Any updates to our site, contest information or noteworthy announcements will be posted here.
by Barb O » Thu Jan 20, 2011 6:34 pm
Barb O wrote:Posting from droid x - no login problems now [ Post made via Mobile Device ]
Ron, FYI - looking at the screen on my phone is shows on the bottom STG-Mobile Style phpBB-Mobile When I was previously getting an error because the captcha could not display on my phone, you were asking what style was being used but I did not know. I think this is the information you wanted. Now this would seem by name to be a general mobile style whereas I had expected that it might be something specific to Android instead. What did you expect ?
-
Barb O
- Super Contributor
-
- Posts: 972
- Joined: Fri Feb 16, 2007 12:42 am
by Helen » Thu Jan 20, 2011 6:40 pm
I had this happen as well. I assumed it was my keyboard as I sometimes have some sticky keys. It took me quite a few attempts to log in. Changing my password now
-
Helen
- Premiere Member
-
- Posts: 632
- Joined: Tue Feb 20, 2007 8:14 pm
- Location: Brisbane, Australia
by Bob » Fri Jan 21, 2011 6:18 am
I don't think they are looking for admin credentials although that would be a bonus.
If they can find a password for any id, they can log in as that member and use a screen scraper and an automated script to send email through the board to the other members. Since the email would be clearly coming from Muvipix with a valid Muvipix member id, they may be hoping to take advantage of our member's trust and entice them to visit a malicious site or download an infected file. Or, they may attempt to post image files that will download malware when viewed on systems that haven't been patched against that exposure. Of course, they could just be juveniles out for mischief, but I wouldn't bet on it.
-
Bob
- Moderator
-
- Posts: 5925
- Joined: Wed Feb 21, 2007 4:49 am
- Location: Southern California, USA
by hpharley90 » Fri Jan 21, 2011 5:58 pm
I just had to log in. No problem. My user name was there and the dots for my password. I checked the box remember. Clicked submit. Window changed and said I exceeded my login attempts and I had to use CAPTCHA. I did and now I'm posting what happened. Anything to be worried about?
Thanks Richard
Dell XPS 8940-10th Gen i7-10700 processor (8-core,16M Cache. 2.9GHz) 48GB 3200MHz RAM Windows 10
-
hpharley90
- Premiere Member
-
- Posts: 1005
- Joined: Tue Feb 20, 2007 11:11 am
- Location: Connecticut
by Chuck Engels » Fri Jan 21, 2011 8:46 pm
I don't think there is anything to worry about Richard. There really isn't anything they can get here. Considering we offer subscriptions they may think we have some personal info or even credit card data, but we don't
1. Thinkpad W530 Laptop, Core i7-3820QM Processor 8M Cache 3.70 GHz, 16 GB DDR3, NVIDIA Quadro K1000M 2GB Memory. 2. Cybertron PC - Liquid Cooled AMD FX6300, 6 cores, 3.50ghz - 32GB DDR3 - MSI GeForce GTX 960 Gaming 4G, 4GB Video Ram, 1024 Cuda Cores.
-
Chuck Engels
- Super Moderator
-
- Posts: 18155
- Joined: Sun Feb 11, 2007 10:58 pm
- Location: Atlanta, GA
-
by momoffduty » Mon Jan 24, 2011 10:34 am
Changed mine today. How do you change your email address?
aka Cheryl Intel i7 3770, Windows 7 Pro w/SP1, 64 bit, Intel 520 Series SSD, 32G RAM, 2 – 2T RAID, (1T external), GTX 550 Ti graphics
-
momoffduty
- Moderator
-
- Posts: 7604
- Joined: Thu Feb 22, 2007 10:43 am
- Location: near St. Louis
by Helen » Fri Jan 28, 2011 8:25 pm
I just had this happen again to me when I tried to login. After a couple of attempts it said I exceeded my login attempts and I had to use CAPTCHA again. Changing my password again just in case.
-
Helen
- Premiere Member
-
- Posts: 632
- Joined: Tue Feb 20, 2007 8:14 pm
- Location: Brisbane, Australia
by ridon127 » Fri Jan 28, 2011 10:08 pm
this happened the other day when i tried to login. i canged my password.. seems fine now..
Go out and make it a great day. The choice is yours! Donna
-
ridon127
- Premiere Member
-
- Posts: 1318
- Joined: Fri Mar 30, 2007 11:28 pm
- Location: Deer Park, Tx
by Jayell » Wed Feb 02, 2011 8:25 pm
If we're still tracking this .. I just had this happen for the first time, but typed in the requested letters and got in fine.
HP Envy Desktop 795-0040xt / Win 10 Home/ Intel Core i7-8700 / 32GB memory / NVidia GeForce GTS 1060 3G
-
Jayell
- Premiere Member
-
- Posts: 1896
- Joined: Wed Feb 21, 2007 11:05 am
- Location: near Tucson, Arizona
by Ron » Sun Mar 13, 2011 2:17 pm
I believe I have a countermeasure in place that solves this problem. I've had it in place since late last week and so far, no further login "attempts" have occurred (they're [most likey a script] being immediately redirected elsewhere when attempting). So, if you had to verify your credentials since I've put this fix out there, you shouldn't have this verification message again. If you're logging in to our forum for the first time in a while, then you probably had the message, and it shouldn't happen again. phpBB will be upgrading the software soon that has a stricter login process (should be transparent to all). But until then, I think my temporary fix will prevail Sorry for the inconvenience!
