Not sure what to do about this...

Tute · 20 May 2011 at 23:47

Someone keeps getting into my gmail and spamming all my contacts. They did it first just after PSN got hacked so I assumed it was to do with that and changed all the passwords. But whoever it is has been in again.

I've run a virus scan and it's come up clear. I ran Malwarebytes and that came up clear too.

My password isn't exactly guessable, is there something i'm missing here?

AbsenceJam · 21 May 2011 at 00:15

Is your gmail account actually sending spam? Do you see the spam notice from Google when you're in the account? When you click at the bottom to see where it's been accessed from is there anything unusual?

Or is the spam just showing your email address?

Tute · 21 May 2011 at 00:18

Yeah it's sending it. I've had people telling me on MSN, plus when I logged on there were a ton of emails telling me that certain addresses had "bounced" the spam back.

Also Google locked the account due to "unusual activity".

And looking at the access list (which I didn't realise was there):

Mobile Bulgaria (94.156.108.179) 22:20 (1.5 hours ago)
Mobile Lithuania (78.63.106.247) 22:20 (1.5 hours ago)
Mobile Netherlands (86.88.172.89) 22:11 (2 hours ago)

Do these morons have nothing better to do with their pointless little lives? :/

Tute · 21 May 2011 at 00:27

I've found the verification code app now and set that up. Should keep the little ****s out.

PistolPete · 21 May 2011 at 00:28

I just got one from you too... :-(

AbsenceJam · 21 May 2011 at 02:31

I'd be worried about how they were getting in already. Were your security answers and/or alternate email insecure? Do you have a keylogger the AV software can't find? That's how they kept getting in.

bledd · 21 May 2011 at 04:47

Do you have an Android phone?

(Rouge app?)

westylakey · 21 May 2011 at 09:23

assuming youve changed your password? someone hacked my gmail once and then proceeded to hack my ebay and lock me out. but as soon as i realised i quickly changed gmail pass and went on ebays 24/7 online chat help thing to get that sorted.

Tute · 21 May 2011 at 13:59

bledd. said:
Do you have an Android phone?

(Rouge app?)

iPhone.

Well, beyond MWB and MSSE, what else do people suggest? Hijackthis log?

div0 · 30 May 2011 at 11:13

Did you ever get to the bottom of this?

I've just had the same happen with my gmail account. Locked due to suspicious activity, so I got a confirmation code sent to my phone and then changed my password. I checked the last used IP addresses in gmail and had activity from 2 locations (Netherlands Antilles and then Mexico) at time of problem.

Have now logged onto a 'clean' PC and re-changed the password again, just to be sure.

Left a full MalwareBytes, Spybot and MSE scan running on home PC when I went to work. Will check the results when I'm home later.

My password is just a random combination of letters, but I guess it could eventually be cracked with a brute force attack. Mainly running the scan as I'd be concerned for a keylogger.

The only other place I access gmail from (other than at home and at work) is my SanFran. At the moment I've not re-linked it with the new password. I do use 'Lookout' and it reckons all my apps are good and current status after a malware scan is 'ok'.

Anyone got any advice other than to change my gmail pass, which I've already done.

Destination · 30 May 2011 at 11:45

Out of interst, within yahoo mail, does the same facility exist as in googlemail to see the last 10 IPs that logged into the account.
I had a look through but couldn;t find anything similar, anyone aware?

Tute · 30 May 2011 at 15:44

I didn't i'm afraid, no.

I set up a Google Authenticator on my iPhone and i've not had a problem since.

Out of interest, do you have a PS3?

div0 · 30 May 2011 at 15:55

No, no PS3 for me.

The only things I can think are:

I had an update for both Java and Adobe come through on my home PC in the last couple of days. I guess they could have been something else, pretending to be an update, but I'll not know until I get home and see the results of the scan I started this morning. That's the only change I've made recently on my PC.

I do download a fair number of apps for my phone, and all (but one) come from the Android market, and all pretty mainstream. I ran a few scans on my phone and all apps passed as ok. As a precaution I've removed the one app that wasn't from the market.

I'll look into Google Autenticator - what does it do, and how is it meant to protect from this sort of thing?

Thanks

Dewotter · 30 May 2011 at 15:59

They explain it well here.

http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284

asim18 · 30 May 2011 at 16:09

Tute said:
Mobile Bulgaria (94.156.108.179) 22:20 (1.5 hours ago)
Mobile Lithuania (78.63.106.247) 22:20 (1.5 hours ago)
Mobile Netherlands (86.88.172.89) 22:11 (2 hours ago)

Send an email to the owner of those IPs. Tell them that they're hackers and are hijacking accounts to send spam.

I used to get tonnes of spam from a few IPs. Notified the abuse department, they thanked me, and the spam stopped within days.

div0 · 30 May 2011 at 16:40

RKO said:
They explain it well here.

http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284

Yeah, just set it up. Should hopefully prevent any problems in future.

Would obviously like to get to the bottom of the original problem, as obviously this doesn't do much to prevent a keylogger giving them access again - if that was the cause.

At the moment it only looks like my gmail was compromised, but I'll probably end up changing all my passwords, just to be sure.