Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Advice about IP's please


  • Please log in to reply

#1
vicmcr2003

vicmcr2003

    New Member

  • Member
  • Pip
  • 2 posts
Hi, i am new to the forum, but i have a friend who runs a forum and they are experiencing issues with an ex-member. Said member has apparently re-registered a few weeks ago, with an alias name and personal information. Without boring you with the ins and outs of what's gone on, basically that person is denying it's them.

The main evidence my friend has found to prove it's this person is:

The IP they are using is the same as the old (now disabled) account.
The email header that came up when the person emailed from their old account and now the new fake account, matches.
The location of the 2 users on that IP is the same place - Southend-on-sea
The person is on a secured network with Telewest, so for someone to hack into the router to do this they would have to have the wep key.

But this person is saying it isn't them and that they think their IP has been hacked (their words).

Their IP is not a proxy or dynamic IP (sorry i don't know much about this personally), so my friend can't see how that persons IP could have been duplicated.

Basically, all the evidence points to them lying, but it's caused a bit of friction on the forum and people are worrying about the security of their information and things they post on there. So i thought i would ask if anyone could provide me with any information on this matter, in particular, if there is any way the person could have been hacked and how?

Thanks alot in advance :)

Vic

Edited by vicmcr2003, 09 January 2010 - 03:35 PM.

  • 0

Advertisements


#2
Neil Jones

Neil Jones

    Member 5k

  • Member
  • PipPipPipPipPipPipPipPip
  • 8,476 posts
The IP address doesn't prove anything. Most people are on dynamic IP addresses and it's perfectly possible that the previous person logged off or had the connection dropped, somebody else was assigned it and went on the forum. More also, pretty much all houses have multiple computers that go through a router so one IP address could come back to three, four or possibly five computers in one household.

To me it sounds you have a troll on your hands. A troll is defined as an individual who sets out to upset other people, both on and off the board. They are effectively attention seeking individuals who may initially have an interest in the subject matter of the board but they don't keep this pretence up very long. The old saying goes, please don't feed the trolls. You'll generally find that if you just ignore them they'll go away on their own. By constantly pandering to their "complaints" you are feeding them. Trolls can be easily spotted by view of the fact that if you ban them they suddenly appear again under a new alias. A genuine user (normally) wouldn't register again, they'd contact the forum owner first.
  • 0

#3
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP

The IP address doesn't prove anything. Most people are on dynamic IP addresses and it's perfectly possible that the previous person logged off or had the connection dropped, somebody else was assigned it and went on the forum. More also, pretty much all houses have multiple computers that go through a router so one IP address could come back to three, four or possibly five computers in one household.

while i concur that IF the only evidence were that the IP was the same that it COULD be that the "new person" just happens to have the same IP because of DHCP renewals...HOWEVER when you take into account other variables, it gets more fishy.

i would imagine that your friend is running a pretty small forum that's for a specific purpose (group of friends, WOW clan, whatever)...the likely hood of two people getting the same ip on the given network AND both wanting to be members at a small user forum is relatively low. which increases the probability that you've got the same guy on your hand

the email headers issue isn't described in enough detail to make a proper judgement. if it's ISP mail, then the headers are going to look the same as it's generated by the same server, same with public email (like hotmail etc...)...though with hotmail/gmail/yahoo there are multiple server IPs that the mail COULD come from (though it's not guaranteed that the mail would come from a different server)

The person is on a secured network with Telewest, so for someone to hack into the router to do this they would have to have the wep key.

more info on that would help know if that's relevant or not
  • 0

#4
Neil Jones

Neil Jones

    Member 5k

  • Member
  • PipPipPipPipPipPipPipPip
  • 8,476 posts

The person is on a secured network with Telewest, so for someone to hack into the router to do this they would have to have the wep key.

more info on that would help know if that's relevant or not


Telewest is a DSL/cable connection, also known under other aliases as Blueyonder and currently Virgin Media, in the UK. Boxes come in different types from ones that simply provide internet access or others that act as on-demand recorders, and some just are effectively set-top boxes - all dependent on what packages you subscribe to.

