Someone trying to get into my profile account

GazHyde

Administrator
Staff member
Administrator
Global Moderator
British Zeds
Joined
Dec 2, 2011
Messages
15,630
Location
Newbury, Berkshire
Model of Z
BMW Z4 3.0Si Sport
Nothing I'm aware of, although I had a couple of emails from people last night.

Anything is possible I guess, but the account lockout will only be temporary unless they guessed your password. But I'm sure that you all use secure non-guessable passwords though?!
 

GazHyde

Administrator
Staff member
Administrator
Global Moderator
British Zeds
Joined
Dec 2, 2011
Messages
15,630
Location
Newbury, Berkshire
Model of Z
BMW Z4 3.0Si Sport
So as an update, I've checked more stuff and several of the reported accounts all seem to have had attempted access from the same IP address.

This smacks of some form of password dictionary attack, but I'll do some more investigation.

For reference, and before people get all excited - WE HAVE NOT BEEN HACKED! I'll explain what a password dictionary attack is and why it's not a compromise.
 
Last edited:

GazHyde

Administrator
Staff member
Administrator
Global Moderator
British Zeds
Joined
Dec 2, 2011
Messages
15,630
Location
Newbury, Berkshire
Model of Z
BMW Z4 3.0Si Sport
For reference, as set in the forum configuration. If someone enters an incorrect password 4 times in a row, the account will be locked for a period of around 15-30 minutes.

upload_2020-5-1_8-34-44.png


If you keep trying to login during the lock I believe it will extend that time onward, so stop trying to login, go make a cup of tea and come back later.

The point of this is if someone is trying to guess your password, they could just wait 15 minutes and try again. Generally these are automated systems who will keep going until they get in or the person running it moves on to the next website.

This kind of attack is reliant on weaknesses in your choice of passwords, such as using a word that appears in a dictionary - such as the word - "password". Sometimes they are more clever for those who think adding numbers on to the end helps - so they would try "password123" for example.

For anyone who reads this message and still can't get in, feel free to email me via gazhyde@ymail.com and I'll keep an eye on it this weekend.

Cheers all.
 

abh29

Zorg Guru (I)
Supporter
British Zeds
Joined
Jul 18, 2015
Messages
763
Location
North Wales
Model of Z
Z3 2.2 Sports
Very odd. On iPad I am told "your account has temporarily been locked due to failed login attampts". BUT itsall working OK on the Mac

after 30 minutes all OK on iPad as well

Its all beyound me
 
Last edited:
Top