Old 28-09-2013, 10:37 AM   #1
God
Administrator
 
God's Avatar
 
Join Date: May 2008
Posts: 65
Rep Power: 10
God has disabled reputation
Default Attempted Account Hacks

Hi All,

We have been the subject this week of repeated brute force account hack attempts originating from Russian IP sources.

I've taken precautionary measures and blocked the subnets of the originating offenders, however as they are using quite complex botnets it may be impossible to completely block it out.

Whilst it doesn't appear like any accounts have been compromised at this stage, I would suggest for your own account safety that you change your password to something complex containing a Capital Letter, a Number and an alphanumeric character, such as #, $, % etc.. The next revision of the forum will require this as a security measure, so best to get in the practice of doing it now.

If you get an email generated by our system suggesting that someone has attempted to access your account from an IP Address that seems suspicious.. Please post the information to this thread and I'll block each subnet zone accordingly.

Chris

EDIT: There is shitloads of traffic coming from China also. Four times as much as from Australia. And from just the one IP also. Highly unlikely.. Also Blocked.
God is offline   Reply With Quote
Old 29-09-2013, 12:22 PM   #2
God
Administrator
 
God's Avatar
 
Join Date: May 2008
Posts: 65
Rep Power: 10
God has disabled reputation
Default

On second thought, going through the traffic logs.. The Chinese based traffic is starting to concern me as its all the same kind of traffic which indicates its an annoying Robot trawling the site (like Google) or its something a bit more sinister.

Hence I'm immediately implementing a series of block ranges. I don't usually like doing this as it means we shut our site off from a section of the world, but it needs to be done..

I've blocked large subnets of Chinese IP's already and will continue doing so over the next week.
God is offline   Reply With Quote
Old 29-09-2013, 12:36 PM   #3
Z2TT
z20 Advocator
 
Z2TT's Avatar
 
Join Date: Jun 2008
Location: Perth, Australia
Posts: 3,493
Rep Power: 13
Z2TT will become famous soon enough
Send a message via MSN to Z2TT
Default

For me I first got an Email of 5 failed login attempts and Yes it was from a Russian IP - 188.143.234.6. This happened on 23rd September then again on 26th September

Perhaps you can change the Login attempt limit from 5 to 2 for a bit more safety.
__________________
.
- Complete English z20 Wiring Diagrams
- All Circuits
- Every Connector
- Completely in English.
Z2TT is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +8. The time now is 02:18 PM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.