Chief Delphi
Page 2 of 4 < 1 2 34 >
Show 100 post(s) from this thread on one page

Chief Delphi (http://www.chiefdelphi.com/forums/index.php)
-   General Forum (http://www.chiefdelphi.com/forums/forumdisplay.php?f=16)
-   -   Hacked (For real this time) (http://www.chiefdelphi.com/forums/showthread.php?t=94253)

BrandonD-1528 03-04-2011 16:35
Re: Hacked (For real this time)
 
I had dialup until November 2009, and I still use it at my dad's. I know the feeling.

johnmaguire2013 03-04-2011 16:43
Re: Hacked (For real this time)
 
Quote:
Originally Posted by MishraArtificer (Post 1048801)
...unless they were using dialup, and their IP address changed when they logged off and back in.

And don't laugh, I had dialup access only here at the house until just this year.
I have dynamic IPs with my current DSL ISP. Even so, there isn't much you can do with an IP address short of giving it to the police, or the ISP. And the ISP keeps logs for at least a while of who has what IP address for how long.

BrandonD-1528 03-04-2011 22:24
Re: Hacked (For real this time)
 
An update... I checked the IP logger I implemented yesterday and found this:

Code:
04/03/2011 12:41:03 - 76.226.163.182 -  - FAILED ATTEMPT
04/03/2011 13:02:09 - 76.226.163.182 - ' OR '1'='1'-- - FAILED ATTEMPT
04/03/2011 13:02:17 - 76.226.163.182 - ' OR '1'='1 - FAILED ATTEMPT
04/03/2011 13:02:22 - 76.226.163.182 -  - FAILED ATTEMPT
04/03/2011 13:02:23 - 76.226.163.182 -  - FAILED ATTEMPT
The IP traces to AT&T's Livonia node, which covers a good chunk of Southeast Michigan. Any ideas?

Sebastian Merz 04-04-2011 17:29
Re: Hacked (For real this time)
 
Yep, that's your run-of-the-mill SQL Injection attack. Since the person didn't actually gain access to your site, I don't think that's actually illegal. It's probably the same person as before though, so you could try going to the ISP/Police. I kinda doubt they will spend time on a simple injection with no real damage (except that you had to fix your site).

BrandonD-1528 04-04-2011 18:02
Re: Hacked (For real this time)
 
To be more specific, we found it traces to somewhere near the corner of 5-mile and Farmington in Livonia, which happens to be near the location of Churchill High School.

BornaE 04-04-2011 18:11
Re: Hacked (For real this time)
 
Quote:
Originally Posted by BrandonD-1528 (Post 1049364)
To be more specific, we found it traces to somewhere near the corner of 5-mile and Farmington in Livonia, which happens to be near the location of Churchill High School.
Not sure where you got that address.

Seems like the address is from Texas

http://whois.arin.net/rest/customer/C01622289

Ether 04-04-2011 18:26
Re: Hacked (For real this time)
 
Quote:
Originally Posted by BornaE (Post 1049371)
Not sure where you got that address.

Seems like the address is from Texas
IP : 76.226.163.182
Host : ppp-76-226-163-182.se3.sfldmi.sbcglobal.net


sfldmi = Southfield, Michigan I think.

nighterfighter 04-04-2011 18:58
Re: Hacked (For real this time)
 
Quote:
Originally Posted by Ether (Post 1049384)
IP : 76.226.163.182
Host : ppp-76-226-163-182.se3.sfldmi.sbcglobal.net


sfldmi = Southfield, Michigan I think.
Well I ran it also-
http://whois.arin.net/rest/net/NET-76-226-160-0-1/pft

Got Texas. But just running the IP on Google, I see this-

http://ip-reports.org/76.226.163.0/

Ether 04-04-2011 19:14
Re: Hacked (For real this time)
 
Quote:
Originally Posted by nighterfighter (Post 1049397)
Do a tracert, like Brandon did.

nighterfighter 04-04-2011 19:21
Re: Hacked (For real this time)
 
Quote:
Originally Posted by Ether (Post 1049401)
Do a tracert, like Brandon did.
Ah, I see.

But when I used network-tools.com, I got different results-

http://network-tools.com/default.asp...76.226.163.182

Code:
TraceRoute to 76.226.163.182 [ppp-76-226-163-182.se3.sfldmi.sbcglobal.net]
Hop        (ms)        (ms)        (ms)                IP Address        Host name
1        9        14        9                72.249.128.109        -
2        75        60        80                8.9.232.73        xe-5-3-0.edge3.dallas1.level3.net
3        43        41        40                4.69.145.204        ae-4-90.edge2.dallas3.level3.net
4        17        15        59                12.122.139.194        cr1.dlstx.ip.att.net
5        83        53        39                12.122.212.10        cr1.dlstx.ip.att.net
6        57        62        44                12.122.28.90        cr2.sl9mo.ip.att.net
7        71        72        60                12.122.2.21        cr2.cgcil.ip.att.net
8        103        73        80                12.122.2.21        cr2.cgcil.ip.att.net
9        138        Timed out        Timed out                12.83.61.58        -
10        74        91        66                76.205.15.83        se4-g9-2.sfldmi.sbcglobal.net
11        107        120        105                76.205.15.83        se4-g9-2.sfldmi.sbcglobal.net
12        94        123        106                76.226.163.182        ppp-76-226-163-182.se3.sfldmi.sbcglobal.net

Trace complete
Emphasis mine.

flippy147852 04-04-2011 19:33
Re: Hacked (For real this time)
 
The first couple of hops should be your local ISP, which is why you are getting Dallas in your tracert.

nighterfighter 04-04-2011 19:36
Re: Hacked (For real this time)
 
Quote:
Originally Posted by flippy147852 (Post 1049412)
The first couple of hops should be your local ISP, which is why you are getting Dallas in your tracert.
I live in Georgia, just north of Atlanta. :confused:

Ether 04-04-2011 19:41
Re: Hacked (For real this time)
 
Quote:
Originally Posted by nighterfighter (Post 1049413)
I live in Georgia, just north of Atlanta. :confused:
Go to a command prompt and type

tracert 76.226.163.182

that should start the trace from your location.

Ether 04-04-2011 19:42
Re: Hacked (For real this time)
 
Quote:
Originally Posted by flippy147852 (Post 1049412)
The first couple of hops should be your local ISP, which is why you are getting Dallas in your tracert.
It won't be your local ISP if you do a trace using a web site like he did.



nighterfighter 04-04-2011 20:01
Re: Hacked (For real this time)
 
Yup, it started from my location, but it finished on the same sfldmi name.


All times are GMT -5. The time now is 21:07.
Page 2 of 4 < 1 2 34 >
Show 100 post(s) from this thread on one page

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © Chief Delphi