View Full Version : Hackers trying your password at Ninjette
Alex February 13th, 2015, 11:03 AM Hi all -
Getting a handful of notifications each day, that a user is trying to log into an account here 5 times, and is locked out for 15 minutes before being able to try again. The reason I am seeing the notifications is that an email is then sent out to warn the user that something may be going on, and then that email is bouncing because the user hasn't been here in so long that their email account is no longer the same. So I'm probably only seeing a subset of these, and many might not be bouncing back because the emails are still valid.
These attempts log the IP address, but the problem is that just about every one is coming from a completely different IP. It appears to be a persistent effort, used by proxies and/or botnets, that is not trivial to prevent, while keeping the site still usable / accessible.
So - consider changing your password on this site and others from time to time. Use as strong a password as you are comfortable with. Consider using a password manager like LastPass or DashLane, which both automate using very complicated passwords on all the sites & apps you use. And let me know if you're seeing anything strange; I'll do the same here.
- Alex
csmith12 February 16th, 2015, 08:29 PM :werd:
NDspd February 17th, 2015, 07:22 AM Thank you!
Qomomoko February 17th, 2015, 08:45 AM on another forum i am in .. a new user ( with one post) wrote the following..
Sorry if this is in the wrong place.
I received an automated email stating that there were failed attempts
to log in under my user name.
the IP Address 120.202.249.205
This address is linked to multiple fourm attacks and is from China.
Blocking the upstream servers would be advisable. Thank you.
name is Xoy geha from New Mexico, Las Cruces...
one post and putting that up on that other forum..
i'll be changing my password soon..
Ducati999 February 17th, 2015, 08:57 AM Just received an E-mail someone attempted 5x to log into my account. I am the only person with the password (wife and friends dont have it) to this account so someone is trying to hack NINJETTE.ORG. Keep an eye on your own accounts.:eek:
NevadaWolf February 17th, 2015, 10:09 AM Ducati999, here's some info.
Alex February 17th, 2015, 10:32 AM on another forum i am in .. a new user ( with one post) wrote the following..
Sorry if this is in the wrong place.
I received an automated email stating that there were failed attempts
to log in under my user name.
the IP Address 120.202.249.205
This address is linked to multiple fourm attacks and is from China.
Blocking the upstream servers would be advisable. Thank you.
name is Xoy geha from New Mexico, Las Cruces...
one post and putting that up on that other forum..
i'll be changing my password soon..
There are other reports of this on the main vbulletin forum. All of the IP addresses coming through on these are completely different, each time. There isn't an easy (or a hard) way to simply block the bad guys here, without blocking the ability of all users to be able to log in as normal. The 5-time lockout for 15 minutes is a relatively effective control to keep people from guessing forever. For a relatively strong password, random guessing 5 times every 15 minutes would take millions of years based on random chance. Of course if the password is more easily guessable (same as username, used on many sites and compromised elsewhere, "password123", etc.), people can certainly have their accounts taken over by this.
NDspd February 17th, 2015, 10:59 AM Yeah I just got another email on a airsoft forum I used to be on years ago.
alex.s February 17th, 2015, 11:43 AM There isn't an easy (or a hard) way to simply block the bad guys here, without blocking the ability of all users to be able to log in as normal.
have you tried just asking them nicely?
Alex February 17th, 2015, 11:44 AM Dear internet bad guys: Please stop.
iNinja February 17th, 2015, 02:06 PM got an email yesterday about my username trying to be hacked as well. from IP: 213.238.128.130.
dbotos February 17th, 2015, 03:51 PM 2-17-15 12:45 am, IP 84.72.142.174. Traces to Wohlen, Switzerland. Of course, IPs can be spoofed. While looking up that IP, I came across an interesting anti-spammer/harvester/attacker project:
https://www.projecthoneypot.org/faq.php
Also, you can check an IP address to see what kind of "record" it has:
https://www.projecthoneypot.org/search_ip.php
NevadaWolf February 17th, 2015, 04:07 PM Given the lengths and complexity of passwords I have to use on a daily basis, I am always reminded of the XKCD comic.
