Clausewitz
Luxor Member
Veni. Vidi. Vici. Mori.
Posts: 1,437
|
Post by Clausewitz on Dec 4, 2007 13:27:11 GMT
Roger, I didn't see any IP matches for Inyati and Skulks, simply that they had a suspect level of IP logins, and both would appear to have the level fo access in question for the screenshots.
Just saying that, at a cursory glance, it could be the Skulks or Inyati accounts that were accessed...
|
|
Arminius
Morkin Admin
Ich bin Bl?cher
Posts: 4,148
|
Post by Arminius on Dec 4, 2007 13:32:22 GMT
Nice. It shows three addresses for me, and all are good. How come Cesium has so many? Does that indicate a dynamic IP allocation?
|
|
Arminius
Morkin Admin
Ich bin Bl?cher
Posts: 4,148
|
Post by Arminius on Dec 4, 2007 13:33:29 GMT
Roger, I didn't see any IP matches for Inyati and Skulks, simply that they had a suspect level of IP logins, and both would appear to have the level fo access in question for the screenshots. But the DB accounts/passwords are not related to the forum ones, are they? Unless the DB password was sent in a forum message...
|
|
Clausewitz
Luxor Member
Veni. Vidi. Vici. Mori.
Posts: 1,437
|
Post by Clausewitz on Dec 4, 2007 13:49:01 GMT
Roger, I didn't see any IP matches for Inyati and Skulks, simply that they had a suspect level of IP logins, and both would appear to have the level fo access in question for the screenshots. But the DB accounts/passwords are not related to the forum ones, are they? Unless the DB password was sent in a forum message... Good question there - very important question. And yes, a high number of distict IP's indicates a dynamic login "location". This happens when: 1. You use public computers frequently, such as school libraries. 2. You use a proxy/TOR/related IP-masker. Guys like you and me, Arminius, probably login from home, work, and maybe a relative's house, or something of the sort. Mine are two different work offices (note the same subnets), and my home IP (which is shared with Calamity aka Jessica). What probably needs to happen is have everyone with over, say, 5 different IP logins to just give a brief, "Yup, I login in on a college campus so my IP jumps all over the place", or "no, I only log in from home, so there shouldn't be more than 1-2 IP's I would have used".
|
|
Shendemiar
Morkin Admin
Mmmm, free goo!
Posts: 6,751
|
Post by Shendemiar on Dec 4, 2007 14:09:56 GMT
DB and forum are not linked anyhow. In some rare cases i have re-sent lost passwords with forum IM but i have no way to remember which ones... only under 5 in any case.
|
|
Clausewitz
Luxor Member
Veni. Vidi. Vici. Mori.
Posts: 1,437
|
Post by Clausewitz on Dec 4, 2007 14:13:20 GMT
Semi-related question, Robert:
If I am account-sitting, for instance, Kae (which I was last weekend), and I log an event report from his account into Corleth to save him the hassle when he gets home...
Does that count as my DB account being used, or does it register that it is from Kae's account, so shows Kae's DB account tied to my IP?
My line of thought is that people who have others sit for them often enough would tend to have a high number of different IP access...
|
|
Arminius
Morkin Admin
Ich bin Bl?cher
Posts: 4,148
|
Post by Arminius on Dec 4, 2007 15:02:59 GMT
It would be your account, as you are logged in as yourself, even though the attacker/defender would be kae.
|
|
SkulkrinBait
Morkin Admin
Haxx0rs == Suxx0rs! v4
Posts: 6,680
|
Post by SkulkrinBait on Dec 4, 2007 15:33:06 GMT
Cheat!
|
|
SkulkrinBait
Morkin Admin
Haxx0rs == Suxx0rs! v4
Posts: 6,680
|
Post by SkulkrinBait on Dec 4, 2007 15:36:50 GMT
My IP count might be high due to the fact I login from 4 different PCs, some on dynamic IPs. I think, I'm not very technical when it comes to IPs though.
I am certain my forum account was compromised so maybe they spoofed the IP every time they used it?
Maybe inyatis was too, the screenshots from that haven't been made public yet? Knowing DIGG they've a large stash of such screenshots ready and waiting to be made public over the course of this war. They've probably used what they consider to be the "juiciest" ones though, albeit out of context.
|
|
Sol
Luxor Member
I pledge alligeance to the corn-growers.
Posts: 1,610
|
Post by Sol on Dec 4, 2007 16:18:16 GMT
I think for the purpose of security, Morkin for now, should post all their secret and juiceh stuff on your other forum
|
|
Aesir
Luxor Member
The Wolf
Posts: 200
|
Post by Aesir on Dec 4, 2007 16:36:32 GMT
Interesting bits - keeping in mind I'm only looking at high ranking original Morkin here as that would appear those would be the accounts that could have potentially been hijacked.
Arminius:
91.125.98.54 - brightview.com 147.188.163.23 - bham.ac.uk 82.69.108.27 - zen.co.uk
Ashimar:
82.171.140.184 - tiscali.nl 212.series - unresolvable
skulkrinbait:
86.140.89.241 - btcentralplus.com 217.43.253.215 - btcentralplus.ocm all subsequent ip's - btcentralplus.com
inyati:
213.22.190.124 - unresolvable set 195 and other series - novis.pt
Lord_Reed:
88.110.245.45 - as9105.com 90.199.83.2 - sky.com
really unless there are items in here that look suspect to their OWNERS.. some of this information is lending more towards a leak rather than a hack.
There were no noticable TOR ip's amongst morkin'ers
|
|
SkulkrinBait
Morkin Admin
Haxx0rs == Suxx0rs! v4
Posts: 6,680
|
Post by SkulkrinBait on Dec 4, 2007 16:40:16 GMT
How far back does this info go?
|
|
Aesir
Luxor Member
The Wolf
Posts: 200
|
Post by Aesir on Dec 4, 2007 16:41:15 GMT
as much info as the db gave me
|
|
Aesir
Luxor Member
The Wolf
Posts: 200
|
Post by Aesir on Dec 4, 2007 16:43:21 GMT
skulk - if you happen to only login from one place, you can always go to like whatsmyip.com and get your current ip... if that is the case then we'd be able to figure out from there.
|
|
Shendemiar
Morkin Admin
Mmmm, free goo!
Posts: 6,751
|
Post by Shendemiar on Dec 4, 2007 16:51:56 GMT
Semi-related question, Robert: If I am account-sitting, for instance, Kae (which I was last weekend), and I log an event report from his account into Corleth to save him the hassle when he gets home... Does that count as my DB account being used, or does it register that it is from Kae's account, so shows Kae's DB account tied to my IP? My line of thought is that people who have others sit for them often enough would tend to have a high number of different IP access... Just like Arminius said.
|
|