iesnare - make sure you're not being snooped on.

[munk]

Ahhh I hope you're not a spammer... if you're not then I love you

[blankman]

Ahhh I hope you're not a spammer... if you're not then I love you

huh, never spammed a word in my live

Hey Munk, need some advice...

Logged into betfair today and checked my security and there where 4 successful and 1 failed logins to my account from IP: 10.10.10.200 (United Kingdom) which is not my own. Did a look up and this is the best could find:

Code:

OrgName:    Internet Assigned Numbers Authority 
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   10.0.0.0 - 10.255.255.255 
CIDR:       10.0.0.0/8 
NetName:    RESERVED-10
NetHandle:  NET-10-0-0-0-1
Parent:     
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information:
Comment:    http://www.arin.net/reference/rfc/rfc1918.txt
RegDate:    
Updated:    2007-11-27

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number 
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number 
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org

# ARIN WHOIS database, last updated 2008-11-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Does this mean anything and should I report it to betfair? Your advice is greatly appreciated.


EDIT: I did activate country restrictions and changed my password to the entire number pi...

[munk]

Ok blankman... no it was just that it was your first post that's all! I thought it was a little bit too specific for a spammer... sometimes spammer's post a 'test message' first you see just to see if their account sign up worked.

REgards your question, that IP address is a private IP address (or 'reserved' network address as indicated in the whois lookup you pasted), it can't be used on a public network (which begs the question why you're seeing it at a remote / public website!). It's probably the IP address of your network router, did you use Betfair on the day in question?

[blankman]

Hey, thanks for the reply. These darn spammers. Getting smarter by the day...lol.

Was using betfair on the days in question. I was also winning quite a bit on these 2 days so thought it might be a betfair operator coming to check things out. Using "mobile broadband". Sure that the password change would render me safe though. Any advice on a firewall for vista?

[munk]

That is weird with the private IP address, maybe you're right and it's them just going in to check up on something... maybe email them about it see what they say.

Re firewall for vista, not sure about vista since I don't use it but on XP I use Comodo and it's very easy to use and secure and comes highly rated by a lot of security sites (well polls and that kind of thing that I used to read).

Free Firewall Protection Software Best Firewall Computer Security Free Personal Firewall

Mmm I just seen they updated the name now, it's called 'Commodo Internet Security'... anyway just go for the free download that's all you need really unless you want extra customer support.

[Makybe]

Thanks for all this munk ... you a bit of a genius (geek) aren't you The fact that you took the time to outline all this in plain English for all us n00bs made the task a lot easier

Having read about iesnare before I even began match betting, i have been searching for it about once a week, every week for the last 7 weeks or so

well ... it has finally turned up

I did Jaxx weeks ago ... and its not them

Guaranteed its either SBG Global or 32 Red that got me ... but I am fairly sure its SBG

anyway, I run XP Home so had the same problems as "Adam" did in the thread toward the end of page 1

I had to make the changes to security in safe mode as you outlined ... also on page 1

no step 3 could be done

I did the blocking and the crippling in hosts

The files still show up on search forever more I take it, they just don't do anything

If I have said anything in this post of concern to you (munk) or anybody else, and you have further suggestions ... would be much appreciated

Otherwise, I'm sure this thread can always use a bump ... so real real newbs will know of its existence

Thanks again
Makybe

[steven_735]

I'm using a mac with firefox, i've been into my cookies and blocked isnare.com cookies.

Is that all i need to do? or is there something with flash i need to download?

[munk]

If I have said anything in this post of concern to you (munk) or anybody else, and you have further suggestions ... would be much appreciated

Otherwise, I'm sure this thread can always use a bump ... so real real newbs will know of its existence

Thanks again
Makybe

Hi akybe, sorry I forgot to look at this thread earlier when you PM'ed, I got sidetracked. It sounds like you've done the job OK - if you did the hosts file hack as well then there's at least two lines of defense as well so you should be good to go.

I'm using a mac with firefox, i've been into my cookies and blocked isnare.com cookies.

Is that all i need to do? or is there something with flash i need to download?

Blocking iesnare.com http cookies in firefox won't work because iesnare uses flash cookies as well as plain HTTP cookies. Regular HTTP cookies are plain text files that get sent to/from your machine when you visit websites along with the web content served up by the web server. Flash cookies work a little differently, they get sent to/from websites using the flash application itself.

If you can, try and find the location of the flash cookies on your machine and then try to change the permissions on the files so that noone can read/write to them. I can't really help because I've never used a mac, although from a very quick skim read if you can find the files in your finder(?) you should be able to change the permissions there - just set 'no access' on all the permission classes ('me', 'group' and 'other').

The page I just skim read is here:

Troubleshooting permissions issues in Mac OS X

search for 'How to View and Change Permissions in the Finder's Info Window'.

[GlobalSquare]

Gah this is the one thread i really hate seeing bumped but ... BetCris.com needs to be added to the list on page 1

NoScript shows it loud and proud asking for permission along with betcris
(only just noticed as i signed up with ie earlier for the whole tracking thing)

[Mirage]

Heres a youtube vid with Pierson trying to explain it to a reporter:
[ame=http://uk.youtube.com/watch?v=-9DB6YSaoto]YouTube - Stealth Cookie on YOUR PC linked to database... Privacy?[/ame]

Has the investigation into the UltimateBet and AbsolutePoker scandals progressed at all? These guys were heavily involved with both companies...