http://imgs.xkcd.com/comics/password_strength.png
Alex February 17th, 2015, 04:26 PM This attack is hard to prevent. We have a ton of anti-spammer type controls in place here that work pretty well. There are hundreds (some days thousands) of attempts to sign up new accounts. All of those are validated through anti-spam databases. Even after someone gets past that, their first few posts have a pretty stringent spam filter, so it catches them before it is shown to others, and they can be easily deleted.
But - just the process of attempting to log in, it's hard to block ahead of time. Yes, I can list any individual IP address or network to be blocked to the forum, but it becomes an unwinnable game of whackamole. I haven't seen a dupe IP yet in the hundreds of notifications I've looked through. And there is no provision for vBulletin to dynamically check an IP before even allowing it to attempt to log in, against the known spammer addresses. It can maybe be done at the server level, through mods to apache, but again, it needs to be dynamic and updated automatically, or it is pointless.
alex.s February 17th, 2015, 04:31 PM come on, it's totally easy.
just add an extra field to the login screen that says "what are you?" and remove the people who answer "Spam bot"
MrAtom February 17th, 2015, 04:47 PM I dunno about most of you guys, but I stay logged in most of the time. Alex, if you added a captcha to the login, I personally wouldn't mind. Might wanna get the feedback of other ninjetters, though
Roark February 17th, 2015, 04:53 PM come on, it's totally easy.
just add an extra field to the login screen that says "what are you?" and remove the people who answer "Spam bot"
If you had read the Terms and Conditions in its entirety, you would've seen "no spam bots allowed"
alex.s February 17th, 2015, 05:23 PM i have no issue typing a captcha when i need to log in. but i know some people are less able to recognize a picture of numbers on the side of a house.
Alex February 17th, 2015, 05:36 PM I've found scripts to auto-populate the blocking lists with the Spamhaus and other blocklists, but running the last handful of IPs coming through on the notifications shows them all to still be clean on Spamhaus (in other words, it wouldn't block them then, and it still wouldn't block them now). Captcha for login is not directly available; which is a little surprising, as it is available for registration, posting, contact us, searching, etc. Just not as a requirement for each login. There was a mod for 3.6 to add it, but it hasn't been updated for years and isn't compatible with this version.
While this is annoying, I don't know of 1 user who has had their account taken over yet, assuming that the first thing someone would do is start posting up spam of some sort.
Somchai February 17th, 2015, 11:22 PM :rotflmao: - why worry when the gents (or should I better use another word for them?) are sitting inside your harddisk and watch your activity from there?
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
MrAtom February 17th, 2015, 11:48 PM ^read about that in popsci earlier today. Thats some mad scientist crap right there.
Alex February 18th, 2015, 07:43 AM It looks like they were able to pop one account (Viskoner) last night, and have used it to send an annoying spam to a number of members via PM. I have since deleted all of them, so if you received a notification and yet don't see it now; that's why. Viskoner's password has been changed, and I had to change his email as well, as I have no idea whether it points to him or the spammer. If you are reading this, please use the "contact us" link at the bottom of any page to get in touch and work to get your account restored to normal.
I didn't receive one here, but I got the same spam via a PM on another forum I am on last night as well, so this looks pretty widespread.
Use appropriate passwords, and change them every once in awhile to minimize the chances of this. :thumbup:
akima February 18th, 2015, 08:13 AM Thank you for all your hard work protecting this place Alex ;)
allanoue February 18th, 2015, 10:21 AM Thank you for all your hard work protecting this place Alex ;)
:whatshesaid: and why I do not block adds here.
Help keep our protector motivated.
