Hacking into EMAIL ACCOUNTS question

I must say, except for the three buttholes who gave me -1 hits, everyone on this forum is so nice. Its very refreshing coming herre. I can't thank you all enough for making this a fun place to be!!

I just wanted to say that.

I belong to another forum to promote my website. You pay a subscription there and you get to have an avatar that you can make where you promote whatever you want.

Well, it is FILLED with the most immature, vial, unbelievable A**HOLES you've ever seen. I posted a few times and before I knew it, they'd gone to my website, got pictures of my wife and I, and photo shopped them. I am a recovering alcoholic, which I both write about and speak about on my show so that it will hopefully help someone, and of course they went crazy with that information as well. All of that I don't mind at all. I have thick skin. I've been in radio for a long time, so someone being insulting is nothing. Here's a lil bit of their artwork:





So after that I kept posting, but when you're new in their World, they hate that. After a few days, someone broke into my wife's email and used that to get her godaddy domain. They closed the fu**ing account.

We got it back up after spending hours. Then a week later it happened again. My wife owns and operates a business and her site has been down for a total of about five days, PLUS she lost 500 emails in her account of customers, because these pricks erased her emails.

I have some questions, and any answers or help would be MORE than appreciated:

1) She wants to have a YAHOO GROUP on her email, somewhere she can get people to sign up so she can send out mass emails to customers. Is this possible. OUR SOFTWARE doesn't do it, so we had to rerly on Yahoo for that. Any suggestions?

2) How easy is it for someone to bust into email?

3) Is there a way to prosecute?

4) Security: What's the best way to be absolutely secure??

Thanks everyone.

 

If you know their name, where they are and have proof they actually did it then you can prosecute easily. The proof will be the hard part.

If you don't know where they are or their name, contact the forum operator.

 

That's possible. However, since its a business I recommend that you look at other means, as it will look more professional. Try getting users to register on your website and look up (Google) methods of mass mailing techniques that you could use. It should be fairly easy if you have a database of emails. Make sure you secure your database though!

It depends entirely on the email security system and what information the user has. If the email system is secure and your personal security isn't compromised, then it is difficult. If the user knows personal information that relates to your password or 'secret question', then I suggest changing it. Make sure you have a strong password (many characters and many types of characters; Google it if you are unsure) and an answer to a secret question that no one will know. If your computer's security is compromised, then it is very easy for a user to get passwords. Make sure your computer is secure! If you take strong security protocols, then assuming the email system is safe, you should be OK. Make sure your website's database is secure, however, as they can gain information from that.

Probably, if you get enough information about the troublemakers. Try getting their IP addresses and the time stamps of these IP addresses (the date they were recorded). If you have both of these, then it is possible to track down the people through their ISP (internet service provider). If you manage to get their IPs, if they are consistent, and you think it might be them, try contacting their ISP (do an IP search for this; Google it). I doubt the FBI will care because they only care about more serious issues. If they are smart at all, however, they'll be behind proxies (a third-party IP), so you might not be able to track them down.

Its impossible to be absolutely secure, but you can definitely improve security. Make sure the email system you are using is secure (ex. Gmail or Yahoo), make sure your computer system or server's security isn't compromised, make sure your passwords and 'secret answers' are strong (change them since they probably know it!), and make sure database is secure if your website has one. If you store user information on a database, it is possible that they used an injection technique (ex. SQL injection) to get personal data (if you don't know what this is, Google it! There will be tutorials on how to prevent common exploits).

If all else fails, and you are still in trouble, and you are serious about your business, try hiring a reliable security group to secure everything, or a GOOD programmer, who knows about security, to program for you!

If you need any information or something wasn't clear, let me know! I quickly wrote this.

 

Just gimme the forum name and the usernames of the perps. If there's one person who can out-douchebag a douchebag, it's probably me.

 

I'm assuming its this one http://www.kramersforum.com/

EDIT: Never mind, he said another forum.

 

After reading a bit more, I think you should report it to the forum's admin(s), and change your passwords and 'secret questions'.

If the problem persists, it could be a more serious security exploit. Make another post if there are still security issues after you change your passwords and 'secret questions' to stronger ones. There's no use going into more serious security issues if its merely an easy password or 'secret question'.

