Dear overpowered,

Your account on ApteraForum.com - Unofficial Aptera Car Forum has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 199.48.147.38It most definitely wasn't me. I use a long machine generated password. It's unguessable. They may have moved onto someone else's login after failing to hack mine. The moderators might want to block that IP address or maybe that entire network.

wow. glad you were able to overpower them. Seriously though it is a bit scary that people are trying to hack into accounts. I'm not sure there is a lot to look at once your in, but scary none the less.

There is no Country Code listed for that IP. Fascinating...

JSYK: I just checked your account, and there are only two IPs that have ever been used to access it-- and none of them match the hacker IP.

Everyone should probably strengthen their passwords, just to prevent compromise of their accounts. The spammers are probably angry that I've disabled most of their accounts for the entire year. :P

Thank you for letting us know. Sorry that happened. :(

Two is the expected number. Somehow I've been lucky with my home IP which is dynamic but hasn't actually changed in years.

I got an owner listing from whois and I submitted a ticket to the company that owns it and got this response:

The IP address in question is a Tor exit node:

https://www.torproject.org/overview.html

The Tor network is a privacy, anonymity, and censorship circumvention

network that can be used freely by anyone. It sees use by many

important segments of the population, including whistle blowers,

journalists, Chinese dissidents skirting the Great Firewall and

oppressive censorship, abuse victims, stalker targets, the US

military, and law enforcement, just to name a few:

https://www.torproject.org/torusers.html

As you can see from the overview document, the design of the system is

such that there is nothing that any individual operator can do to

trace connections further.

While Tor is not designed for malicious computer users, it is true

that they can use the network for malicious ends. In reality however,

the actual amount of abuse is quite low:

https://www.torproject.org/faq-abuse.html.enI guess there's not any point in blocking just that one IP, since the hacker will be able to change it easily (kind of the point with anonymizers). You could decide to block all of their IP's if you don't want to be accessed from that anonymizer. That's a larger policy decision.

*sighs* I hate Hackers and Spammers. :P

SEGsby! Back in da house. Missed your biting wit... We miss a lot of the old faces around here.

I got the same message.

I was wondering if this might be related to the Gawker incident?

Luckily, I also use a different random password for every site. So even if my lifehacker.com (a gawker media site) account was compromised, it will not give access to any other accounts. I have seen several similar notifications lately, so I'm guessing that my user name at least was compromised, since I do tend to use the same email/username combo at most sites.

If you are using any of these passwords, you should change them IMMEDIATELY!
The Top 50 Gawker Media Passwords - Digits - WSJ: http://on.wsj.com/hkXvCs

If you want very strong password manager/generator, this is what I recommend. AND it is free!
LastPass - Password Manager, Form Filler, Password Management http://bit.ly/fVrg7F

I got a message from someone here who also got this message. So, that is at least three accounts that were attempted...

I got the same message at work which is not where I do most of my posting to the forum, and we have strong virus protection. Wonder if it's another one of the "meaningless scare" messages that makes the rounds?
Pat Q

The message is (I believe) an automatic warning that comes from this forum's server? It sounds like someone/thing has been attempting to login using the account of an existing forum member.

Yeah. Lots of forum software does that, as does lots of other software that requires a login process. The idea behind locking the account for a while is to keep them from continuously trying to hack the same account. That timing thing really slows things down.

I use a password "safe" program that stores all of my passwords for me. There are several such programs available. I have it generate a unique password for each site. It keeps them in an encrypted database. I have to remember the password for that, and it remembers the passwords for everything else. The downside is that I have to have that program running to login to anything so that I can copy/paste from it, which is why it's nice when forum software recognizes the same login cookie for a significant period of time so I don't have to keep logging in over and over again.

If you want very strong password manager/generator, this is what I recommend. AND it is free!
LastPass - Password Manager, Form Filler, Password Management http://bit.ly/fVrg7F

Forgive me for being reluctant to click on such a cryptic URL. :-) Why not simply point to http://lastpass.com/?

I use and can recommend KeePassX. It has all the bells and whistles mentioned in this thread and it is free. It runs on Mac OSX, Windows, and Linux:

http://keepassx.org