Welcome Guest.   Make a donation to an author on the site December 18, 2014, 12:23:38 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Free DonationCoder.com Member Kit: Submit Request.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Run a security check on your Gmail account - if not already done  (Read 3666 times)
IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« on: December 28, 2010, 09:06:03 AM »

Following the recent hacking and publishing of Gawker Media customers' (commenters') email IDs and passwords (yes, passwords - how dumb can that be?), I had been checking my Gmail account security - and I had a surprise when I did it (for details, read on).

SUGGEST YOU DO THIS WEEKLY: (if you do not already do it.)
Start up Gmail in your browser.
Near the bottom of the main Gmail page, it says something like:
Last account activity: 57 minutes ago on this computer.  Details

When you click on "Details", you get taken to a page "Activity on this account". A table gives details of the 10 latest accesses, the 1st being your current session..
If you have any open sessions (e.g., if you left sessions open from another PC connected to the account, or if someone has open sessions from unauthorised access to your account), there will be a button that says to close them. Click on that button. The button will go away and you will get something like:
"This account does not seem to be open in any other location."

Now only you are looking at the account.
Quote
EDIT 2010-12-29 1112hrs: You have momentarily shut out any other users accessing your account. The objective is to move quickly and prevent any other account users doing anything before signing in again, by which time they will not be able to sign in, because by then you should have changed the account password and security question.
Scan the table for any Browser or POP3 accesses from IP addresses that were not yours from some other location or device.
Take a screen shot of it before doing anything further, because anything you do may scroll the oldest accesses off the table.

You can check the IP addresses here: http://projecthoneypot.org/search_ip.php
It will tell you which country it is in, and whether anything suspect has been reported for that IP address recently (i.e., it is still a "bad" IP address"). If they have the IP address, but no recent reports, then it means that they have had reports in the past, but it's probably OK now.

In any event, if there are any IP addresses that were not yours (either for browser or POP3 access), then:

    * change your password immediately (make it a "strong" one);
    * change the security question;
    * SAVE all changes;
    * whilst you are at it, get a second email address in the event you need to restore access to your account, having been locked out from it.
    * whilst you are at it, set up the SMS alert.

I did all this, because, to my great surprise I had POP3 (reading current inbox messages) accesses from some US-based IP addresses. I have no idea what they were up to, but they can't do any more POP3 accesses now.
Quote
EDIT 2010-12-29 1112hrs: Because my IP address is in New Zealand, a U.S. access was categorically something unwanted or potentially malign.

Hope this is useful/helpful to someone.
« Last Edit: December 28, 2010, 04:27:59 PM by IainB » Logged
mouser
First Author
Administrator
*****
Posts: 33,770



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: December 28, 2010, 10:39:58 AM »

smart  thumbs up
Logged
wraith808
Supporting Member
**
Posts: 6,575



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: December 28, 2010, 12:19:38 PM »

At the bottom of the page there's also: Alert preference: Show an alert for unusual activity.

Turn this on, and it will show an alert if there is unusual activity.  I've found all on my account to be benign, i.e. my phone accesses my account from an I.P. that's located a couple of hours away from me for some reason, so a U.S. access isn't necessarily something malign.
Logged

Deozaan
Charter Member
***
Posts: 6,531



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: December 28, 2010, 12:35:02 PM »

And if you do see unusual activity, don't forget to click the button that says something like "Sign out all other sessions" so they can't do anything before signing in again and by then you should have changed your password.
Logged

IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #4 on: December 28, 2010, 04:12:13 PM »

@wraith808: Yes, thanks:
Quote
"...so a U.S. access isn't necessarily something malign."
I have a New Zealand IP address, which was why the US IP addresses that did a POP3 were a worry. I shall update my post to reflect this.

@Deozaan: Yes, thanks:
Quote
"...so they can't do anything before signing in again and by then you should have changed your password."
That was one of the points I was trying to make, but didn't do very well. I shall update my post to make this quite clear.
Logged
IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #5 on: December 28, 2010, 04:38:16 PM »

@wraith808:
Quote
At the bottom of the page there's also: Alert preference: Show an alert for unusual activity.
Turn this on, and it will show an alert if there is unusual activity.
This seems to be forced on by default in my Gmail, and I cannot change it. I did come across an information link to a Google note that explains that if you try to disable it, it will not be activated for a delay period, for security reasons. I don't recall whether you get an auto email to ask for confirmation that you wanted it disabled. (Which would make sense.)
Logged
4wd
Supporting Member
**
Posts: 3,524



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: December 28, 2010, 05:07:21 PM »

This seems to be forced on by default in my Gmail, and I cannot change it. I did come across an information link to a Google note that explains that if you try to disable it, it will not be activated for a delay period, for security reasons. I don't recall whether you get an auto email to ask for confirmation that you wanted it disabled. (Which would make sense.)

