eproxy
Luxor Admin
Oceans old & new
Posts: 1,941
|
Post by eproxy on Dec 3, 2007 23:43:50 GMT
The IP's of some 'Guests' on the forum today: 142.177.60.77 (Halifax, Nova Scotia, Canada) 68.78.142.109 (Maywood, Illinois, USA) 151.204.209.195 (New Lisbon, New Jersey, USA) Any way of correlating that with IP's we know through Pantheon/IK.COM/AMC or Digg forums? There is also the possibility that they're the IP's of some Morkin member who just hasn't logged in yet (there are quite a few (~10) Morkin people online at the moment). Added; those locations should belong to the ISP's not the actual physical location of the computer (although it could do for all I really know). I used this site to check them. |
|
|
|
Post by ashimar on Dec 4, 2007 1:12:48 GMT
Sorry, but I know absolutely nothing about IP's and software related things. I used to be a hardware guy, but that was in the time you had 33K6 modems....
|
|
Clausewitz
Luxor Member
Veni. Vidi. Vici. Mori.
Posts: 1,437
|
Post by Clausewitz on Dec 4, 2007 2:00:26 GMT
What little I do know is that we would have to match them up on the DIGG side of things. I no longer have that ability  |
|
Aesir
Luxor Member
The Wolf
Posts: 200
|
Post by Aesir on Dec 4, 2007 2:01:57 GMT
the only point in attempting to compare, is hunting for a UK address among morkin members that arent from the uk in order to prove phil was the culprit.
|
|
Clausewitz
Luxor Member
Veni. Vidi. Vici. Mori.
Posts: 1,437
|
Post by Clausewitz on Dec 4, 2007 2:08:33 GMT
the only point in attempting to compare, is hunting for a UK address among morkin members that arent from the uk in order to prove phil was the culprit. But Phil was very proficient in TOR. Not sure what kind of IP TOR would produce, but he was always diligent with it in our time (back when cracking the Phoenix forums was all the rage... my how times change...) |
|
|
|
Post by ashimar on Dec 4, 2007 2:11:41 GMT
Well, that is going to be difficult if not impossible as most are U.K. based, only one is Australian, two are Danish, two are Greek, One is Slovenian, I am Dutch/Luxembourgish, there used to be a Croatian one, there's one Fin, two or three Portugese, three Irish. I don't really see how this is going to work. ther is no U.S. based member and Skulkrinbait is British and hearing the assumption is that Phil299 is also British it appears we are looking for a needle in a haystack.
|
|
Aesir
Luxor Member
The Wolf
Posts: 200
|
Post by Aesir on Dec 4, 2007 2:15:40 GMT
still, the UK isn't reliant on ONE ISP
believe me, i became VERY proficient fishing out suspect ip's while as digg admin... it's all i Fottuto! did.
id be glad to share my methods but i think id just leave heads spinning.
and clause - TOR ip's are generally easily recognized.. just gotta know what youre lookin for.
|
|
|
|
Post by Dalfiatach on Dec 4, 2007 2:19:18 GMT
Plus I use an Irish ISP when I'm in Galway and a UK ISP when I'm in Derry, muddying the waters even further...
|
|
Aesir
Luxor Member
The Wolf
Posts: 200
|
Post by Aesir on Dec 4, 2007 2:20:55 GMT
There are ways to sort these problems....
|
|
Clausewitz
Luxor Member
Veni. Vidi. Vici. Mori.
Posts: 1,437
|
Post by Clausewitz on Dec 4, 2007 2:27:30 GMT
still, the UK isn't reliant on ONE ISP believe me, i became VERY proficient fishing out suspect ip's while as digg admin... it's all i Fottuto! did. id be glad to share my methods but i think id just leave heads spinning. and clause - TOR ip's are generally easily recognized.. just gotta know what youre lookin for. So the obvious question is, if Shen did make it possible for you to see forum IP hits, you are confident you could find TOR access, right? Perhaps, if there are security concerns, Shen could just give you the list of IPs, without the user names attached. You could spot the suspect ones, inform him, and he could match them up with the users. Is there a historical log of IP address accesses? For instance, would it be possible to see, for instance, the past 20 IP logins for every member? Would be good to confirm it is not still currently taking place, and just some final confirmation that Skulkrinbait's was the compromised account (though his little program he wrote this morning seems to make that conclusive that it was a brute-force entry). Also, I noticed the following when I tried to post... Never seen that before. Unusual for having about 5 members logged in, to say the least. Looks like there may be quite a few people currently "knocking on our door", so to speak... |
|
Aesir
Luxor Member
The Wolf
Posts: 200
|
Post by Aesir on Dec 4, 2007 2:33:37 GMT
uh.. since im pretty well brain dead from work today ryan, ill answer that with "Yes."
|
|
eproxy
Luxor Admin
Oceans old & new
Posts: 1,941
|
Post by eproxy on Dec 4, 2007 11:31:00 GMT
You could just find out where Phil lives for us...  |
|
Shendemiar
Morkin Admin
Mmmm, free goo!
Posts: 6,751
|
Post by Shendemiar on Dec 4, 2007 13:01:11 GMT
|
|
Clausewitz
Luxor Member
Veni. Vidi. Vici. Mori.
Posts: 1,437
|
Post by Clausewitz on Dec 4, 2007 13:19:26 GMT
Great stuff Shen.
I'll take a closer look when I have more time - this week is another hellish one at work.
Off the cuff, these two look suspect...
That's 89 distinct IP's logging in for inyati (including a long list of 1-time log-in IP's), and 41 for skulkrinbait.
Is there any chance Inyati's account could have been compromised?
|
|
Shendemiar
Morkin Admin
Mmmm, free goo!
Posts: 6,751
|
Post by Shendemiar on Dec 4, 2007 13:21:51 GMT
In general only my account should be able to log to other accounts from same IP. I gave the permission for you and Calamity, and to someone in Luxor i cannot recall.
Long list of different ips for one day seems like a proxy, or shared ip between two accounts... Or ip in wrong country!
|
|
