IP address of intruder

I know nothing of this, but it sounds suspicious, and whenever I have suspicions about computer security I seek advice from my local computer guru, who sorts out all my computer problems for me. I recommend you do the same (if you havent got a local guru, I can put you in touch with mine). I would not reply to the address, it sounds only too likely to open you up to a virus attack.

If the intruder is trying but failing to log on to your account, seems like you don't have much to worry about. If your security measures (running scans with Norton etc) show nothing untoward, you could change to a new password to be safer.

Russ

I used to get messages like this purporting to come from PayPal. It sometimes added that the IP address was in India or Romania (I assumed to raise suspicions). I just deleted them (actually I think I might have forwarded some, with headers, to paypal as possible abuse). The risk is probably if you try to do anything …

I think if you PM Marco at AOS he might be able to help. I had something like that a week or so back, and have not yet PMd Marco. I would say however that doing nothing, or very little, might be the best option.

There are possibly ways of finding out "who" has been trying to get into your accound based on your IP address (e.g whois) but nowadays so many attackers masquerade as others that that's not necessarily going to give you the right answer. Anyway, even if you did find out, what could you usefully do about it?

I would suggest that you disconnect your machine from the external world for a while, and run a virus scan. Then reconnect, and update your virus scanner, and virus databases, then disconnect again and repeat the scan.

Hopefully you'll either find nothing, or else just a few problems which your security software can deal with and eradicate.

After that you could try going back online again.

There are just so many ways that trying to follow up this kind of problem can actually help the attackers, so the overall advice given here which is to cautiously ignore this may be the best thing to do.

Certainly do not open up any recent emails (with attachments?) from people/organisations which you don't recognise. Some mail systems have a stupid action which is to automatically open up some new email - for example if it just happens to be the most recent email. Trying to be helpful .... huh .... but actually increases the risk that something bad will get into your system. That might save you one or two seconds on occasions, but give you hours or even days of pain if something unwanted gets in.

If you have any control over your email, turn off anything which would open an email automatically.

Also, continue to be suspicious.

I think we might be alarming the OP unnecessarily (although the advice re viruses etc is sound). If the email came from AOS then all that it means is that someone sitting at their computer and with the IP address that AOS gave you has tried to log into your account. Nothing at all to do with a virus on your system. We all (unless we are sneaky) reveal our IP address whenever we do anything on the web and that is all that this letter is saying.

You can go into whois or other sites and enter the IP address perfectly safely but the chances are that it won't get you much further because it will probably point to a block of IP addresses owned by whichever ISP this person uses to access the internet.

If you wanted to check that the email came from AOS then look in your mail program to see the option View Long Header or some such (All Headers maybe) then cut and paste it into a reply here (remove your own email address first) and then we can advise. Or as Dave2002 suggests contact Marco.

What I think you are trying to say is that somebody might have accidentally used the OP's name on AOS, and tried to log in. That is (arguably) the least threatening scenario, and perfectly possible. That could arise by confusion re the login name, and then repeated attempts with their own password, which would fail each time. There is still the possibility though of a deliberate attack, either on individual account holders, or indeed on the whole of (in this case) the AOS system.

I once worked in a place which was attacked - clearly deliberately - and in fact the attacker(s) "simply" obtained a list of user names and then did a brute force attack on each user account using a dictionary of what they presumably had identied as common names. I can't remember the details now, but mine might have been one way the attackers got into the system. I think they also managed to get the password file, which in itself doesn't matter too much as it would have been encrypted, but that then enabled them to do a brute force attack on individual users - at least they didn't have to worry about finding out the user names. I believe five specific users were hacked on that occasion. The pont is that often hackers have no interest in any one particular user - though sometimes of course they do - and just rely on this approach to get in. Somebody is bound to have one of the passwords "Rover", "Lolita" or "Marilyn", for example It only takes one or two users who don't realise that using their wife, husband, boyfriend, girlfriend's name as a password to permit the whole system to be blown wide open.

Nowadays hackers will do a lot of the hard work "off line" so as to avoid detection, and do the brute force name search until matches are found in the encrypted password file, though that still requires an initial access to "steal" the password file, which can sometimes be done because of known exploits for each system.

In the case of AOS though, it does seem rather unlikely that any hacker would bother, as all anyone has to do to access AOS is to go on the site and register, and the registration is not controlled to any significant extent. If they wanted to hack the site they could simply hack it from their own account, or a spoof user id, if they know enough about exploits in the underlying software system.

Many thanks for the replies. I deleted the original message and ran Malwarebytes which picked up a couple of threats but whether connected or not I know not.

Gmail has superb spam filtering. That's why I use it for my personal email. I'd recommend it. You can use it with existing email accounts.

There's little you can do to track down the IP address except try here https://www.whois.net/. It's likely that a computer program set up by some spotty spammer is trying to guess your password and will be attempting to login to your account n times a second using a dictionary password generator.

Use a random password generator to set a new password - here's a good place to generate them. https://www.random.org/passwords/. 12 character random passwords are STRONG and would take a lot of cracking.

You can store passwords in a secure application like http://keepass.info/ on your local PC. This is a security accredited application that I use as a password vault at work.

If you use gmail, paypal or facebook then set up 2 step authentication. This means that to login you enter your password then an SMS is sent to your registered mobile, you enter the 6 digit code sent in the SMS and the authentication process is completed. I'd suggest it's essential for paypal users and a very good idea for gmail or the like.