Password attack on the board

[Actyon]

I don't know if it's the right place to write this. I searched in the FAQs and the board and there is no specific place where we can report problems with the site.

Anyway I want to report that I received the following notification e-mail:

Quote:

Dear Actyon,

Someone has tried to log into your account on English Amiga Board with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: xxxxxxxxxxx

All the best,
English Amiga Board

I havent visited the board for quite some time, and it certainly was not me who tried to log in yesterday.

If the administrators need the IP I will give it to them

[alenppc]

I had the same, it was a Russian IP.

[DH]

Yes, we are aware of the problem of these attacks, however, once they have tried 5 failed times to access your account the IP is automatically blocked from logging in again.

RCK is in process of changing some board options to hopefully prevent this from happening

We are working to prevent this, but if anyone else has had the same issue, please post here

Oh, also giving the IP address of the attacker can also be helpful too, if you prefer to to keep private then PM one of the GM's instead

EDIT: Also moved to the appropriate forum

Also, my advice to anyone who is unsure of how secure their password is, should change it immediately making it a minimum of 8 characters containing a mixture of usable characters, some capitalised, and at least 1 number.

[Amiga1992]

Me too, russian IP.

[DH]

So, it appears they are attempting to Hack in alphabetical order of sorts, as your usernames all start with the letter 'A'

Oh! And thanks Akira, it was your contact that made us aware of what was going on

[Adrian Browne]

yup russian ip, st petersburg. I changed my password.

I have got this email 2 times in the last 2 days.

Do I need to be nervous

The person is trying to login from the same IP address.


/8bit
----------------START---------------
19 September 2013 05:10

Dear 8bit,

Someone has tried to log into your account on English Amiga Board with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 188.143.234.6

-----------------END----------------

[jmmijo]

Quote:

Originally Posted by 8bit

I have got this email 2 times in the last 2 days.

Do I need to be nervous

The person is trying to login from the same IP address.


/8bit
----------------START---------------
19 September 2013 05:10

Dear 8bit,

Someone has tried to log into your account on English Amiga Board with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 188.143.234.6

-----------------END----------------

Apparently there has been some attempts from a Russian IP block that has been causing this to occur, I read this in another thread somebody posted.

[lilalurl]

There:
http://eab.abime.net/project-eab/708...ack-board.html

[Allen1]

Same here, here is the address that my attacker used. If this is not within the site rules please delete the link and good luck with keeping individuals like this one who is playing games away

[zipper]

% Abuse contact for '188.143.232.0 - 188.143.232.255' is 'abuse@pinspb.ru'

[FOL]

Quote:

Originally Posted by zipper

% Abuse contact for '188.143.232.0 - 188.143.232.255' is 'abuse@pinspb.ru'

Its just there for show. The report emails do nothing.
I get people from all over the world trying to hack my home server. Used abuse emails, but they do nothing. Thankfully, I haven't been hacked once in 5 years.

I do get regular emails from apple, saying I have requested a new password.
Apple didn't care, I was told to stop requesting new passwords. They seemed quite stupid.

[DH]

Threads have been merged from OT-General and have been placed above newer posts.

Post additions in the thread are from 8bit post #7, jmmijo post #8 & lilalurl post #9, if you would like to view them.

[adrianh78]

I am getting the same

Same IP address on both the attacks my account has received:-

188.143.234.14

[adrianh78]

Not to worry - sorted my password now

[DH]

RCK has blacklisted some of the IP ranges, so hopefully now, we won't be getting this insane password hacking attempts from .ru

But please, if you are still being bothered by any new attempts/attacks, with different IP's from .ru, please post them here.

EDIT: Although we can't blacklist every single range, it's really impossible, I have double checked for IP's covering the ranges that have been or will be blacklisted, and they don't effect anybody within EAB. Also, these IP's are reported as having no host, which in all honesty, I doubt any regular users from St. Petersburg will be effected.

[FOL]

Quote:

Originally Posted by DH

RCK has blacklisted some of the IP ranges, so hopefully now, we won't be getting this insane password hacking attempts from .ru

But please, if you are still being bothered by any new attempts/attacks, with different IP's from .ru, please post them here.

EDIT: Although we can't blacklist every single range, it's really impossible, I have double checked for IP's covering the ranges that have been or will be blacklisted, and they don't effect anybody within EAB. Also, these IP's are reported as having no host, which in all honesty, I doubt any regular users from St. Petersburg will be effected.

The only problem with black listing, is if there is a proper user on a ip sharing isp. Then they get blocked too, .

[Marcuz]

As a curiosity, what's the purpose of such attacks? I mean, if after 5 attempts the user is notified and the IP blocked to further retry for an amount of time, the method seems unpractical.
So what happens? The hacker pass to the next name on the list using a list of passwords o the same five password ever and ever until one fits? The probabilities look very few that he would ever get a positive...
And if he does, what, he has simply access to the EAB account of a member?

[prowler]

Quote:

Originally Posted by Marcuz

And if he does, what, he has simply access to the EAB account of a member?

And with that comes access to the user's Control Panel, and thus email address, which they can try to hack into next with knowledge of their EAB password (possibly matching their email account password if the user is careless).

Emails can give clues about name and address, bank and credit card account details, other passwords, etc...

[FOL]

Its also very hard to stop it, as they could use proxy's.
Had this happen a few times on my site after blocking their ip's.