• Registered users are encouraged to enable MFA/2FA to add an aditional layer of security to their account. More information can be found here: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/activate-2-step-verification-on-your-email

possible attempted hack?

There at it again.

Dear TomCat,

Someone has tried to log into your account on Type R Owners Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 129.123.7.7

All the best,
Type R Owners Forums
 
Out of interest, you say its a group probably brute forcing with the five most popular password. What are the five most popular? Surly out of all the passwords people can have (the worlds your oyster, as there are billions and billions of word combinations available) why does someone go obvious?
 
People, particularly about internet security are often lazy.

An example of which would be the Ashley Madison hack. How many users on there will have used the same password for their cheater account as what they use to get in to their email account that is registered with the same site? Makes you think...
 
I've covered this is other sections of the forum but thought I'd put it here as well.

We're doing pretty much everything we can at the minute to stop brute force attacks on accounts on the forum:
- all failed login attempts are logged in the web server logs
- we run a fail2ban script that checks these logs for multiple failed logins from the same ip address which then blocks this ip address using iptables.

I'm planning on adding a script that will block known tor exit points and am looking at ways of hardening the login process, possibly by adding a captcha to the process. I'm also looking into blocking access to the member list from visitors who haven't already logged in.

Finally, we're also exploring the option of moving away from vBulletin to another forum software.
 
I thought vbulletin was one of the most secure and up to date?

A couple forums I use have just moved from the likes of simple machines to vbulletin. Security being one of the factors in choosing to move.
 
Bonito said:
I thought vbulletin was one of the most secure and up to date?

A couple forums I use have just moved from the likes of simple machines to vbulletin. Security being one of the factors in choosing to move.
Click to expand...


vBulletin used to be the dogs bollocks of forum software, sadly it's not so good these days. They were bought over a few years back and they seem more interested in building the vBulletin suite rather than the forum side of things.
I've been considering xenforo which was setup by the guys who originally built vBulletin.
 
Dear Koston,

Someone has tried to log into your account on Type R Owners Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 176.10.104.240

All the best,
Type R Owners Forums
 
You must log in or register to reply here.
Back
Top