Hero Danny February 18th, 2015, 01:30 PM Thanks for all your hard work Alex, I appreciate it. It must be difficult to run this entire site solo.
ninjamunky85 February 18th, 2015, 03:45 PM Yeah I received one of those spam private messages this morning. I guess it was from that viskoner guy cause it's been deleted. I also just changed my password to be safe. Thanks Alex
snot February 21st, 2015, 11:10 AM I know a few of you also received a pm from a memnber who had not been on in 2 years.
Alex is this from someone hacking into the users profile?
Singh2jz February 21st, 2015, 11:25 AM La Policia!
Just received a spam pm this morning from dvy5001.
Linkin February 21st, 2015, 03:08 PM La Policia!
Just received a spam pm this morning from dvy5001.
Ditto
Snake February 21st, 2015, 04:01 PM I got the same spam as well.
Alex February 21st, 2015, 05:14 PM All gone. Thx, folks. Sorry for the trouble.
psykown February 21st, 2015, 07:12 PM I just got something from rjtrookie Alex
csmith12 February 21st, 2015, 07:15 PM Same here... rjtrookie
subxero February 21st, 2015, 07:16 PM ^ this
Alex February 21st, 2015, 07:23 PM All gone.
psykown February 21st, 2015, 07:51 PM Cool, Thanks a on for the work you do Alex :clapping::thumbup::dancecool:
MrAtom February 21st, 2015, 08:18 PM Yeah thanks! Preciate it :-)
alex.s February 21st, 2015, 09:50 PM i've been getting these really weird PMs from a few members...
but they're just weird people. i try to understand.
Singh2jz February 22nd, 2015, 02:22 AM i've been getting these really weird PMs from a few members...
but they're just weird people. i try to understand.
Hang in there; Alex can only take care of one thing at a time.
LittleRedNinjette February 22nd, 2015, 05:55 AM Just got one from Timm3h. :spy:
Snake February 22nd, 2015, 06:25 AM Just got one from Timm3h. :spy:
Same here. It's starting to be a daily occurrence. :mad:
BlackNinja8 February 22nd, 2015, 07:27 AM ^^got the same
Alex February 22nd, 2015, 07:30 AM Yep. Not fun. :( All of his PM's have been deleted, and password changed.
They are having much more success than I would have guessed with this.
Singh2jz February 22nd, 2015, 08:11 AM Thanks Alex, I got the email of the private message but when I logged on, it was nowhere to be found lol. I want to reply to their messages saying that cheapest isn't always best. Haha
Rexcycles February 22nd, 2015, 08:59 AM Thanks Alex.
NevadaWolf February 22nd, 2015, 09:39 AM Forgive the dumb question, but once the password is cracked, is it likely a bot sending the PM or a person?
If a bot, could an extra check be added before being allowed to send a PM? Like the scrambled letter human checker thing? WTH is it called?
Won't stop the hacked account but may slow the spam?
Singh2jz February 22nd, 2015, 09:52 AM If a bot, could an extra check be added before being allowed to send a PM? Like the scrambled letter human checker thing? WTH is it called?
It's called captcha, I believe.
oroboros February 22nd, 2015, 10:11 AM I never get PM's here :( Except from Timm3h :dancecool:
I figured it was suspect. I was going to complain about the nonsense but then read about "Samer". That put it in perspective.
Skullz February 22nd, 2015, 10:33 AM Captcha's suck
Heard another option is to use a picture and answer the picture instead of a word.
Really hope captcha's go way of the 8 track player.
ally99 February 22nd, 2015, 04:53 PM Thank you for all your hard work protecting this place Alex ;)
Absolutely! +1,000!!
DaBlue1 February 22nd, 2015, 06:45 PM Thanks Alex for being on top of things.
I got the same PM from Timm3h. Not sure what was in it, however I do know timm3h.exe is a virus. Gotta watch those links.
baxtc1 February 22nd, 2015, 07:38 PM I just got an email notification for a private message, in the message is a link for motosale or somesuch. If you like, I will forward it to you aa the link might give a chance to narrow down the culprit.
