Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   facebook ip is checking my gmail account (http://www.go4expert.com/forums/facebook-ip-checking-gmail-account-t15767/)

keevill 9Jan2009 10:24

facebook ip is checking my gmail account
 
I have noticed my gmail account been checked by "IP address unknown" when I check in the activity tab recently provided by gmail.
I changed the password to a long string of upper / lower case/numbers and characters.
Now I see it's still being checked and the IP address resolves to a Facebook IP.
Any ideas ?

fourthdimension 13Jan2009 01:58

Re: facebook ip is checking my gmail account
 
Are you using any gmail apps on your facebook account?

keevill 13Jan2009 08:27

Re: facebook ip is checking my gmail account
 
No I don't use any Google apps on my Facebook account.
-keevill-

fourthdimension 13Jan2009 08:54

Re: facebook ip is checking my gmail account
 
That's pretty interesting. Did you notice what time it was checked? Was it a time when you weren't logged in? Just making sure that this isn't some sort of glitch. I've never heard of google's ip logger glitching up, but it's worth looking into, anyway.
OK, so assuming that the IP is correct and you've correctly resolved it to facebook, there's a few things that come to mind.
1. Have you noticed this happening on any of your other accounts also? The fact that it's still happening after you changed your password tells me that if it is a hacking problem, then it's done either with a keylogger or a sniffer (unless your secret question is easy to guess), and since it's resolving to facebook, ... it doesn't seem like anything local enough for a sniffer. But that brings me to my second point:
2. If you've correctly resolved the IP to facebook, then there are three more things to look at:
a) Either someone behind the facebook IP block has your password, in which case an email to facebook would be in order.
b) Someone is spoofing facebook's IP. Not likely, since they're using it to check your mail, not just post data.
c) Someone is forwarding their traffic through a machine behind the facebook IP block. Again, if this is the case, facebook has an insecure machine on its network and should be notified. Also, if this is the case, then it's possible that the hacker is on your lan, which rebirths the possibility of a sniffer.

So what should you do? First, check your other online accounts for suspicious activity and run a thorough keylogger scan on your computer with more than just one scanner, as well as check your network access controls (encryption, etc). If multiple other accounts are having this trouble also, it's malware on your computer or sniffing on your network. That would answer the "how" question, but not the "who". For the latter, you should probably contact facebook with your question. Since you're resolving the IP to facebook, they are either the originating IP or the last IP in the attacker's hop. Either way, they need to know so they can look into it for their own sake and yours.


All times are GMT +5.5. The time now is 19:56.