I still think it's a troll though.
  • 0

#5
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
i'm not going to disagree with that...one way or another it's someone you don't want arround

and i know telewest is a dsl provider...i was questioning the "secured network" portion
  • 0

#6
vicmcr2003

vicmcr2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I'll give you all the details if that helps, and then i'd appreciate your opinion on what you all think?

It's a Mum's only forum, there are approximately 100 active users, and about 30-50 who come on intermittently.

One member decided to leave the forum on 16th Nov (for example purposes i'll call her Jane)

17th Nov a new user (i'll call her Sam for example purposes) registered, she was emailed the standard introductory email, asking her to give more info about herself i.e. are they ttc, have kids etc, are they on FB. There was no response.

25th Nov "Sam" created a facebook account, and she then replied on 12th December to the original email sent out on the 17th Novemeber to say who she was, how she found the forum and that she has a FB account.

New user seemed genuine, so was activated around 12th December.

Last week one of the moderators felt the new user was acting strangely (she was claiming to be a health professional, but her writing style seemed similar to the user who left in November and there were alot of similarities between the 2).

The moderators compared the IP's of the 2 users and found they matched.
Then another user found that the password to the "Sam's" email account matched the childrens names of "Jane" (old users) account.
In that email account, the person has forwarded the activation email they received to their own personal email account - which is the email account of the old user (Jane)

Jane is still on the original IP as she has tried logging onto the forum since last week and you can see her IP coming up.


The issue the forum moderators has is, why would "Sam" set "Jane" up?
Why would "Sam" forward the activation email to "Jane's" email account?
Why would "Jane" not contacte the forum to say that "Sam" has used her email account to set up an account on the forum (she would have seen the forwarded email surely), but "Jane" is saying the email went into her junk email so she didn't see it until last week - convenient!

"Jane" has said that apparently "Sam" has emailed her since all this came to light(she is trying to make out like it's not herself who's done this).

So in addition to this, if this "Sam" is real, then they know "Jane's" email address, her home address, ip address, children's names amongst other trivial information. Yet "Jane" has not contacted the police, and refuses to forward the apparent email she received last week from "Sam" to prove her innocence.

Well done if you managed to read to the end, i'm sorry if it's confusing to read.

As you can see, it is a trivial issue on the surface, however, the problem the forum has is that "Jane" was a well known member. This forum isn't like alot of others where they get lots of new accounts registering - everyone on the forum knows atleast one other person personally. The users have regular meet-up's - so it's not just a chat room where you could think you're speaking to a 32 year old Mum of 2 when really you're speaking to a 50 year old man called Max if you get what i mean?
Added to that, the fact that many of the members are ladies who are trying to conceive, so they come on for advice from friends and professionals. Now this fake user "Sam" pretended to be pregnant with twins, said she had fertility issues, and all the other users genuinely believed her and sent her well wishes etc. So as you can see, the reason it's upset people is because it's more personal than other forum arguments.

Thanks to anyone who can shed some light, we're basically just trying to see if there's any way the user could be telling the truth and what the odds of that are.

Edited by vicmcr2003, 13 January 2010 - 07:44 AM.

  • 0

#7
Spyderturbo007

Spyderturbo007

    Member

  • Member
  • PipPipPip
  • 760 posts
Sounds like "Jane" is bored and wants to stir the pot. I would be breaking out the ban hammer and then add her email to the ban list. There is almost no chance that two users, on such a small forum would have the same IP address. Add that to them using the same email account and forum password and I would bet $50 it's the same person.

Forum Administration is fun, isn't it. :)

Edited by Spyderturbo007, 13 January 2010 - 07:40 AM.

  • 0

#8
Neil Jones

Neil Jones

    Member 5k

  • Member
  • PipPipPipPipPipPipPipPip
  • 8,476 posts
Classic troll activity.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP