Announcement

Collapse
No announcement yet.

WARNING: Accounts locked - Make sure you have strong passwords

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    WARNING: Accounts locked - Make sure you have strong passwords

    Some users might have seen E-mail about forum accounts being locked out for 15min.

    The exact message looks like this,
    Code:
     
Your account on PassMark Support Forums has been locked because someone has
tried to log into the account with the wrong password more than 5 times. You
will be able to attempt to log in again in another 15 minutes.
The person trying to log into your account had the following IP address:
74.53.243.34
    We have detected someone doing an automated attack on these forums. Most likely spammers. This is nothing new in itself, as we get dozens of people every day attempting to post spam. And we block 99% of it. But this is something new.

    Someone is attempting to grab the user names from previous posts and then guess the passwords for these forum accounts.

    No doubt once an account is breached they will start using your account to post spam and we'll be forced to block or delete the account.

    So, make sure you are using a strong password. At least 6 characters, preferable a mix of upper case, lower case & numbers.

    Our forum software locks out users for 15min after 5 bad attempts so the spammers can't try too many password combinations. So if you have a strong password you should be fine and there is nothing to worry about.

    If you do want to change your password, you can do so from the "User Control Panel (CP)" link,

    We have also taken steps to block the IP address of the spammer but the spammers have many IP addresses at their disposal.
    Tags: None
  • #2
    Thank you for the warning.
    ASUS M4A79 Deluxe (BIOS 3603) AMD Phenom II X4 940 OCZ PC8500 Platinum 4GB Sapphire HD4870 1GB 256-bit GDDR5 HT Omega Claro Windows 7 x64 ADSL 6Mbps APC Back UPS 900VA

    Comment

    • #3
      There was a number of forums hit as well from the same IP address. So we are guessing there is some new automated software tool available to the spammers.

      Comment

      • #4
        The spammers are up to their old tricks again, this time from a new IP address, 72.233.34.186. Still out of Texas however.

        We'll block the address, but they'll probalby be back tomorrow and the day after, unless they realise there is nothing to be gained.

        Comment

        • #5
          There was another minor wave of password guessing last night. This time from the IP address, 70.136.24.75 &
          76.226.201.84          . (which are ADSL accounts with SBCGLOBAL.NET). It is probalby the same sad guy as last time with a new IP address, as it is from the same part of the USA.

          Comment

          • #6
            Further analysis shows that the attack is more wide spread that initially thought.

            We went from having about a dozen forum login attempts per day (before the attack) to having about 400 per day (during the current attack). So about 97% of all login attempts are hacker attempts.

            The attack source is VERY wide spread. Over two days there were failed attempts to login from 149 unique IP addresses from all around the world. So this is surely a automated attack from a zombie bot network. Plus there are lots of other forums seeing the same pattern.

            The bots have be farming the member list for user names, then trying to guess passwords.

            So we have disabled the member list in the forum and blocked all these IP addresses now.

            Comment

            Previous template Next
            Working...
            X