Jump to content
Black Chicken Studios Forums
Rhialto

Spamming Problem

Recommended Posts

You don't have to make posts about it so that they can stay in our memory. A quick report on the post will do the job, and then nobody will be the wiser that there are evil spammers out there. MWAhahaha. Now that's real magic when you can pull off that kind of negation.

Share this post


Link to post
Share on other sites

Apparently someone try to hack active accounts from the forum. (Got a mail from the forum that someone failed to login to my account 5 times from a IP in Brazil)

Having the login name shown as forum name actual make such blind brute force attacks possible in opposite to the old forum where this could set as 2 different names or forum where you login with the e-mail instead of the account name.

Share this post


Link to post
Share on other sites

I experienced that scummy thing too.

Quote

We have detected 5 failed log in attempts to your account from Fortaleza, Ceara, Brazil.

If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful and we have blocked the IP address from further attempts so no action is required. You may however want to change your password for greater security, especially if you use the same password on other websites.

If this was you, you can safely ignore this email and you will be able to sign in again at 09/09/2018 09:32 PM.

 

Share this post


Link to post
Share on other sites

To really brute force a password they need many more try then just 5 unless you used one of the top 20 or so not to use passwords (like 123456 or password).

Share this post


Link to post
Share on other sites

Sadly Sign In request your "Display Name" so if you change the Display Name I suspect both Login and Forum name is changed (so its the way the Team did for me after the port to this forum)

Share this post


Link to post
Share on other sites

Oh, boy. I can just see it now. Our accounts hacked in order to spam the forum. It's almost like we have to combat Mastery mages! haha. But Rhialto, I don't think you need to change your password. only 5 attempts is not a lot of attempts when dealing with a brute force hack. I have a crap ton of passwords these days. So many I can't possibly remember them, so I have them all in a special place. If one gets compromised, I don't have to worry about others, and I'll deal with it then.

Share this post


Link to post
Share on other sites

They continue with their hacking … although 5 a day is not much and it will need months to get a password hacked this way its necessary that the team take action.

"09/11/2018 10:24  AM. We have detected 5 failed log in attempts to your account from Fortaleza, Ceara, Brazil."

Share this post


Link to post
Share on other sites

Again for me as well. If the Team could just put a blanket ban on all Brazilian IP addresses as far as accessing my account goes, that'd be nice. Rest assured, the day that I travel to South America is the day that frogs rain from the sky.

Share this post


Link to post
Share on other sites

Now I have 3 email denoting this. It is getting annoying. Fortunately my password was assigned by the forum as is a complete mess of randomness, so no dictionary hack will get it. Even so, I don't want to get emails for eternity waiting for these jerks to get lucky. The law of averages state that eventually they'll get lucky with some already created account that was given a really simple password.

 

Really, I hope that you can get those folks behind the forum to do something about it, legate.

Share this post


Link to post
Share on other sites

Hmm actual when I look at the Password I used for this forum I'm long decayed by the time they reach even just an 1% chance to get the right one if there is no weakness in how the forum stores it and they continue with just 5 try a day.

With doing 5 per day they probably use a dictionary list or a list of common used passwords what means a password that have 1 digit different to their list can't be cracked by them at all and a full brute force attack on the passwords need way more try per day to be cracked within the live-time of a human. (The 112000 passwords broken down to 5 a day means they need ~61 years to do the same as the product mentioned below is doing in 1 sec.) 

"As of 2011, commercial products are available that claim the ability to test up to 112,000 passwords per second on a standard desktop computer using a high-end graphics processor.[5] Such a device will crack a 6 letter single-case password in one day." from:

https://en.wikipedia.org/wiki/Password_strength 

Share this post


Link to post
Share on other sites

Yup. I don't see them cracking mine that way either. I just don't want to get warning emails for the next 100 years, is all.

Share this post


Link to post
Share on other sites

The mail said the IP address was banned (for what good that did), so it must be possible to some extend. And I'd rather these attempts get set on fire before it turns out that these spambots are just trying random combinations of letters/symbols/numbers and one of them ends up getting it right. Unlikely, sure, but why bother risking it if you don't have to? Not getting hundreds of mails about it would also be nice.

  • Like 1

Share this post


Link to post
Share on other sites

Because they could continue with the attack today the ban was either just for 1 day or the hacker get a new IP each day.

Share this post


Link to post
Share on other sites

It was a temporary ban. The emails even say " you can safely ignore this email and you will be able to sign in again at xxxxxx" if it was you. By the way I'm on 4 emails now.The bans aren't even a full day long. The most recent email I received at 10:25 AM and it said that the ban would be lifted on 4:24 PM the same day. So it's only a 6 hour ban.

Legate, I do believe that the urgency on stopping this jerk is just a tad bit higher now..

Edit: What's even more worrying is that by comparing emails, each attempt is right after the last temporary ban expires,

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×