BlahBlahCafe
The Zoolook Forum

The Lounge - Blocked accounts issue

GeeJee - Fri Jan 21, 2011 1:58 pm
Post subject: Blocked accounts issue
Dear all,

Quite a lot of members have been receiving an email in the past week stating their account got blocked as a result of multiple failed login attempts. The email also states that when this is not caused by yourself, you should contact the board admin.

We're currently looking into this matter and will keep you informed here. If it makes you feel more safe, you could change your password. On the other hand, the bots are failing to log in all the time. If you wish to change your password, be sure to pick a combination of digits and characters and not a simple word, initials or anything like that.

I have a few people looking into it right now, and that's all I can say for the moment.

Please do not email and/or PM me unless you have a specific/personal question...

Sorry for any inconvenience caused.

Dr_Jones - Sat Jan 22, 2011 3:50 pm

Finally, I got an email too! My account was blocked for a while! I feel like I was left out.
Jarreologie6 - Sat Jan 22, 2011 3:55 pm

I've got one yesterday and one today, i have now changed my password to a more safe one when i finaly could login again
Adam - Sat Jan 22, 2011 4:00 pm

I have had 4 so far,has been every day,but I will give them a medal if they ever guess my password !
Dominc - Sat Jan 22, 2011 7:30 pm

Ok now I'm getting these emails too
Dr_Jones - Sun Jan 23, 2011 12:07 am

any news on the issue?
Kanta - Sun Jan 23, 2011 1:16 pm

I have only changed my password once. Once should be enough.
GeeJee - Sun Jan 23, 2011 2:57 pm

Dr_Jones wrote:
any news on the issue?


Last thing I know, two people are investigating it.

Dominc - Mon Jan 24, 2011 1:19 am

Kanta wrote:
I have only changed my password once. Once should be enough.


Kanta, changing your password does nothing because I changed mine on Saturday and got another email today.

Adam - Mon Jan 24, 2011 8:39 am

As long as you change it to something secure & something only you would know you should be safe.
The account is being blocked because these bots or whatever were not able to guess your password & tried to login unsuccessfully.

Kanta - Tue Jan 25, 2011 10:02 pm

I hope the changing of the password will help. :)
ZZERO - Wed Jan 26, 2011 6:49 pm

4 e-mails received in the last three days, at the same hour of the day.

Hackers strike?

Dv_ - Fri Jan 28, 2011 1:49 pm

Email received this morning too... :?
mathetes1963 - Fri Jan 28, 2011 5:28 pm

Ditto me.
Master10 - Sat Jan 29, 2011 6:54 pm

Same here. 4 e-mails since thursday. i have changed my password, but that does not help. :(
littlesister - Sat Jan 29, 2011 8:52 pm

I recieved a blocked account e-mail too yesterday .... :( (timed 9.10am)

There is definately something strange going on, as although I visit the cafe almost daily, I hardly ever sign in ..... :?

Adam - Sun Jan 30, 2011 1:26 am

It does seem like some sort of bot attack.
But for the moment it looks like the spammers haven't succeeded in guessing anyone's password,but as a forum admin myself I said to our members just to click on view my posts each time they log in just to be sure,9 times out of 10 these spammers will be posting links to porn.
These spammers are everywhere at the moment,I've had my forum attacked & you might have seen my post on Facebook about spammers posting rogue apps which are getting out of hand,plus another couple of forums I frequent have been attacked.
Hopefully they'll get bored with not being able to get into anyone's account & give up.

Master10 - Sun Jan 30, 2011 9:21 am

And again, mail number 5: at Sun, Jan 30 2011, 05:22AM.
Kanta - Sun Jan 30, 2011 1:34 pm

The spammer/s are persisted. :P
littlesister - Sun Jan 30, 2011 8:39 pm

:( ... another blocked account e-mail today (4.17 am) .... important details changed again too
Kanta - Sun Jan 30, 2011 9:09 pm

I am not worried. Hopefully, they/he/she will go away soon.
Dr_Jones - Mon Jan 31, 2011 2:56 am

Kanta wrote:
I am not worried. Hopefully, they/he/she will go away soon.


Most probably it's a bot, so I doubt it will go away, unless the IP is blocked or something.

GeeJee - Mon Jan 31, 2011 3:01 am

...no update so far...
Andy - Mon Jan 31, 2011 7:41 am

Hi there!

At the moment there are lots of so-called "brute force attacks" on phpBB-based forums worldwide! This is not the only forum... :evil:

One possible protection is the implementation of a captcha-code for the login process.

