Note To All Members: Password Security
Moderators: General Forum Moderators, Global Moderators
-
- Site Admin
- Posts: 4291
- Joined: Thu Sep 02, 2004 10:13 pm
- Location: The Unholy Realm
As some of you may have noticed, we appear to have been suffering forum issues throughout today. Many users I have spoken to have been confronted by a "you have exceeded the maximum number of login attempts" message upon trying to login, despite they not having attempted multiple times.
After investigating, I suspect that what's happened is that we've been the recipient of an attempted brute force attack by a bot - trying to get into those accounts that it can find via whatever means by way of guessing passwords. We currently have the maximum number of login attempts set to 3 for the board before CAPTCHA display is triggered, however CAPTCHA on login was seemingly broken up until a few minutes ago when I fixed it. As a result, some of you may have been unable to login today - my apologies about that.
As a result of the assumed attack, I've setup the board so that an entry is written into a log when the "you have exceeded the maximum number of login attempts" triggers for users. This will allow me to keep an eye on the IP addresses and accounts triggering the message and hopefully, should another attack occur, allow me to identify and IP ban any bots attempting the same thing in future.
That said though, I urge everyone to ensure that they are using a secure password for their account - something that a brute force attacker will not be able to easily figure out. This is especially true if you're one of the ones affected by this issue today - it would not do to give any attacker an easy ride should they return and try to access the same accounts again!
After investigating, I suspect that what's happened is that we've been the recipient of an attempted brute force attack by a bot - trying to get into those accounts that it can find via whatever means by way of guessing passwords. We currently have the maximum number of login attempts set to 3 for the board before CAPTCHA display is triggered, however CAPTCHA on login was seemingly broken up until a few minutes ago when I fixed it. As a result, some of you may have been unable to login today - my apologies about that.
As a result of the assumed attack, I've setup the board so that an entry is written into a log when the "you have exceeded the maximum number of login attempts" triggers for users. This will allow me to keep an eye on the IP addresses and accounts triggering the message and hopefully, should another attack occur, allow me to identify and IP ban any bots attempting the same thing in future.
That said though, I urge everyone to ensure that they are using a secure password for their account - something that a brute force attacker will not be able to easily figure out. This is especially true if you're one of the ones affected by this issue today - it would not do to give any attacker an easy ride should they return and try to access the same accounts again!
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch
Forever an eXile and proud of it!
Forever an eXile and proud of it!
-
- Posts: 3411
- Joined: Wed Sep 01, 2004 12:46 am
- Location: SSX
Tapatalk no longer works with the current config.
No signature
-
- Posts: 3411
- Joined: Wed Sep 01, 2004 12:46 am
- Location: SSX
Never mind. Figured it out.
No signature
-
- Posts: 6114
- Joined: Wed Sep 01, 2004 5:57 pm
- Location: UK
How long should the maximum login attempts message appear btw Anny? What I mean is, if I (and others) received the same message again today after we'd received it yesterday but then logged in okay once the captcha was displaying, does that mean a bot has tried to gain entry again since? Or is it just that the message will stay around a while?
If that makes any sense lol.
If that makes any sense lol.
"My name is Ozymandias, King of Kings:
Look on my works, ye mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.
Look on my works, ye mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.
-
- Site Admin
- Posts: 4291
- Joined: Thu Sep 02, 2004 10:13 pm
- Location: The Unholy Realm
Yes, that's what it means. I tested myself earlier whilst at work too and had the issue again. If you login, confirming yourself with the CAPTCHA, it should clear any 'rogue' attempts (meaning that if yuo log back out straight away, and try to log in again, you won't get the CAPTCHA), and did so for me upon testing - so it basically means that the bot has been back since, yes.SSX-MS wrote:if I (and others) received the same message again today after we'd received it yesterday but then logged in okay once the captcha was displaying, does that mean a bot has tried to gain entry again since?
I've already identified a couple of IPs I'm keeping an eye on, as they are coming up as recieving the CAPTCHA login for multiple accounts. If the pattern continues over the weekend, I'll probably take action on Monday. Hopefully that will solve it.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch
Forever an eXile and proud of it!
Forever an eXile and proud of it!
-
- Posts: 721
- Joined: Tue Dec 02, 2008 6:16 pm
Do the IPs you're seeing problems from originate from a specific region/country?
Walk on with hope in your heart
And you'll never walk alone
[16:22] <SoulSeeker> i know its not the pc version but i kill kids for fun
<whizbang> Who's the ref?
<Isileth> Some dickhead
And you'll never walk alone
[16:22] <SoulSeeker> i know its not the pc version but i kill kids for fun
<whizbang> Who's the ref?
<Isileth> Some dickhead
-
- Site Admin
- Posts: 4291
- Joined: Thu Sep 02, 2004 10:13 pm
- Location: The Unholy Realm
Germany, somewhat surprisingly.Mechanus wrote:Do the IPs you're seeing problems from originate from a specific region/country?
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch
Forever an eXile and proud of it!
Forever an eXile and proud of it!
-
- Posts: 721
- Joined: Tue Dec 02, 2008 6:16 pm
Walk on with hope in your heart
And you'll never walk alone
[16:22] <SoulSeeker> i know its not the pc version but i kill kids for fun
<whizbang> Who's the ref?
<Isileth> Some dickhead
And you'll never walk alone
[16:22] <SoulSeeker> i know its not the pc version but i kill kids for fun
<whizbang> Who's the ref?
<Isileth> Some dickhead
-
- Posts: 6114
- Joined: Wed Sep 01, 2004 5:57 pm
- Location: UK
Good goodAnubis wrote:I've already identified a couple of IPs I'm keeping an eye on, as they are coming up as recieving the CAPTCHA login for multiple accounts. If the pattern continues over the weekend, I'll probably take action on Monday. Hopefully that will solve it.
Don't think blocking the whole of Germany is very viable tbh MechMechanus wrote:http://www.blockacountry.com/
"My name is Ozymandias, King of Kings:
Look on my works, ye mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.
Look on my works, ye mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.
-
- Posts: 721
- Joined: Tue Dec 02, 2008 6:16 pm
You do have the ability to create exception IPs in the list.SSX-MS wrote: Don't think blocking the whole of Germany is very viable tbh Mech
Walk on with hope in your heart
And you'll never walk alone
[16:22] <SoulSeeker> i know its not the pc version but i kill kids for fun
<whizbang> Who's the ref?
<Isileth> Some dickhead
And you'll never walk alone
[16:22] <SoulSeeker> i know its not the pc version but i kill kids for fun
<whizbang> Who's the ref?
<Isileth> Some dickhead
-
- Site Admin
- Posts: 4291
- Joined: Thu Sep 02, 2004 10:13 pm
- Location: The Unholy Realm
Thanks for the link, but we definately won't be going down that route. We have German members, and I would not want to deny anyone access to the site based solely upon where they live. Even if we made use of the exception list, it would effectively deter any new members we may garner from Germany - since they'd have to give us their IP before they could access the forum.Mechanus wrote:http://www.blockacountry.com/
I'll try and control it through individual IP bans more than likely based upon data I gather in the log. If that does not work and I can't find any other feasible solution, it's simply the case that we'll have to live with the CAPTCHA showing up on login - after all, that's not ideal but it's not an overly huge price to pay!
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch
Forever an eXile and proud of it!
Forever an eXile and proud of it!
-
- Posts: 6114
- Joined: Wed Sep 01, 2004 5:57 pm
- Location: UK
San Francisco too by the looks of it, though mainly Germany.
"My name is Ozymandias, King of Kings:
Look on my works, ye mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.
Look on my works, ye mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.
-
- Posts: 6114
- Joined: Wed Sep 01, 2004 5:57 pm
- Location: UK
Just to note that it's happening again.
"My name is Ozymandias, King of Kings:
Look on my works, ye mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.
Look on my works, ye mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.
-
- Posts: 1525
- Joined: Thu Sep 02, 2004 8:56 pm
- Location: USA
Just happened to me as well, so they're at it again today. Has the script you installed been of any use in confirming the source of these attacks?
"We are the facilitators of our own creative evolution."
-
- Site Admin
- Posts: 4291
- Joined: Thu Sep 02, 2004 10:13 pm
- Location: The Unholy Realm
I missed this whilst I was in the process of rebuilding my machine. When I have finished reconstructing it from the software side of things this weekend I will take a look back through the logs and update regarding whether I can identify a pattern and/or have taken action against an IP.
Sorry about the delay.
Sorry about the delay.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch
Forever an eXile and proud of it!
Forever an eXile and proud of it!
-
- Posts: 1164
- Joined: Wed Sep 01, 2004 9:55 pm
- Location: Here.
I just got that 'exceeded login attempts' message just a few minutes ago despite not logging in for like, four months or so. Hope this info helps. End of line.
01000101011100110110001101101000011001010111011100100000011011110110001001
10011001110101011100110110001101100001011101000110100101101111011011100010
1110
10011001110101011100110110001101100001011101000110100101101111011011100010
1110
-
- Site Admin
- Posts: 4291
- Joined: Thu Sep 02, 2004 10:13 pm
- Location: The Unholy Realm
That's more than likely an old trigger, saved up from one of the incidents a few months ago. I'll go through the logs though and take a look just incase, thanks for pointing it out FenFenavian wrote:I just got that 'exceeded login attempts' message just a few minutes ago despite not logging in for like, four months or so. Hope this info helps. End of line.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch
Forever an eXile and proud of it!
Forever an eXile and proud of it!
-
- Posts: 1164
- Joined: Wed Sep 01, 2004 9:55 pm
- Location: Here.
Logged out and in again. No problems this time.
01000101011100110110001101101000011001010111011100100000011011110110001001
10011001110101011100110110001101100001011101000110100101101111011011100010
1110
10011001110101011100110110001101100001011101000110100101101111011011100010
1110