[Kajan]

I had someone try to get in mine also. I don't know how to find out who it was. I usually just get out asap. Happened 2 times, late at nite.

[Piscivorous Pike]

Quote:

Originally Posted by redg8r

Thanks for the information, but I don't understand.

Phone numbers?

How does your computer store your phone numbers? are you on dialup?

TU does not collect, nor require a phone number to join.
Our partners at Hagen's require a phone number in exchange for their catalog, other than that we do not collect phone numbers.

If you don't mind, please run the scan again & copy me the information to tu@tackleunderground.com

Thanks again.

I believe the data miner went to the windows registration or dell registration data held in the system files that is necessary to open newly purchased Vista. That is generally how these miners work othewise how else would it detect useable data. As I said I paid little attention to it because my set up blocks this stuff very well, but definately my Virus Program reported that the miner was trying to pull the phone number that just happens to be my residents.

I just completed scans and only three data mining cookies were found; I doubt these were the culprit because the scan runs automatically every night and deletes these things so these three I picked up in the last 24 hours and as I looked into further the attacks do not correlate with any cookies that were detected as spyware.

I checked my "personal firewall" logs and it seems that this IP is hitting me:
157.130.221.26
The holder is
OrgName: MCI Communications Services, Inc. d/b/a Verizon Business OrgName: MCI Communications Services, Inc. d/b/a Verizon Business

So it could be anybody operating on that providers system. It correlates to the times I was on TU but does not correlate to any cookies that were deleted by my Virus Program. So I am not sure what type of attack it is.

It seems to link up to the time I joined, so I think it is the source.

Because it is spyware and showed up each time I opened a TU page I did not use my real Birthday in profile because I thought these attacks were connected to TU as it looked like advertising data mining. But the rest of my data is correct. I almost did not join because of it, I was suspicious and a bit irked. As I said I work for a "governmental employer" and I have taken great care and with court orders sealed all my public records to stay safe; I was not too enthusiastic about the prying. Since it seems we are all victims hear I will do what I can to try to track it down and share it with you all.

I am fairly computer competent and savy and I have this machine tweaked to the point I do not worry about these things and had just been closing the warnig windows and ignoring the fact it was interupting my soft plastic casting education.

If it emerges again I can track it through the virus program logs as it logs virus, spyware, personal data attacks, cookies, trojans...etc.

Folks that got warnings from their virus or spayware programs could probably find the culprit in their program logs. Granted sometimes those logs are not readly accessable to the average computer user.

[redg8r]

Quote:

Originally Posted by Kajan

I had someone try to get in mine also. I don't know how to find out who it was. I usually just get out asap. Happened 2 times, late at nite.

Alright, before it gets misconstrued, please be a little more specific.
Are you claiming that your computer was attacked twice by the TU server? And what do you mean by "I usually just get out asap"?
Do you simply leave the site, or shut down your machine?

I dont mean to come off rude, but I dont take ANY of these issues lightly & would like to investigate them so please be more specific or come with some form of documentation, scan report, log, something.

I'm fully confident that these issues are either false positives from new or upgraded AV software, or simply lack of user understanding of the AV software. Regardless, I would like some information from those of you who are making claims. I can't help without some kind of concrete information.

& before it happens, please do NOT post any scan reports or private information in the forum, send them directly to me: tu@tackleunderground.com

[ROBOT]

i'm a new user and this is my first post. i tried logging in last week and kept on getting referred off to the disney world home page.

two of the other fishing forums i go on have been hacked recently and when i get home i'll be running a full scan of my pc, especially after seeing this thread.

my concern isn't that TU is specifically trying to hack my machine but that a hacker is using TU as a medium to do it.

[Piscivorous Pike]

Got it!
I deleted my Phone Number from the screen shot!!
It says it originates from TU, what is that about?

[redg8r]

Quote:

Originally Posted by Piscivorous Pike

I checked my "personal firewall" logs and it seems that this IP is hitting me:
157.130.221.26
The holder is
OrgName: MCI Communications Services, Inc. d/b/a Verizon Business OrgName: MCI Communications Services, Inc. d/b/a Verizon Business

TU's dedicated IP is: 72.186.65.207

[Kajan]

Mcafee pops up and says it stopped someone from tryin to get into my computer. Don't remember the exacat words. I cut power when it happened.

[redg8r]

Quote:

Originally Posted by Piscivorous Pike

Got it!
I deleted my Phone Number from the screen shot!!
It says it originates from TU, what is that about?

Thanks, that would be a false positive by your AV software.
It's flagging our in-house advertising system.

I understand this false positive, because our ad system software is very popular & has the ability to serve ads from other ad agencies like "Commission junction" or "tribal fusion", etc. These types of ad agencies are known to serve ads that come from advertisers with questionable code attached.

We do NOT use affiliate programs in our ad server, the banners you see on this site are sold directly by us & we control the integrity of the link code, AKA "In-house" ads.
However your AV software recognizes our software & flags it (even though we use it properly)

Your best solution is to either block (which we dont recommend, our advertisers help pay the bills) or whitelist TU in your AV software.
We fully control our ads & dont allow any shady advertising, including pop-ups, pop-unders, or affiliate programs in the ad server.

Thanks for the info.

[Piscivorous Pike]

Quote:

Originally Posted by redg8r

TU's dedicated IP is: ...

Yes, and as you can see by the warning I just got what ever tried to access my phone number from System registration files came in on the TU connection as I opened the page. Clearly that is a TU address of appears to be one.

That is not to say TU has anything to do with it. It is made to look like that is all. Do you think there is a 'bot on a server? Maybe your provider or webmaster can look closely at those addresses and figure what is happening.

I really like this forum but this goes in spurts that everytime I open a page I get a warning about something trying to export data from system files.

Got it I see your reply, we posted over each other!

[redg8r]

Quote:

Originally Posted by Kajan

Mcafee pops up and says it stopped someone from tryin to get into my computer. Don't remember the exacat words. I cut power when it happened.

Were you on TU at the time, or just sharing that you have been a victim of a possible hacking attempt?