Maybe you could implement such a safety function?

Thanks!

Regards, Andy

shadow - Mon Jan 31, 2011 7:23 pm

I don't think a captha-code would be needed untill the first actual hack, I guess were safe atm :)

But then again, that's just my POV :mrgreen:

Nico_Noyau - Thu Feb 03, 2011 11:54 am

The only way to get it stopped is to get the bot's IP address.

This attack is made by a bot, scanning some forums randomly by following links found in signatures for example.
A captcha would be a pain in the ass to the users as they would have to fill it each time they connect.

Otherwise, we could add a code checking the navigator's headers (IE, Firefox, Chrome, Opera...), but then again, the bots might send false headers as well...

So, first, I need to find the guy's IP in the server's log ;)

Dr_Jones - Thu Feb 03, 2011 1:38 pm

Nico_Noyau wrote:
The only way to get it stopped is to get the bot's IP address.

This attack is made by a bot, scanning some forums randomly by following links found in signatures for example.
A captcha would be a pain in the ass to the users as they would have to fill it each time they connect.

Otherwise, we could add a code checking the navigator's headers (IE, Firefox, Chrome, Opera...), but then again, the bots might send false headers as well...

So, first, I need to find the guy's IP in the server's log ;)


We could set up some bait... make a false user with a common password and see if the bot logs on.

GeeJee - Thu Feb 03, 2011 2:02 pm

That doesn't seem like a good idea to me :P

Nico will be working on the problem soon.

jp8000 - Thu Feb 03, 2011 5:25 pm

Just got an email telling that my acct. is blocked, but like you can see, I'm still logged in
mathetes1963 - Fri Feb 04, 2011 12:05 am

jp8000 wrote:
Just got an email telling that my acct. is blocked, but like you can see, I'm still logged in


And just how do we know it's really YOU?
For that matter...
How do I know that I am ME and not somebody else? :game:

jp8000 - Fri Feb 04, 2011 6:56 am

mathetes1963 wrote:
jp8000 wrote:
Just got an email telling that my acct. is blocked, but like you can see, I'm still logged in


And just how do we know it's really YOU?
For that matter...
How do I know that I am ME and not somebody else? :game:


Good point. But mainly this was meant to the admins of the forum, because I think that they can see the IP-addres of the user.

GeeJee - Fri Feb 04, 2011 11:06 am

Nico has made an attempt to solve the problem. Let's see if it occurs again. If it does, please report in this thread!!
shadow - Fri Feb 04, 2011 9:16 pm

Well it did, got an email earlier this dat (about 2 o'clock)...
docklands88 - Fri Feb 04, 2011 9:50 pm

I've had an email too on the 28th and just noticed it, weird. I will change my password just to be safe.
jp8000 - Sat Feb 05, 2011 6:58 am

Another message about blocking received
Andy - Sat Feb 05, 2011 10:30 am

... me too (this morning) :?
Jon - Sat Feb 05, 2011 2:32 pm

I take it the anti-bot filter is not working?
cygnusx-1 - Sat Feb 05, 2011 4:19 pm

I got an email again today, too.
GeeJee - Sat Feb 05, 2011 4:55 pm

We're on it again..
docklands88 - Sat Feb 05, 2011 10:29 pm

Just got another e-mail a few hours ago.
Adam - Sun Feb 06, 2011 8:09 pm

Just got another at 18.25 UK time
Andy - Wed Feb 09, 2011 7:35 am

Again, yesterday - 18:23 CET...

Although it might be a "pain in the ass of the users" as Nico argued, the easiest way to get rid of this problem is to implement a captcha-code.

To block the IP-range of this bot isn't a really solution as these bums can change the IP easily.

Just my two cent...

Nico_Noyau - Fri Feb 11, 2011 10:44 pm

Andy wrote:
Again, yesterday - 18:23 CET...

Although it might be a "pain in the ass of the users" as Nico argued, the easiest way to get rid of this problem is to implement a captcha-code.

To block the IP-range of this bot isn't a really solution as these bums can change the IP easily.

Just my two cent...

If only that was that easy... the registration form is built in a very specific way, as it is based on phpBB, reworked by some obscure polish dev teams, which leads in a rather un-editable page.
I put 2 anti-bot filters, and I improved the restrictions in .htaccess I had written.

Let's see what happens now...


Powered by phpBB modified by Przemo © 2003 phpBB Group