For what it is worth, I do not have a private messsge notification on the forum.
Cheers,
Rob.
headshrink February 22nd, 2015, 08:04 PM I got the same PM, but it was missing from my inbox once I checked... maybe that means the account was already deleted, I don't know.
ftheshack February 22nd, 2015, 08:24 PM Just got one from Timm3h. :spy:
Same here, I got an email notification for a pm and the message was already deleted from the forum before I could log in. Good job moderators!
Alex February 22nd, 2015, 09:03 PM Another one a short while ago (drewpickles). Throttling on the number of PM's, and me happening to be near a computer, means he only got it out to 10 people before being banned/blocked.
NevadaWolf February 22nd, 2015, 09:08 PM Good job moderators!
Just a bit of info for new folks who haven't seen this yet....
Unlike other forums with a crew of mods under a few admins, we have Alex. One amazing awesome guy who takes care of all the backend stuff. So yeah, all the fielding of the hacked accounts is being handled by a team of one.
:bow::bow::bow::bow:
alex.s February 22nd, 2015, 10:35 PM http://media.giphy.com/media/wSSooF0fJM97W/giphy.gif
NevadaWolf February 22nd, 2015, 11:11 PM Gawds I can hear that line and I haven't seen that movie in awhile.
LittleRedNinjette February 23rd, 2015, 05:37 AM Gawds I can hear that line and I haven't seen that movie in awhile.
:rotflmao: me too!
Alex February 23rd, 2015, 08:37 AM Another one this morning ( sokin4 ). Pain in the neck, even if they are trivial to clean up individually.
xorbe February 23rd, 2015, 10:00 AM I had someone hammer on my webmail account login for a couple months a few years ago, which was extremely irritating, because it was locked 1/2 of the time when I tried to log in.
headshrink February 23rd, 2015, 11:41 AM I just got virtually the same message over at Pashnit. I guess we aren't the only place having problems.
Alex February 23rd, 2015, 12:45 PM OK - I moved all users who haven't logged in over the past 2 years into a new limited usergroup, In that group, you can't send PM's, email other members, or create new posts. There is a notification at the top of the screen that explains that your account is in that state, and how to get out of it. Should be completely invisible to anyone who has logged within the last 24 months, but will make it pointless for someone to crack any older account.
LittleRedNinjette February 23rd, 2015, 01:08 PM :clapping:
akima February 23rd, 2015, 03:00 PM Alex - now that you've pretty much sorted that out, can you fix our sim cards (https://firstlook.org/theintercept/2015/02/19/great-sim-heist/) please?
Alex February 23rd, 2015, 03:10 PM 1. Fill a tall glass with 10 - 12 oz. of water
2. Hold phone above glass
3. Let go
akima February 23rd, 2015, 03:40 PM ^ Perfect solution! I'll fix my friends and co-workers phones with this method too!
I'm going to be so popular when they find out how I protected them :p
headshrink February 23rd, 2015, 03:56 PM Alex - now that you've pretty much sorted that out, can you fix our sim cards (https://firstlook.org/theintercept/2015/02/19/great-sim-heist/) please?
That was just a test. Now the real challenge... can you fix my mortgage, career, and marriage?
Alex February 23rd, 2015, 04:00 PM Forget about the other two, and just worry about the career. If that is going well, that implies the mortgage is as well. And if those are both going well, what's to worry about in the marriage?
Keep 'em coming; I'm here all week. :)
allanoue February 23rd, 2015, 06:09 PM I am getting old, and as I get older, I am getting older faster. Make it stop?
headshrink February 23rd, 2015, 06:09 PM Forget about the other two, and just worry about the career. If that is going well, that implies the mortgage is as well. And if those are both going well, what's to worry about in the marriage?
