General > General Technical Chat
FYI... Getting emails: "Failed Login Attempt" for EEVblog
<< < (4/4)
Ian.M:

--- Quote from: boB on June 09, 2022, 01:59:37 am ---Yep, those names do look bogus, don't they ?  Not sure why.

--- End quote ---
Too many look like 'alphabet soup', as one would expect of a spambot using character level random name generation.  I checked several of the more human sounding ones.

Gorillaservers are in the dedicated server business, and as of 2021, was/is the EEVBLOG datacenter provider (Ref: https://www.eevblog.com/forum/chat/the-big-eevblog-server-fire/ ), so the IP address you tracerted is almost certainly one of the genuine EEVblog servers.  However that doesn't tell you much as email is routed via a series of 'hops' any one of which could theoretically inject fake headers and content, so without access to the server logs, or other known genuine emails from the same source (hint: turn on some notifications) you have to trace back up the chain of Received: headers checking each is valid for the organization it purports to be a mail server of, rather than being some random user-land IP pool address with a box pwned by a botnet on it.  If you've got known good headers to compare to, look closely at the differences in the Received: headers chain.

See https://alyninc.com/2018/11/10/email-headers-what-can-they-tell-the-forensic-investigator/ for a quick intro to the details.

*DONT* post more of the headers publicly here as having genuine headers to spoof would significantly help any intelligent 'black hat' spear phishing EEVblog members in your region, and can give away far too many clues to your real identity.
Halcyon:
I searched for some of those users and they appear in the banned/blocked list. Mostly because they registered an account but they got blocked by the spam trap.

When spammers can't successfully register, they might try to access the accounts of legitimate users.

My advice is:
1. Use a good password not used anywhere else (and one that hasn't previously been involved in a data leak, check here: https://haveibeenpwned.com/Passwords)
2. Enable multi-factor authentication on your forum account (Profile > Summary > Modify Profile > Two-Step Authentication).
boB:

--- Quote from: Halcyon on June 09, 2022, 07:47:16 am ---I searched for some of those users and they appear in the banned/blocked list. Mostly because they registered an account but they got blocked by the spam trap.


--- End quote ---

Yes !   That makes total sense !

I see the same kind of random-ish names on my company's web forum that I have banned.

Thank you

boB  🌜
Navigation
Message Index
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod