Had Some Accounts Taken Over Today. Options

[SC10-E]

Basically I bought a $200 lifetime membership with megaupload.com a year or so back. Yesterday evening I started getting these emails saying that the password was changed and that I could approve of it or reverse it by clicking a link.
After a few resets, I thought, this guy must have access to my actual email. SO, I proceeded to change my gmail password. A couple of hours later, I couldn't access my gmail account at all. I sent in the recovery form to google and just got my account back. However, I went to try megaupload and the password had been changed again. When I hit forgot password, the password email was being sent to an email that I don't own. All emails had also been wiped from my gmail account, so no reversal links (my family pics! :'( )

I contacted megaupload and hopefully will have that sorted out soon.

But, I did manage to find a few things before my gmail was completely taken over for a few hours. The IP activity showed 59.161.138.134 accessing my account multiple times, which I used several locators to find out that that IP is from New Delhi, India.Once I got my account back, I also noticed my name on the account had been changed to Sankra Lari or some shit like that. So there is no doubt some stupid dude over there took over... and now I want to basically make his life hell.

I want to know if there is anything I (or you guys if you want ) can do with his external IP (59.161.138.134) to access him and mess with crap. The IP is not appearing to be used by a proxy. I tried FTP'ing the address just for the hell of it. It asked me for a user and pass, in which case I put administartor and it appeared to accept it as it kept asking for a pass afterwards. No matter what I put though, I got error 530 not logged in or something.

So anyway, thanks for reading guys, and I'd appreciate any help I can have on this matter.

Thanks.

[lordvader129]

heres his ISP:

role: TATA Communications
nic-hdl: TC651-AP
address: 6th Floor, LVSB, VSNL
address: Kashinath Dhuru marg, Prabhadevi
address: Dadar(W), Mumbai 400028
phone: +91-22-56633503
fax-no: +91-22-24320132
country: IN
e-mail: ip.admin@vsnl.co.in


contact them and inform them of his actions, which are doubtlessly against their terms of use

if necessary, contact law enforcement in new delhi, but do not try to "get him back" yourself, youll just wind up causing more problems for yourself

[SC10-E]

heres his ISP:

role: TATA Communications
nic-hdl: TC651-AP
address: 6th Floor, LVSB, VSNL
address: Kashinath Dhuru marg, Prabhadevi
address: Dadar(W), Mumbai 400028
phone: +91-22-56633503
fax-no: +91-22-24320132
country: IN
e-mail: ip.admin@vsnl.co.in
contact them and inform them of his actions, which are doubtlessly against their terms of use

if necessary, contact law enforcement in new delhi, but do not try to "get him back" yourself, youll just wind up causing more problems for yourself

When I dial that number, do I just type it in like that? Didn't work on my cell lol

[Alex548]

email them

[xboxbox451]

What you should be asking yourself right now, is; "how the hell did this person get my logon accounts?!"

You either clicked on a phishing e-mail or logon page and sent your logon info to that person who was hosting a phising site, or you have an undetected keylogger trojan on your PC sending out your logon info. Also, do you use the same password for all online accounts? If so, DON'T!

If I were you, I'd zero out my hard drive, re-install my OS. Then change all my online account passwords, with completey random passwords that are different for each account.

I'm sure you don't, but just for good measure DON'T EVER RUN CRACKED PROGRMAS OR KEYGENS on your PC or anything found file sharing! Thats just a guarantee for backdoors, undetecable trojans, keyloggers and a whole host of other hacker installed goodies that turns your PC into swiss chesse.

Forget about the IP, it's probably dynamic anyhow, so some other person might be attached to it now, right now the IP is only good for if you want to contact his ISP and file a complaint. Secure your PC and online accounts, and always verify the logon page you might be accessing is valid and not some phising site, and never logon onto a site from an e-mail or PM link.

[SC10-E]

What you should be asking yourself right now, is; "how the hell did this person get my logon accounts?!"

You either clicked on a phishing e-mail or logon page and sent your logon info to that person who was hosting a phising site, or you have an undetected keylogger trojan on your PC sending out your logon info. Also, do you use the same password for all online accounts? If so, DON'T!

If I were you, I'd zero out my hard drive, re-install my OS. Then change all my online account passwords, with completey random passwords that are different for each account.

I'm sure you don't, but just for good measure DON'T EVER RUN CRACKED PROGRMAS OR KEYGENS on your PC or anything found file sharing! Thats just a guarantee for backdoors, undetecable trojans, keyloggers and a whole host of other hacker installed goodies that turns your PC into swiss chesse.

Forget about the IP, it's probably dynamic anyhow, so some other person might be attached to it now, right now the IP is only good for if you want to contact his ISP and file a complaint. Secure your PC and online accounts, and always verify the logon page you might be accessing is valid and not some phising site, and never logon onto a site from an e-mail or PM link.

Working on all of that thanks man

[xboxbox451]

One other thing. I doubt your system was externally hacked, but to be on the safe side, ensure the following:

If you're using a router, which I hope you are:

1. Reset your router back to the factory defaults, and make sure you're updated to the latest firmware.

1a. Set your routers access page with a strong random password and user name. Use upper and lowercase characters, and characters such as @#^* (if your router allows it). Make the username and passwarod at least 10 characters long each.

2. Check to see if your router has UPnP. If so, and its on by default, turn it off. UPnP allows apps to automatically forwards ports, and I personally don't trust it. If you need a port open, configure it yourself

3. If you use wireless, secure it with WPA2. If your not sure how, google it and read up on your routers manual. If your router does'nt offer WPA2 encryption, ditch it and get one that does.

4. Set your router to drop and ignore ping (ICMP Echo) requests. This way, if some hacker is scanning IP ranges for someone online, your router will ignore their ping request effectively making you steathled.

Operating System

If your using Windows, disable any unused user accounts, and password protect your user account. Make sure Windows is updated to the latest service pack and any other updates avaiable from Microsoft.

My firewall and antivrus of choice for Windows is AntiVir Antivirus and Comodo Firewall, both are free.

If you use Comodo, I personally install with the "firewall only" option, and deselect everything else it wants to install as extra protection. Though, that's up to you.

This post has been edited by xboxbox451: Jul 16 2009, 06:41 AM

[lordvader129]

When I dial that number, do I just type it in like that? Didn't work on my cell lol

011 before the number if calling from the US, but i wouldnt place an international call on a cell phone, especially since its unlikely whoever picks up on the other end will speak english

as alex548 said, email them