16

I was posting on a website forum. A person that doesnt like me on there managed to find out my ipv4 address.

I called my isp and asked them to change it, they told me to unplug my router and wait. I checked and my ipv4 address is still the same but my ipv6 address is different.

Am I in danger of being hacked or a signifigant security risk? I dont think I can do anything to stop them from finding my personal information but im worried that they might try to hack me or tell someone else to. What should I do?

I went into my router settings and changed the password as well as making sure all the firewall settings were selected and on max security.

teddybearcupcake
  • 161
  • 1
  • 1
  • 3
  • 3
    You should know, this is a relatively common threat on internet forums. It's rare for a threat like this to be seriously followed through. Just continue to calmly implement good security practices, whether or not someone has your IP address. – Nacht Sep 25 '17 at 04:44
  • 1
    It is just a wanna be like those schoolboys who claim they can hack your gmail. Just ignore it. – Dr_Bunsen Sep 25 '17 at 08:01
  • Also make sure no remote access (usually over SSH, telnet or HTTP) is enabled in your router. Even with a strong password those can be vulnerable. – Michael Sep 25 '17 at 08:09
  • 3
    Usually those who claim they only need your IP to hack you are those who know nothing about hacking. Because it is definitely not that simple. It's a childish threat, like saying your dad is a policeman. Just ignore the sad, sad tantrum. Your ISP will protect any possible threats anyway, it's their job. – Gilles Lesire Sep 25 '17 at 08:55
  • 1
    @GillesLesire - Most ISPs only provide limited defences against attacks on their users. Users very much need to take care to keep themselves secure. Please delete that part of your comment - it's just not true. – paj28 Sep 25 '17 at 10:46
  • @paj28 I am talking about DoS attacks etc. If an ISP does not protect his customers from such dumb attacks they go bankrupt the moment this becomes publically known and a PR disaster arises. – Gilles Lesire Sep 25 '17 at 10:51
  • @GillesLesire - Most ISPs don't and it doesn't cause a PR disaster, let alone bankruptcy. If you want to know more, you could open a new question. – paj28 Sep 25 '17 at 11:24
  • @paj28 hmm odd, mine does, it's even mentioned on the internet pack information page – Gilles Lesire Sep 25 '17 at 11:38
  • Hi @GillesLesire - If it wouldn't break your privacy too much, I'd be interested to see what your ISP promises. None of my last few ISPs have made any promise. – paj28 Sep 25 '17 at 14:12
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/66147/discussion-between-gilles-lesire-and-paj28). – Gilles Lesire Sep 25 '17 at 14:38

3 Answers3

28

Don't worry too much

It is relatively easy for someone to get your IP address, they just need to get you to visit a website they control. Some forums let people include links to images, which your browser will automatically load and reveal your IP address.

Normally this doesn't let them do much. They can work out your ISP and approximate location, but usually not any other personal information. Potentially they can connect your IP with other online activity, but that's more a Google/NSA thing than some guy on a forum.

You are absolutely right to lock down your router. Knowing your IP does allow them to try to attack your router. Even with a strong password, many routers have had vulnerabilities that allow compromise. But if your router's firewall blocks all ports, you should be ok. You can verify this using an online service like this.

If revealing your ISP and approximate location troubles you, I suggest you use a VPN. They are pretty cheap and easy to use.

paj28
  • 32,736
  • 8
  • 92
  • 130
  • 4
    +1 Most ISPs use a NAT anyways, so "your" IP is really more like one of "your city's" IP addresses, of which "you" probably share with a thousand other people. They'd have to get the internal network's IP address and correlate it to the ISP's logs of the subscriber's activity, etc. It's a much more complicated hack than a typical hacker could manage on their own. – phyrfox Sep 25 '17 at 00:14
  • 9
    @phyrfox I don't know if "most" ISPs use NAT. I've never been behind NAT in my life, in 5 or 6 different places in the US. – Paul Sep 25 '17 at 01:29
  • 2
    Not a security risk in itself, but OP is also at risk of getting hammered by a DoS/DDoS attack. Not fun at all, especially if the attacker is an enemy in an online game. – Aloha Sep 25 '17 at 02:18
  • At least in the UK, restarting your router will assign you a new IP rendering any data the user collected mostly redundant anyway. – Dan Sep 25 '17 at 09:56
0

Am I in danger of being hacked or a signifigant security risk?

That is hard to say without analyzing your network security. That is why we have penetration tests and vulnerability assessments, to let a party know ahead of time if they are in danger of being hacked, what the security risks are and how to eliminate them.

Also, "the person" threatening you might be a skilled attacker or a script kiddie or have no skill at all. Again, that makes it hard to say if you are in real danger of being hacked.

I would make sure my firewall is all default deny and the passwords are strong. Also, make sure you do not fall for any phishing attempts or accidentally download a keylogger or trojan through an infected link sent to you. Make sure your antivirus is running and updated to the latest virus definitions.

whoami
  • 1,366
  • 9
  • 17
  • “I would make sure my firewall is all default deny and the passwords are strong. Also, make sure you do not fall for any phishing attempts or accidentally download a keylogger or trojan through an infected link sent to you. Make sure your antivirus is running and updated to the latest virus definitions.” Isn’t this all pretty much pointless if you are behind a router without any port forwardings/DMZ? – Michael Sep 25 '17 at 08:07
-2

In addition make sure your computer operating system is fully updated, you use a secure and updated web browser (Firefox, Chrome), don't open strange links and even more - files. Email - the same. etc. etc.

akostadinov
  • 555
  • 3
  • 8
  • Would be good if down-voters explain why they downvoted. Previous answers focussed only on networking. But expecially in a forum, the offender could be posting malicious links so op needs to be careful with the software side as well. – akostadinov Oct 02 '17 at 09:09
  • I didn't downvote, but it's probably because you're talking about general forum risks, when the question was about an attacker knowing your IP address. – paj28 Oct 12 '17 at 07:56
  • @paj28, agreed, but given they participate in the same forum, mounting such kind of an attack would be far easier. Especially the offender may use private messages, a second account and whatnot. So I thought it is important to include those. – akostadinov Oct 12 '17 at 20:16