Announcement

**Jan** · 07-06-2015, 04:17 AM

Thanks, Tim. Every once in a while we get a number of these from potential spammers. So far, at least as far as I know, only one has slipped through. Unfortunately, the only way to prevent that would be to block entire segments of IP addresses (if I understand what DougO told me) so the fact that you had a good password was the perfect defense.

Thanks,
Jan

**Dan Dassow** · 07-06-2015, 10:28 AM

Originally posted by timk519 View Post

As a FYI, I just got this attempted login report. The user was coming in via a Tor anonymizer.

Dear timk519,

Someone has tried to log into your account on JMSNews Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 92.220.210.218

All the best,
JMSNews Forums

What Jan stated is correct. DougO, would have to block a range of IP addresses, since Internet Service Providers dynamically assign IP addresses to their customers.

Whois Lookup Captcha

http://whois.domaintools.com/92.220.210.218

IP Location - Norway Norway Stavanger Altibox Residential Customer Linknets
ASN - Norway AS29695 ALTIBOX_AS Altibox AS (registered Nov 14, 2003)

**nottenst** · 08-29-2015, 07:39 AM

I just got one of those messages:

Someone has tried to log into your account on JMSNews Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 77.109.141.138

All the best,
JMSNews Forums

I was quite surprised, but I see it is not that uncommon.

**ednemo** · 08-30-2015, 04:36 PM

I had an attempted hack as well.

I looked up the IP and it is on most block lists as of yesterday.

tor-proxy-readme1.casperlefantom.net [176.31.191.26]

**ednemo** · 08-30-2015, 04:38 PM

Blacklisting IPs is tricky business and is more of a headache than it is worth. These are just bots grabbing usernames and running a handful of simplistic passwords and then quitting after they fail. So make sure your password isn't Summer15 or something equally ridiculous and you should be fine.

**Radhil** · 08-31-2015, 03:14 PM

Just joined the club. Bots are cute like that.

**Ubik** · 09-01-2015, 05:21 AM

Same here, yesterday. Seems to have had little success though.

**Babel-17** · 09-01-2015, 07:36 AM

Same here.

**Jan** · 09-01-2015, 08:26 AM

As I type this, there are 16 'guests' viewing user profiles. I don't know whether they're mining those profiles from the membership lists or from posts but I've emailed a suggestion to DougO to see if possibly making the membership list hidden to any but Admins might help stop some of this.

Until they figure out something else, of course.

Jan

**Jan** · 09-02-2015, 03:59 AM

DougO has disabled viewing of the Membership List. We'll see if that helps with the attempts. I don't think it can hurt!

Jan

**Dan Dassow** · 09-03-2015, 01:32 AM

Originally posted by Jan View Post

DougO has disabled viewing of the Membership List. We'll see if that helps with the attempts. I don't think it can hurt!

Jan

Jan, I regret this became necessary.

**Babel-17** · 09-07-2015, 04:01 PM

Had it been viewable even if not logged on? I was just at another site looking for an acquaintance's posts and I'm required to log in before viewing the list. So, I guess that's a thing now.

**Jan** · 09-08-2015, 03:13 AM

I don't know if it was or not but we've got thousands and thousands of 'people' (probably 'bots) registered who've never had any activity at all. When these periodic attacks would crop up I always wondered how many 'bots' were getting hacked.

Since 99.999% of them had never answered the verification email we used to have, that would get them nowhere.

Jan

Announcement

Attempted hack

Attempted hack

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment