View Full Version : Hey admin's/mod's

07-19-2015, 12:24 PM
Hey admin's/mod's!

Sorry haven't been here in years, no BMW in the current fleet. Thought I'd let you know (you may already know) but your getting hit by a bot trying to log in, block IP which is notorious for this around the web and it should help you from getting hacked and help your load times if they are hitting hard. Got the email from your server saying login was blocked and figured I'd pass it along.

Dear AllGo'n'Show,

Someone has tried to log into your account on BimmerNut.com Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address:

All the best,
BimmerNut.com Forums

Delete when you read this :) Good luck and thanks for staying around!

07-22-2015, 05:11 AM
Just google with that IP and you find a lot anonymous-ip-database

IP Check: Country: United States
We found 2454 matches for IP Addresses ''

07-22-2015, 10:00 AM
Just google with that IP and you find a lot anonymous-ip-database

IP Check: Country: United States
We found 2454 matches for IP Addresses ''

Hi Shogun :) Yes lots of web results, lots of forum hits from that IP, that's all I'm saying if you block it at a server level, no issues for you guys from that IP.

Have a good week!

632 Regal
07-22-2015, 01:01 PM
Can only ban users, not IP addys from my end. I will PM Ed and let him know about this.

bimmer nut
07-22-2015, 02:59 PM
I just blacklisted that whole IP range at the server level.

All servers on the internet get attacked all the time. Here they are actually attacking the application though. I see these too. When I see that the IP is China or Russia, I always ban the IP range. But not usually from the USA. In this case I did anyway. Sorry about the issues, it's Al Gore's fault. lol

07-22-2015, 05:10 PM
Also got a similar message from Micah O'C some weeks ago on same subject, seems they try all user names:

Hi Shogun - I thought it noteworthy -
I got notification that someone was trying to get into my bimmernut.com account from the IP address at some time on Sunday evening.
So do not use the easiest passwords.

15 Tips To Better Password Security
Protect your information by creating a secure password that makes sense to you, but not to others.

Most people don’t realize there are a number of common techniques used to crack passwords and plenty more ways we make our accounts vulnerable due to simple and widely used passwords.

How to get hacked

Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.

Cracking security questions: Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research. When you click the “forgot password” link within a webmail service or other site, you’re asked to answer a question or series of questions. The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo account was hacked.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.

How to make them secure
1.Make sure you use different passwords for each of your accounts.
2.Be sure no one watches when you enter your password.
3.Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
4.Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
5.Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
6.Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
7.Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
8.Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
9.Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.

11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy.

12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”

13. It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.

14. You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

15. Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. https://blogs.mcafee.com/consumer/15-tips-to-better-password-security

07-22-2015, 07:01 PM
Wow glad to see everyone is still around :) I have some good old Russians pounding my server too, oh the funs of the modern world... Glad I could pass it along to everyone.

07-30-2015, 10:15 PM
same here. Haven't logged in for a while, but 2 times in the past two weeks, get an email about failed login attempts. Here's the ip for the most recent:


08-08-2015, 05:22 PM
According to IP data search it would be - if not fake -
IP address is
City: Montreal
Country: Canada
Continent: North America