Main > Main Forum

---WARNING--- - password hacking attempt on many accounts -- UPDATE --

Pages: << < (8/22) > >>

SavannahLion:


--- Quote from: ark_ader on February 16, 2011, 02:45:05 pm ---Perhaps you should disable the avatar uploading facility just to be sure, and purge all avatars from the board. 

You can have members email you their avatars later on.  If it was my site, I would do this immediately.

--- End quote ---

It's not, so we have little to worry about in that regards.

polaris:


--- Quote from: leapinlew on February 16, 2011, 09:32:31 am ---Thanks saint

I added a number 7 to my "123456" password to make it more secure.

--- End quote ---

hey we're password buddies, i never thought someone would pick the same as me, odds must be like 1 in a 100, maybe more.



ChadTower:


Actually, this might just be Stingray trying to get in after a few beers. 



--- Quote from: saint on February 16, 2011, 02:42:09 pm ---
The behavior looks a lot like a brute force attack. No one account is ever attempted more than once in a row, though repeated periodically. It's pretty much:

Try a username/password. Fail
Try another username/password. Fail
Try another username/password. Fail
.
.
.
Try the first username/password. Fail

Each from a different IP address with random time intervals between.

A 3 tries and you're locked won't really work in this attack due to the long time intervals and IP hopping, unless someone sees something I'm overlooking? Suggestions welcomed of course... I am banning the IP addresses used in the attack which is having a pretty good effect in stopping the attempts, but more IP addresses are easy to get...
 

--- End quote ---


hypernova:

I've always been more of a "pound of cure" kind of guy myself, rather than the "ounce of prevention."

Because, hey, more is better.  Duh!  :P

Donkbaca:

Just do what I do with passwords.  Change it every week. Start of with -99bottlesofbeeronthewall

Pages: << < (8/22) > >>

Go to full version