Regards, -Ron
Dell, Win10 Pro, Intel Core i7-6700 CPU @3.4GhHz, 8GB ram. 64-bit
-
Ron
- Site Admin
-
- Posts: 3219
- Joined: Sat Oct 21, 2006 8:57 am
- Location: Maine, USA
-
by Paul LS » Sun Mar 13, 2011 2:44 pm
Good job Ron.
-
Paul LS
- Super Contributor
-
- Posts: 3064
- Joined: Sat Feb 10, 2007 11:21 am
- Location: Southampton, UK
by John 'twosheds' McDonald » Sun Mar 13, 2011 4:32 pm
Ron wrote:It's confirmed then. Here's a portion of the announcement from the forum software board: Within the last week, it has come to our attention that phpBB.com was unsuccessfully attacked by a malicious party attempting to brute-force account login credentials. This attack was facilitated by a query for "powered by phpbb" on a search engine. Though this attack was not successful as phpBB includes several features to ensure it is not vulnerable to such attacks, users should take measures to ensure that their forums are properly protected.
Attack anatomy To perform the attack, the attacker registers an account on the forum and tests that the memberlist is available for them to obtain lists of users. The attacker then uses an automated process to login and download thousands of user names from the memberlist, the attacker here grabbed a little over 5000 user names. After collecting this data the attacker attempts to brute-force account credentials by repeatedly sending login requests to the forum. As the attack does not attempt to solve the invalid login attempts CAPTCHA, it is limited to the amount of attempts specified in the "Maximum number of login attempts" configuration option.
The first step I'll take is to block the memberlist from newly registered users. This should significantly reduce future attempts. I'm also going to limit the amount of unsuccessful login attempts to 2 vice 5. Please also make sure that your passwords are "strong" in nature. I truly can't fathom what the attacker(s) think(s) they're gaining by logging in as an existing user - could be looking for admin privileges is all I can think of - kind of strange, though. If you think about it, it's obviously pure maliciousness I guess. Sorry for the inconvenience everyone! We'll try to stay on top of it.
Don't know if this is connected but recently my e-mail address has been bombarded with all sorts of spam including ones promoting 'personal/private use' medicines, imitation Rolex watches, invitations to join 'dubious' websites, 'why not be my penpal?', and (of course) no list of spam would be complete without being invited to supply my bank details to help with a money transfer/receive my lottery winnings
AMD Ryzen 3900x 12C/24T, ASUS x570 mobo, Arctic Liquid Freezer ll 280, Win11 64 bit, 64GB RAM, Radeon RX 570 graphics, Samsung 500GB NVMe 980 PRO (C:), Samsung 970 Evo SSD (D:), Dell U2717D Monitor, Synology DS412+ 8TB NAS, Adobe CS6.
-
John 'twosheds' McDonald
- Moderator
-
- Posts: 4237
- Joined: Mon Feb 19, 2007 11:57 am
- Location: Cheshire, UK
by momoffduty » Sun Mar 13, 2011 6:13 pm
John 'twosheds' McDonald wrote:Don't know if this is connected but recently my e-mail address has been bombarded with all sorts of spam including ones promoting 'personal/private use' medicines, imitation Rolex watches, invitations to join 'dubious' websites, 'why not be my penpal?', and (of course) no list of spam would be complete without being invited to supply my bank details to help with a money transfer/receive my lottery winnings
It is due to data mining and not the log in issue: http://www.time.com/time/video/player/0 ... 96,00.html
aka Cheryl Intel i7 3770, Windows 7 Pro w/SP1, 64 bit, Intel 520 Series SSD, 32G RAM, 2 – 2T RAID, (1T external), GTX 550 Ti graphics
-
momoffduty
- Moderator
-
- Posts: 7604
- Joined: Thu Feb 22, 2007 10:43 am
- Location: near St. Louis
by John 'twosheds' McDonald » Mon Mar 14, 2011 2:15 am
momoffduty wrote:It is due to data mining and not the log in issue
Could be, Cheryl, but a lot (in fact almost all) of the junk I am receiving bears absolutely no relation to any sites that I have ever visited. If I think a site that I am buying from is 'iffy' then I use my Hotmail e-mail address (not too bothered about that one being filled with junk).
AMD Ryzen 3900x 12C/24T, ASUS x570 mobo, Arctic Liquid Freezer ll 280, Win11 64 bit, 64GB RAM, Radeon RX 570 graphics, Samsung 500GB NVMe 980 PRO (C:), Samsung 970 Evo SSD (D:), Dell U2717D Monitor, Synology DS412+ 8TB NAS, Adobe CS6.
-
John 'twosheds' McDonald
- Moderator
-
- Posts: 4237
- Joined: Mon Feb 19, 2007 11:57 am
- Location: Cheshire, UK
Return to Announcements
Similar topics
Who is online
Users browsing this forum: No registered users and 3 guests
|