Rhialto Posted August 29, 2018 Report Share Posted August 29, 2018 A certain use, @ieltsproff, seems to be a spambot. May it be dealt with well. Link to comment Share on other sites More sharing options...
Legate of Mineta Posted August 29, 2018 Report Share Posted August 29, 2018 Ruthlessly. Link to comment Share on other sites More sharing options...
Rhialto Posted September 5, 2018 Author Report Share Posted September 5, 2018 @leonelmud is spamming the forum. @Legate of Mineta, please help to deal with this. Link to comment Share on other sites More sharing options...
Legate of Mineta Posted September 5, 2018 Report Share Posted September 5, 2018 Already done! Link to comment Share on other sites More sharing options...
freespace2dotcom Posted September 6, 2018 Report Share Posted September 6, 2018 You don't have to make posts about it so that they can stay in our memory. A quick report on the post will do the job, and then nobody will be the wiser that there are evil spammers out there. MWAhahaha. Now that's real magic when you can pull off that kind of negation. Link to comment Share on other sites More sharing options...
Schwarzbart Posted September 6, 2018 Report Share Posted September 6, 2018 To the right of the Posted X hours ago (or Posted XXXX where XXXX is a Date) is the Report Post. Link to comment Share on other sites More sharing options...
Schwarzbart Posted September 10, 2018 Report Share Posted September 10, 2018 Apparently someone try to hack active accounts from the forum. (Got a mail from the forum that someone failed to login to my account 5 times from a IP in Brazil) Having the login name shown as forum name actual make such blind brute force attacks possible in opposite to the old forum where this could set as 2 different names or forum where you login with the e-mail instead of the account name. Link to comment Share on other sites More sharing options...
Legate of Mineta Posted September 10, 2018 Report Share Posted September 10, 2018 Schwarzbart; I preferred the old way, too. I'll point it out again. Ugh. Link to comment Share on other sites More sharing options...
Metis Posted September 10, 2018 Report Share Posted September 10, 2018 I got the same mail I just noticed, also from Brazil. Link to comment Share on other sites More sharing options...
freespace2dotcom Posted September 10, 2018 Report Share Posted September 10, 2018 I experienced that scummy thing too. Quote We have detected 5 failed log in attempts to your account from Fortaleza, Ceara, Brazil. If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful and we have blocked the IP address from further attempts so no action is required. You may however want to change your password for greater security, especially if you use the same password on other websites. If this was you, you can safely ignore this email and you will be able to sign in again at 09/09/2018 09:32 PM. Â Link to comment Share on other sites More sharing options...
Rhialto Posted September 10, 2018 Author Report Share Posted September 10, 2018 For my part, I have changed my password for this website is response to @Schwarzbart and @freespace2dotcom's reports. Link to comment Share on other sites More sharing options...
Schwarzbart Posted September 10, 2018 Report Share Posted September 10, 2018 To really brute force a password they need many more try then just 5 unless you used one of the top 20 or so not to use passwords (like 123456 or password). Link to comment Share on other sites More sharing options...
Legate of Mineta Posted September 10, 2018 Report Share Posted September 10, 2018 Hey all- check out Accounting Settings, Display Name. I just got that from the Team. Of interest? Link to comment Share on other sites More sharing options...
Schwarzbart Posted September 10, 2018 Report Share Posted September 10, 2018 Sadly Sign In request your "Display Name" so if you change the Display Name I suspect both Login and Forum name is changed (so its the way the Team did for me after the port to this forum) Link to comment Share on other sites More sharing options...
Legate of Mineta Posted September 10, 2018 Report Share Posted September 10, 2018 Bah! Link to comment Share on other sites More sharing options...
freespace2dotcom Posted September 10, 2018 Report Share Posted September 10, 2018 Oh, boy. I can just see it now. Our accounts hacked in order to spam the forum. It's almost like we have to combat Mastery mages! haha. But Rhialto, I don't think you need to change your password. only 5 attempts is not a lot of attempts when dealing with a brute force hack. I have a crap ton of passwords these days. So many I can't possibly remember them, so I have them all in a special place. If one gets compromised, I don't have to worry about others, and I'll deal with it then. Link to comment Share on other sites More sharing options...
