPs and from what location the attacker originated from.)

Hope that's helpful!
-Sean
Click to expand...

Thanks bud, I email AT&T for the one IP and am going to try and find out more info, just makes you feel violated in a not so good way, some people just have no lives I guess. :grin:
 
You know, I wasn't going to say anything because I wasn't sure about it, but less than a year ago, the same thing happened to me on this forum.

I wondered if somebody somehow figured out how to get into the administrative software or maybe used to be an administrator on a forum.

Heck, I don't have anything to hide. If somebody is bored enough to read my PMs, then God bless them. They must really lead a boring life. :grin:
 
Fast Lenny said:
Thanks bud, I email AT&T for the one IP and am going to try and find out more info, just makes you feel violated in a not so good way, some people just have no lives I guess. :grin:
Click to expand...

Oh, yeah, I forgot to mention that I ended up deleting all my cookies and temporary files because of it. I had an odd-looking AzBilliards cookie that I had not had previously. So delete your cookies and temporary files too.

Just in case you have a virus or trojan or worm, it might be something like that hacking into your AzBilliards account. :mad:
 
JAM said:
Oh, yeah, I forgot to mention that I ended up deleting all my cookies and temporary files because of it. I had an odd-looking AzBilliards cookie that I had not had previously. So delete your cookies and temporary files too.

Just in case you have a virus or trojan or worm, it might be something like that hacking into your AzBilliards account. :mad:
Click to expand...

And do a full security scan. Then get exorcised, go to a witch doctor and fer crying out loud, take a shower. :grin:
 
JAM said:
You know, I wasn't going to say anything because I wasn't sure about it, but less than a year ago, the same thing happened to me on this forum.

I wondered if somebody somehow figured out how to get into the administrative software or maybe used to be an administrator on a forum.

Heck, I don't have anything to hide. If somebody is bored enough to read my PMs, then God bless them. They must really lead a boring life. :grin:
Click to expand...

Jam

Vbulletin Forums are the most popular or widely use Forum program. I know for a fact the administrator can read your PM box as I was a Moderator on one such forum of a much different subject. As a Moderator Passwords are not all that protected if you know how to get them. Most people will use the same password for everything. Hacking into the administrators Password is hard but not impossible. Because one such Admin logged on to my forum using his same password I was able to hack his. It can be interesting or boring to read the Moderators Forum. They say things there not intended for public view. Of course once logged in you can change a administrators Password :grin: Oh yes there are Forum wars and that is why I no longer want to be a Moderator.
 
Last edited:
Ball Banger said:
Jam

Vbulletin Forums are the most popular or widely use Forum program. I know for a fact the administrator can read your PM box as I was a Moderator on one such forum of a much different subject. As a Moderator Passwords are not all that protected if you know how to get them. Most people will use the same password for everything. Hacking into the administrators Password is hard but not impossible. Because one such Admin logged on to my forum using his same password I was able to hack his. It can be interesting or boring to read the Moderators Forum. They say things there not intended for public view. Of course once logged in you can change a administrators Password :grin: Oh yes there are Forum wars and that is why I no longer want to be a Moderator.
Click to expand...

That is interesting. I did not know that. :eek:

I will have to be careful and not write anything untoward about Mike Howerton and Mr. Wilson again! :grin-square:
 
You must log in or register to reply here.
Back
Top