Jump to content
Black Chicken Studios Forums

Spamming Problem


Rhialto

Recommended Posts

You don't have to make posts about it so that they can stay in our memory. A quick report on the post will do the job, and then nobody will be the wiser that there are evil spammers out there. MWAhahaha. Now that's real magic when you can pull off that kind of negation.

Link to comment
Share on other sites

Apparently someone try to hack active accounts from the forum. (Got a mail from the forum that someone failed to login to my account 5 times from a IP in Brazil)

Having the login name shown as forum name actual make such blind brute force attacks possible in opposite to the old forum where this could set as 2 different names or forum where you login with the e-mail instead of the account name.

Link to comment
Share on other sites

I experienced that scummy thing too.

Quote

We have detected 5 failed log in attempts to your account from Fortaleza, Ceara, Brazil.

If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful and we have blocked the IP address from further attempts so no action is required. You may however want to change your password for greater security, especially if you use the same password on other websites.

If this was you, you can safely ignore this email and you will be able to sign in again at 09/09/2018 09:32 PM.

 

Link to comment
Share on other sites

Oh, boy. I can just see it now. Our accounts hacked in order to spam the forum. It's almost like we have to combat Mastery mages! haha. But Rhialto, I don't think you need to change your password. only 5 attempts is not a lot of attempts when dealing with a brute force hack. I have a crap ton of passwords these days. So many I can't possibly remember them, so I have them all in a special place. If one gets compromised, I don't have to worry about others, and I'll deal with it then.

Link to comment
Share on other sites

Now I have 3 email denoting this. It is getting annoying. Fortunately my password was assigned by the forum as is a complete mess of randomness, so no dictionary hack will get it. Even so, I don't want to get emails for eternity waiting for these jerks to get lucky. The law of averages state that eventually they'll get lucky with some already created account that was given a really simple password.

 

Really, I hope that you can get those folks behind the forum to do something about it, legate.

Link to comment
Share on other sites

Hmm actual when I look at the Password I used for this forum I'm long decayed by the time they reach even just an 1% chance to get the right one if there is no weakness in how the forum stores it and they continue with just 5 try a day.

With doing 5 per day they probably use a dictionary list or a list of common used passwords what means a password that have 1 digit different to their list can't be cracked by them at all and a full brute force attack on the passwords need way more try per day to be cracked within the live-time of a human. (The 112000 passwords broken down to 5 a day means they need ~61 years to do the same as the product mentioned below is doing in 1 sec.) 

"As of 2011, commercial products are available that claim the ability to test up to 112,000 passwords per second on a standard desktop computer using a high-end graphics processor.[5] Such a device will crack a 6 letter single-case password in one day." from:

https://en.wikipedia.org/wiki/Password_strength 

Link to comment
Share on other sites

The mail said the IP address was banned (for what good that did), so it must be possible to some extend. And I'd rather these attempts get set on fire before it turns out that these spambots are just trying random combinations of letters/symbols/numbers and one of them ends up getting it right. Unlikely, sure, but why bother risking it if you don't have to? Not getting hundreds of mails about it would also be nice.

Link to comment
Share on other sites

It was a temporary ban. The emails even say " you can safely ignore this email and you will be able to sign in again at xxxxxx" if it was you. By the way I'm on 4 emails now.The bans aren't even a full day long. The most recent email I received at 10:25 AM and it said that the ban would be lifted on 4:24 PM the same day. So it's only a 6 hour ban.

Legate, I do believe that the urgency on stopping this jerk is just a tad bit higher now..

Edit: What's even more worrying is that by comparing emails, each attempt is right after the last temporary ban expires,

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...