Schwarzbart Posted September 11, 2018 Report Share Posted September 11, 2018 They continue with their hacking … although 5 a day is not much and it will need months to get a password hacked this way its necessary that the team take action. "09/11/2018 10:24 AM. We have detected 5 failed log in attempts to your account from Fortaleza, Ceara, Brazil." Link to comment Share on other sites More sharing options...
Metis Posted September 11, 2018 Report Share Posted September 11, 2018 Again for me as well. If the Team could just put a blanket ban on all Brazilian IP addresses as far as accessing my account goes, that'd be nice. Rest assured, the day that I travel to South America is the day that frogs rain from the sky. Link to comment Share on other sites More sharing options...
Legate of Mineta Posted September 11, 2018 Report Share Posted September 11, 2018 Metis; Hmmm. I don't think anything like that could be done, but let me see what we can try. This is really strange. Link to comment Share on other sites More sharing options...
freespace2dotcom Posted September 11, 2018 Report Share Posted September 11, 2018 Now I have 3 email denoting this. It is getting annoying. Fortunately my password was assigned by the forum as is a complete mess of randomness, so no dictionary hack will get it. Even so, I don't want to get emails for eternity waiting for these jerks to get lucky. The law of averages state that eventually they'll get lucky with some already created account that was given a really simple password. Â Really, I hope that you can get those folks behind the forum to do something about it, legate. Link to comment Share on other sites More sharing options...
Schwarzbart Posted September 11, 2018 Report Share Posted September 11, 2018 Hmm actual when I look at the Password I used for this forum I'm long decayed by the time they reach even just an 1% chance to get the right one if there is no weakness in how the forum stores it and they continue with just 5 try a day. With doing 5 per day they probably use a dictionary list or a list of common used passwords what means a password that have 1 digit different to their list can't be cracked by them at all and a full brute force attack on the passwords need way more try per day to be cracked within the live-time of a human. (The 112000 passwords broken down to 5 a day means they need ~61 years to do the same as the product mentioned below is doing in 1 sec.) "As of 2011, commercial products are available that claim the ability to test up to 112,000 passwords per second on a standard desktop computer using a high-end graphics processor.[5] Such a device will crack a 6 letter single-case password in one day." from: https://en.wikipedia.org/wiki/Password_strength Link to comment Share on other sites More sharing options...
freespace2dotcom Posted September 11, 2018 Report Share Posted September 11, 2018 Yup. I don't see them cracking mine that way either. I just don't want to get warning emails for the next 100 years, is all. Link to comment Share on other sites More sharing options...
Metis Posted September 11, 2018 Report Share Posted September 11, 2018 The mail said the IP address was banned (for what good that did), so it must be possible to some extend. And I'd rather these attempts get set on fire before it turns out that these spambots are just trying random combinations of letters/symbols/numbers and one of them ends up getting it right. Unlikely, sure, but why bother risking it if you don't have to? Not getting hundreds of mails about it would also be nice. Link to comment Share on other sites More sharing options...
Schwarzbart Posted September 11, 2018 Report Share Posted September 11, 2018 Because they could continue with the attack today the ban was either just for 1 day or the hacker get a new IP each day. Link to comment Share on other sites More sharing options...
freespace2dotcom Posted September 11, 2018 Report Share Posted September 11, 2018 It was a temporary ban. The emails even say " you can safely ignore this email and you will be able to sign in again at xxxxxx" if it was you. By the way I'm on 4 emails now.The bans aren't even a full day long. The most recent email I received at 10:25 AM and it said that the ban would be lifted on 4:24 PM the same day. So it's only a 6 hour ban. Legate, I do believe that the urgency on stopping this jerk is just a tad bit higher now.. Edit: What's even more worrying is that by comparing emails, each attempt is right after the last temporary ban expires, Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.