You don't - I've had a couple of mine turned off for a while and I never received a confirmation prior to it taking effect.  I think they expect you to notice the next time you log in via browser - something I do very rarely.

eeerrr  embarassed  Of course maybe it's different if you have a alternative email or SMS set up - neither of which I use.
« Last Edit: December 28, 2010, 05:21:19 PM by 4wd » Logged

I do not need to control my anger ... people just need to stop pissing me off!
Deozaan
Charter Member
***
Posts: 6,531



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: December 29, 2010, 02:11:10 AM »

@Deozaan: Yes, thanks:
Quote
"...so they can't do anything before signing in again and by then you should have changed your password."
That was one of the points I was trying to make, but didn't do very well. I shall update my post to make this quite clear.

Or maybe I just was lazy and didn't fully read your original post. I think it was me who erred, this time. I just skimmed your post since I already knew about this stuff and somehow missed you describing to do what I said to do. Sorry. embarassed
Logged

Curt
Supporting Member
**
Posts: 6,362

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #8 on: December 29, 2010, 06:25:21 AM »

I don't understand why Google doesn't offer to auto mail any private email I may have, if my gmail account is visited by unknown ip addresses. It *sounds* to me as it would be easy to do.
Logged
kyrathaba
N.A.N.Y. Organizer
Honorary Member
**
Posts: 3,018



while(! dead_horse){beat}

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: December 31, 2010, 06:32:31 PM »

Just checked mine.  All benign.
Logged

Win 7 Home Premium 64bit-SP1 AMD Athlon II X2 220 Socket AM3 (938) @ 2.1GHz 6GB RAM Firefox 26.0
_________________________________________________________________________________________

I'm fighting against patent trolls. Join me and tell your representative to support the #SHIELDAct: https://eff.org/r.b6JJ /via @EFF

My DC page: http://kyrathaba.dcmembers.com | My blog: http://williambryanmiller.com/ | Proofreading Service: http://bit.ly/1fQSqQP

IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #10 on: October 08, 2013, 02:38:42 AM »

A reminder to run that security check.
I revived this thread because something similar just cropped up. Some years back, I had set up a Gmail account that is shared with several other users. It was a bit of an experiment and is used like a Google Group for us all to communicate on issues of common interest, but avoids all the fussing-about with administering a Google Group. Security is not a real issue, and the password was unchanged from the original - a string of several numeric digits, based on part of the phone number of one of the members.

This is the sequence of events:
  • 1. Email warning received today from Google accounts admin.:
    Quote
    Hi XXXX,
    Someone recently used your password to try to sign in to your Google Account XXXX@gmail.com. This person was using an application such as an email, client or mobile device.
    We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:
    • Monday, 7 October 2013 14:11:58 o'clock UTC
    • IP Address: xxx.xx.xxx.xx (xxx-xx-xxx-xx.aaaaaa.xxxxxx.co.nz.)
    • Location: Auckland, New Zealand
    If you do not recognise this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately.
    ____________________________

  • 2. I signed in to the Gmail account. A similar warning popped up recommending a password reset because:
    Quote
    03:11 Application/device sign-in attempt (prevented).

  • 3. I checked "recent activity" on the Gmail account (per the procedure described in the opening post). The hack attempt apparently had been noted as it came from an unusual device (one we had not used before) and it failed one of the (very useful!) secondary verification challenges that has been introduced to Gmail since we set up the account.

  • 4. I generated a new and much higher-strength password, using LastPass, and set that PW.

  • 5. I logged out of all sessions.

  • 6. I Logged out of the Gmail account and then logged in again to check it had all worked OK.

  • 7. I checked WHOIS and made a note of the email address (from WHOIS screenclip) at the ISP to notify of the hack attempt from an IP address in their domain.

Logged
wraith808
Supporting Member
**
Posts: 6,575



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: October 08, 2013, 09:30:03 AM »

You can also turn on 2-stage authentication.  It works really well.
Logged

IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #12 on: October 08, 2013, 12:12:16 PM »

You can also turn on 2-stage authentication.  It works really well.
+1 - absolutely - kudos to Google - that's why I wrote:
Quote
The hack attempt apparently had been noted as it came from an unusual device (one we had not used before) and it failed one of the (very useful!) secondary verification challenges that has been introduced to Gmail since we set up the account.
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.043s | Server load: 0.15 ]