Security breach at MediaPortal Forum? (1 Viewer)

Status
Not open for further replies.
M

MartinSmith

Guest
Today, while responding to a fellow MediaPortal Forum members reply to one of my current Threads in this forum, my monitor flickered a few times, something its never done while at this forum. After checking my Event Log, Event Viewer, under the Security category, I discovered that the following PCs were attempting to "breach" the security of MY PC . . .

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:38:20 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Leonardo
Domain: LEONARDO-FMC967
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: LEONARDO-FMC967

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:40:35 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Hedwig
Domain: 19HK54
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: 19HK54

For more information, see Help and Support Center

at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:40:59 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: User-1
Domain: AELITA
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: AELITA

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:41:31 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Hubbe
Domain: ARSLEBANG
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: ARSLEBANG

For more information, see Help and Support

Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:42:32 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: HNYLAVSVSQ01X
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: HNYLAVSVSQ01X

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:45:28 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Owner
Domain: S0028862081
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: S0028862081

For more information, see Help and Support

Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:45:35 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: moi
Domain: PCTEK
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: PCTEK

For more information, see Help and Support Center

at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:45:38 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password

Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: JHS-O04SIHPBC2A

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:46:09 PM
User: NT AUTHORITY\SYSTEM
Computer: BMANGMAN-AC9EBD
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: pc
Domain: PC-1SGHM6UIV9UC
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: PC-1SGHM6UIV9UC

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:46:53 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Stefan
Domain: SN263000360127
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SN263000360127

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:46:55 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Uğur
Domain: U-ZRPRUQJ95EW9L
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: U-ZRPRUQJ95EW9L

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:48:21 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Irena
Domain: DOM-9B4DE86DE0F
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: DOM-9B4DE86DE0F

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:49:43 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: ANTHONY
Domain: UTILISAT-5NPECQ
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: UTILISAT-5NPECQ

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:50:31 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: s
Domain: D-0Z9H3X12U0H6W
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: D-0Z9H3X12U0H6W

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:50:41 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Gośka
Domain: GOSIK
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: GOSIK

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

===

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/1/2007
Time: 1:51:27 PM
User: NT AUTHORITY\SYSTEM
Computer: MY PC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: UNLIMITED
Domain: UNLIMITE-QQ5IRD
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: UNLIMITE-QQ5IRD

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

===

Prior to posting, I conducted an Advanced Search for each User Name noted above and the MediaPortal Forum results were always the same . . .

The following errors occurred with your search:

1. Please specify some words or valid user names to search on. There were no matches for those that you specified.

Listed alphabetically, :mad: these MediaPortal Forum member PCs include:


User Name: Administrator
Domain: HNYLAVSVSQ01X

User Name: ANTHONY
Domain: UTILISAT-5NPECQ

User Name: Gośka
Domain: GOSIK

User Name: Hedwig
Domain: 19HK54

User Name: Hubbe
Domain: ARSLEBANG

User Name: Irena
Domain: DOM-9B4DE86DE0F

User Name: JHS
Domain: JHS-O04SIHPBC2A

User Name: Leonardo
Domain: LEONARDO-FMC967

User Name: moi
Domain: PCTEK

User Name: Owner
Domain: S0028862081

User Name: pc
Domain: PC-1SGHM6UIV9UC

User Name: s
Domain: D-0Z9H3X12U0H6W

User Name: Stefan
Domain: SN263000360127

User Name: Uğur
Domain: U-ZRPRUQJ95EW9L

User Name: UNLIMITED
Domain: UNLIMITE-QQ5IRD

User Name: User-1
Domain: AELITA

I understand that a User Name associated with a PC does NOT have to correspond with the MediaPortal Forum User Name or ID, but I want to know what the hell is going on here and because Windows XP NT LM Security Support Provider service is clearly WARNING me about these MediaPortal Forum USERS.

Anyone else experiencing same or similar security "breach" attempts in this forum???

Martin
 
K

kiesow

Portal Pro
March 19, 2007
567
11
Home Country
Germany Germany
I'm quite sure that has to do nothing with this forum. Looks like a normal windows hacking attemp with usual usernames.
 
M

MartinSmith

Guest
Thanks for your reply, kiewow.

After posting, and a little more thought, I am wondering if any of these (supposed) users are simply forum members who are tracking my thread?

I do not have any knowledge how this is accomplished, but it may have something to do with it.

Any other thoughts, kiesow?

Also, you said ". . . with usual usernames." Is there a website or database that lists these "usual usernames" because I have a few more and would like to compare them to this list (if it exists).

Thanks again!

Martin
 
K

kiesow

Portal Pro
March 19, 2007
567
11
Home Country
Germany Germany
I don't know a website with usual usernames, but there are some usernames which are used by a lot of people if they install windows. admin, user, own, boss, me, administrator, user-1, user1, computer, ...
And there are also in every country names which are more common than others. Lot of people use their first name as their username.
So if you try to hack a computer it's more likely to be successfull if you keep these things in mind and use them.

By tracking your thread no normal user of this forum can track down your computer and try to hack. It would be possible in series like 24 or maybe CSI but not in the reality :)
 
high

high

Administrator
  • Team MediaPortal
    • August 31, 2004
    5,109
    5,503
    47
    Isselburg/NRW
    Home Country
    Germany Germany
    You (your IP) are/were a 'victim' of a simple break-in-attempt (mostly scripts that just scan wide IP-Ranges) with common worldwide usernames. This is not related to our forum in any way.

    As long as you dont use common usernames with easy passwords like Administrator/12345 just forget about it. If so change your password NOW ;)
     
    infinite.loop

    infinite.loop

    Retired Team Member
  • Premium Supporter
    • December 26, 2004
    16,163
    4,133
    127.0.0.1
    Home Country
    Austria Austria
    damn, you blown our cover....

    MediaPortal is just a hacker application camouflaged as HTPC software.

    lets run guys, run!!!
     
    A

    andreavb

    Portal Pro
    December 26, 2006
    140
    4
    49
    Home Country
    Italy Italy
    did you see someone knocking at your monitor asking you to follow the white rabbit?
     
    M

    MartinSmith

    Guest
    Thanks for another reply, kiesow.

    > By tracking your thread no normal user of this forum can track down your computer and try to hack.

    Hacking is always a concern. However, when I suggested that it may be forum members who are tracking my thread because this is an "option" at this forum.

    Further researching this potential problem, I found that when I open a new thread, or go back to edit a new thread after several hours, often prior to others viewing it, I found that there were NO Security Warnings listed in Event Log's viewer. To me, a rather simple-minded foolish engineer, this supports my thought regarding forum members tracking my thread.

    Notwithstanding others who elect to ridicule or comment foolishly, I am disappointed to find an Administrator, Chris, prefers to ridicule instead of comment responsibly.

    Thanks again, kiesow!

    Martin
     
    Z

    zion22

    Portal Pro
    April 6, 2006
    157
    2
    50
    Home Country
    Sweden Sweden
    Install a firewall maybe? o_O
     
    Status
    Not open for further replies.

    Users who are viewing this thread

    Online now: 2 (members: 0, guests: 2)

    About The Project

    The vision of the MediaPortal project is to create a free open source media centre application, which supports all advanced media centre functions, and is accessible to all Windows users.

    In reaching this goal we are working every day to make sure our software is one of the best.

             

    Quick Navigation

    Support MediaPortal!

    The team works very hard to make sure the community is running the best HTPC-software. We give away MediaPortal for free but hosting and software is not for us.

    Care to support our work with a few bucks? We'd really appreciate it!

    Community platform by XenForo® © 2010-2021 XenForo Ltd.
    Top Bottom