 

You probably will want to use a different email address for the one you have on file at Go Daddy than the one for your domain contacts. Guy probably figured out what email address to check when retrieving your customer number and password reset through a Whois. That way that email can remain private and they wouldn't think to hack it.

Beware Go Daddy automatically puts the information on file for your domain contacts. So each time you purchase a new domain you'll want to make sure you change the email address that automatically populates.

 

No, my people - the few I have - are awesome. Its not mine.

 

Even their MODS hop in on the bashing, so I doubt contacting anyone there that has some power would do anything. Its the damndest thing I've ever seen.

 

What's the name of the forum?

 

VERY helpful - you didn't have to devote so much time to this man, but I appreciate it very very much.

The email addy was the one she had on her site (THAT I DO) for her Yahoo group. My wife asid something about reading online that there are programs out there that just sit and do millions of different word combos for passwords. Is that true?

At any rate, I hope my puter is protected enough. We use AVG and Spybot. Any other reccomendations?

I hate 17 year old hacking asses. This has been such a pain!

 

I use AVG, Ad-Aware (anti-spyware), and CCleaner.

 

Good post.

It sounds like Off Topic or Something Awful.

I'm not trying to blame the OP but a lot of forums are notorious for this type of behaviour so you need to make sure you have a good understanding of the culture of the forum before you start posting there.

I would add that you should get some software to manage your passwords and change the passwords often. I'm not sure what methods besides brute force are used to break into some of the big web mail services because I've never tried or looked into it because it's illegal, but I would assume brute force. If your wife uses real words that are short and she doesn't change them much, then that strengthens the assumption that it was a brute force password attack. And those types are pretty easy to thwart with a good password program and some diligence.

 

If you share a password, make them both different and make them both strong.

Yes, such programs exist, and this method is called brute forcing. However!, if your email login system has even basic security, this should be prevented. Most login systems lock an account for awhile after a certain amount of failed password attempts, thus preventing this method. If you programmed your own login system, make sure it has this feature! If you are using a popular login system (such as Gmail, Yahoo, or any major forum software), then this should already be enacted. Test it out to make sure! Also, if this occured on your own forum, make sure you update to prevent upcoming security exploits. You should also make sure you have strong 'secret questions'. Many email accounts have secret questions that are used if you forget your password, and they reset the password. Make sure this is strong as well as your password!

That should be good, I would only worry about it if you tried all other methods and the problem persisted. Just don't download any suspicious or untrusted software. While they can't protect you from everything (no software can!), the programs that you use are good. I doubt that your computer is compromised! It was probably a weak password or secret question. Change them and make them strong (hard to break) and, like I said, if you programmed your own email login system, make sure you have the previously mentioned security feature.

 

Heheh, thanks

While I agree that he should understand the culture of the forum first, I wouldn't be too quick to point fingers! I've never been to a forum without these types of people (although the community on DP seems really good).

That is an extreme measure, and I bet a single strong password could solve the issue.

Brute forcing is difficult (from what I know) with big email services because they have security protocols to prevent it. Most of them lock an account after a few failed attempts. This is assuming that the OP is only using big mail services, however. If he made his own login system, he'll have to implement this security feature himself.

The methods of getting passwords are nearly endless, but as I said, I bet its just a weak password or secret question.

 

You're right brute forcing will probably be near impossible. They could of also sent the person a trojan that contained a sniffer depending on how trusting or uninformed the person is about internet security. The OP should make sure they have a software firewall that let's you choose which programs can connect to the internet, like ZoneAlarm, and don't let anything connect that doesn't absolutely need to and that you're not sure about.
I personally also keep a fresh and clean install of my OS with most of my favorite programs already installed cloned to a backup drive so if I ever feel compromised I can just copy the fresh cloned install to my C: drive and have a new system within like 10 or 15 minutes. But of course I'll be tweaking it daily for a week to get it to where I want it.

 

Wow, that forum must have many genius who know how to hack into other's e-mail account. Mind telling us which forum is it?

 

Heheh, such a task doesn't require a genius!

 

Heheh, maybe I am not very IT savvy which was why I think it was quite a difficult task.