Sponsored by..

Monday 20 December 2010

Gawker related attack from 174.132.178.37

The recent Gawker media hack is probably related to a spate of malicious activity from 174.132.178.37, trying to log into forums, according to a couple of different reports on the web -  [1] [2] -  and my own experience of someone trying to get into a forum, presumably with Gawker harvested credentials. The purpose is unknown, but the person behind it may well be trying to use established accounts to spam forums.

Here is a sample email that you might get:

Dear ----------,

Your account on ---------- has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 174.132.178.37

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
http://forums.----------.com/login.php?do=lostpw

I advise you to contact the web host responsible at abuse -at- theplanet.com with a copy of any evidence. Incidentally, the listed owner of that IP address (although remember that it may have hack) is:

network:Class-Name:network
network:ID:NETBLK-THEPLANET-BLK-15
network:Auth-Area:174.132.0.0/15
network:Network-Name:TPIS-BLK-174-132-178-0
network:IP-Network:174.132.178.32/28
network:IP-Network-Block:174.132.178.32 - 174.132.178.47
network:Organization-Name:Michael Strouse
network:Organization-City:winter springs
network:Organization-State:FL
network:Organization-Zip:32708
network:Organization-Country:USA
network:Description-Usage:customer
network:Server-Pri:ns1.theplanet.com
network:Server-Sec:ns2.theplanet.com
network:Tech-Contact;I:

If this has happened to you, why not post a comment below so that ThePlanet.com can see what it going on.

6 comments:

Judy Clarence said...

Thanks. That's exactly the message I got a few minutes ago. I googled the IP and found your site.

Unknown said...

Exact same thing just happened to me.
Exact same message, exact same ip address. The site was that they were trying to log into my account was www.my330i.com. It's an account that I haven't looked at since I got rid of my 330i over 5 years ago. >: -(

Hate hackers.

Unknown said...

This just happened to me and I got the details of their isp like you did. Exactly how common is this?

Chris said...

Yep, same thing is happening on a forum I visit. Someone posted about login multiple login attempts from that same IP. Just do a google for "174.132.178.37" and you'll see a ton of other forums with users posting the same message.

Unknown said...

This IP is seen going to my blog. However I have a very strong password... I see the same IP repeatedly... So far I haven't seen any emails.. so I assume this hacker has not managed to hack the blog yet.... I googled it and found this site.
Thanks.

Unknown said...

Got this message about 2 months ago......