Keep 'em coming; I'm here all week. :)
Thanks - I'm a little short right now, can you send me the bill?
Alex February 23rd, 2015, 06:16 PM http://i.imgur.com/FIT7KIm.jpg
Singh2jz February 24th, 2015, 02:45 PM There is no I in team. Alex is just a mod hog..hahaha
flitecontrol February 24th, 2015, 03:19 PM Just got one from Timm3h. :spy:
I got an email notice that I had a PM from him, several days ago, but apparently alex got to it before I did. It was gone when I went to my PMs.
Alex February 25th, 2015, 12:00 AM One today ( jc_ninja). User has been here in the last two years, so they were able to get 2 PM's out to 10 people before being banned.
alex.s February 25th, 2015, 12:29 AM http://media2.giphy.com/media/llKJGxQ1ESmac/200.gif
http://media.giphy.com/media/oVvhEYvWDvE1G/giphy.gif
http://media1.giphy.com/media/1230rTAtEjLyLu/200.gif
http://media1.giphy.com/media/DBfYJqH5AokgM/200.gif
NevadaWolf February 25th, 2015, 08:27 AM http://www.chasecaseco.net/wp-content/uploads/2014/12/w964.jpg
...whoa, that is 20 years old this year. Ugh
verboten1 February 25th, 2015, 09:02 AM There is no I in team. Alex is just a mod hog..hahaha
YES THERE IS!!!!
http://blueprintbasketball.com/wp-content/uploads/2012/10/There-is-an-I-in-TEAM.png
alex.s February 25th, 2015, 09:22 AM http://www.chasecaseco.net/wp-content/uploads/2014/12/w964.jpg
...whoa, that is 20 years old this year. Ugh
it was such a cool movie when i was 6...
headshrink February 25th, 2015, 09:25 AM Don't make me feel old... I'm trying to have a good attitude today.
NevadaWolf February 25th, 2015, 09:31 AM it was such a cool movie when i was 6...
I still find it a cool movie in that dated campy just for fun way. Course I like Fisher Stevens so eh. :p
Alex February 25th, 2015, 10:17 AM It looks like some of the permissions changes I tried a few days ago, have locked down the marketplace areas more than intended. If folks were having issues posting in there, I believe it has been fixed at this point.
ally99 February 25th, 2015, 02:40 PM There is no I in team. Alex is just a mod hog..hahaha
YES THERE IS!!!!
http://blueprintbasketball.com/wp-content/uploads/2012/10/There-is-an-I-in-TEAM.png
Damn, you beat me to posting this exact thing!
Singh2jz February 25th, 2015, 03:22 PM YES THERE IS!!!!
http://blueprintbasketball.com/wp-content/uploads/2012/10/There-is-an-I-in-TEAM.png
Damn, you beat me to posting this exact thing!
:pound:
akima February 26th, 2015, 01:15 PM I still find it a cool movie in that dated campy just for fun way. Course I like Fisher Stevens so eh. :p
You mean... Mr The Plague
( I too <3 Hackers movie... then I learnt a lot about puters... then I discovered that nothing in Hackers bares any resemblance to real puter stuff... ... still <3 Hackers movie! )
...
"HACK THE PLANET!" :D
Edit: please do not hack ninjette.org... or the planet. k thx
Ghostt February 28th, 2015, 03:39 PM I preferred SNEAKERS to HACKERS, but both are good movies
Ghostt February 28th, 2015, 03:49 PM This is what Alex looks like when he's fending off the hackers,
http://i.ytimg.com/vi/NPp7N5iyCWY/maxresdefault.jpg
And here is a rare pic of him waiting for the next attempt
BRING THAT WEAK ASS SH*T HACKERS
http://www.flicksandbits.com/wp-content/uploads/2011/05/ian-mckellan-gandalf-3d.jpg
Keeping Ninjette.org safe for all,
like the boss he is
BTW Alex that last pic would be cool for your official picture
|
|