Someone trying to get into my profile account

t-tony

Zorg Expert (II)
Supporter
British Zeds
#ZedShed
Joined
Dec 31, 2013
Messages
39,791
Location
Torksey Lock,Lincoln, England
Model of Z
Z4 3.0 Auto
I had this last night on my PC Garry.

Tony.
 

GazHyde

Administrator
Staff member
Administrator
Global Moderator
British Zeds
Joined
Dec 2, 2011
Messages
15,642
Location
Newbury, Berkshire
Model of Z
Audi TT Mk3
Nothing I'm aware of, although I had a couple of emails from people last night.

Anything is possible I guess, but the account lockout will only be temporary unless they guessed your password. But I'm sure that you all use secure non-guessable passwords though?!
 

GazHyde

Administrator
Staff member
Administrator
Global Moderator
British Zeds
Joined
Dec 2, 2011
Messages
15,642
Location
Newbury, Berkshire
Model of Z
Audi TT Mk3
So as an update, I've checked more stuff and several of the reported accounts all seem to have had attempted access from the same IP address.

This smacks of some form of password dictionary attack, but I'll do some more investigation.

For reference, and before people get all excited - WE HAVE NOT BEEN HACKED! I'll explain what a password dictionary attack is and why it's not a compromise.
 
Last edited:

GazHyde

Administrator
Staff member
Administrator
Global Moderator
British Zeds
Joined
Dec 2, 2011
Messages
15,642
Location
Newbury, Berkshire
Model of Z
Audi TT Mk3
For reference, as set in the forum configuration. If someone enters an incorrect password 4 times in a row, the account will be locked for a period of around 15-30 minutes.

upload_2020-5-1_8-34-44.png


If you keep trying to login during the lock I believe it will extend that time onward, so stop trying to login, go make a cup of tea and come back later.

The point of this is if someone is trying to guess your password, they could just wait 15 minutes and try again. Generally these are automated systems who will keep going until they get in or the person running it moves on to the next website.

This kind of attack is reliant on weaknesses in your choice of passwords, such as using a word that appears in a dictionary - such as the word - "password". Sometimes they are more clever for those who think adding numbers on to the end helps - so they would try "password123" for example.

For anyone who reads this message and still can't get in, feel free to email me via gazhyde@ymail.com and I'll keep an eye on it this weekend.

Cheers all.
 

abh29

Zorg Guru (I)
Supporter
British Zeds
Joined
Jul 18, 2015
Messages
774
Location
North Wales
Model of Z
Z3 2.2 Sports
Very odd. On iPad I am told "your account has temporarily been locked due to failed login attampts". BUT itsall working OK on the Mac

after 30 minutes all OK on iPad as well

Its all beyound me
 
Last edited:

Jack Ratt

Zorg Guru (V)
Supporter
British Zeds
The West Country
Joined
Dec 3, 2013
Messages
7,812
Location
TRURO, CORNWALL
Model of Z
2.8i AUTO and 2.8i MANUAL
Thanks Gaz
 
Top