Intrusion Attempts in Member Logins

Discussion in 'Announcements' started by 72GTVA, Feb 1, 2010.

  1. 72GTVA

    72GTVA Administrator Staff Member

    Messages:
    9,839
    Location:
    Chesapeake, VA
    Folks, we've received a couple of advisories through our site software that a couple of member's logins were disabled due to repeated failed attempts to login as the member. We've had this come up a few times and usually has proven to be a member just forgot which password they used. If that happens to you either Bill or I can initiate a password reset for you, just let us know.

    But a few have been malicious attempts such as a hacker trying to get into the site and a couple of these have come up very recently. If this has happened you will receive an information email from the site telling you that you have been locked out and the IP address that originated the unsuccessful login attempts. If you have experienced this, please copy and forward that email to me to permit me to compare it with the site records and take actions to correct the issue.

    Please ensure you have a secure password by following the steps below:

    To create a secure password that is easy for you to remember, follow these simple steps:

    Do not use personal information. You should never use personal information as a part of your password. It is very easy for someone to guess things like your last name, pet's name, child's birth date and other similar details.

    Do not use real words. There are tools available to help attackers guess your password. With today's computing power, it doesn't take long to try every word in the dictionary and find your password, so it is best if you do not use real words for your password.

    Mix different character types. You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters, numbers and even special characters such as '&' or '%'.

    Use a passphrase. Rather than trying to remember a password created using various character types which is also not a word from the dictionary, you can use a passphrase. Think up a sentence or a line from a song or poem that you like and create a password using the first letter from each word. For example, rather than just having a password like 'yr$1Hes', you could take a sentence such as "I like to read the About.com Internet / Network Security web site" and convert it to a password like 'il2rtA!nsws". By substituting the number '2' for the word 'to' and using an exclamation point in place of the 'i' for 'Internet', you can use a variety of character types and create a secure password that is hard to crack, but much easier for you to remember.

    So far we haven't had any information that someone's account has been successfully maliciously hacked - we would like to keep it that way.
     
    Last edited by a moderator: Feb 1, 2010
  2. As Is '66

    As Is '66 2 Wheeled Mod Staff Member

    Messages:
    5,754
    Location:
    Southwest Georgia
    Thank You!!!

    We really appreciate your hard work here on THE BEST RANCHERO SITE EVER!!!
     
  3. steeread

    steeread Guest

    vBulletin has been in the news lately, as an easy to set up, but easy to hack forum hosting software. Raptor et.al. has purportedly disabled AlQueida sites based on this.

    Please watch and alert us if you think any member info is compromised.
     
  4. TestDummy

    TestDummy In Maximum Overdrive SILVER MEMBER

    Messages:
    23,261
    Location:
    C'Ville
    If someone hacked this place, they'd feel robbed and cheated. It may turn them off to hacking altogether.
     
  5. ForistellFord

    ForistellFord In Maximum Overdrive GOLD MEMBER

    Messages:
    14,885
    Location:
    Beautiful Foristell Missouri
    I can see it... The guy issues the final keystroke in the sequence, and the lock pops off the place. He thrusts his arms into the air, gloating over his accomplishment. He then cracks into the control panel, hit's the user DB, checks the server stats- his jubilation quickly wanes as he realizes he just wasted 2 weeks of his time, and spent $45 on a slick new cracking program from some onion thug in a dark chat room, and pretty much stole the equalivent of an ATM that has $7 and a dead mouse in it. Disgustedly, he mutters "I knew I shoulda hit the El Camino board" as he deletes the whole forum and kicks his dog.
     
  6. ribald1

    ribald1 Banned PLATINUM MEMBER

    Messages:
    19,727
    Location:
    California
    You just described the average Lulz sec member.
     
  7. TestDummy

    TestDummy In Maximum Overdrive SILVER MEMBER

    Messages:
    23,261
    Location:
    C'Ville
    Anyway..........:rolleyes:
     
  8. steeread

    steeread Guest

    Maybe so...but...If users here use the same password, or a password from another vBulletin hosted site, as the same one they use for on-line banking, or their 401K, or shopping, payment etc, sites, they might consider amending their ways.

    It does not matter how you get access to PII, it is how you use it. Names, addresses (even just city and state) and passwords are all it takes to open a lot of doors.

    If any use social sites and provide your birthday, I highly discourage this. I don't even list my college graduation date on my LinkedIn profile. Note that on this forum I do not provide in user CP my full last name, or my birth date, or links to other social sites.

    Think like a criminal to protect yourself from criminals.
     
    Last edited by a moderator: Apr 11, 2012
  9. Rancherous

    Rancherous Administrator Staff Member

    Messages:
    8,701
    Location:
    Buffalo, NY
    That is why I have not upgraded to the New Board as of yet. Wherever vBulletin releases a new format they have many problems. Just so everyone knows every membership is MANUALLY APPROVED BY ME. I do a double check on every member trying to register on the forum. Its time consuming on my part but I have found it works.
     
  10. steeread

    steeread Guest

    http://www.dcwg.org/detect/

    Hey all,

    Go to the above to see if you have been affected by the DNS redirection bug from which the FBI has been shielding you. This has been in the news lately, and MIGHT affect you if your computer has been infected. You need to fix this IF you are affected before the FBI takes their interim server down.
     

Share This Page