Hi all -

Getting a handful of notifications each day, that a user is trying to log into an account here 5 times, and is locked out for 15 minutes before being able to try again. The reason I am seeing the notifications is that an email is then sent out to warn the user that something may be going on, and then that email is bouncing because the user hasn't been here in so long that their email account is no longer the same. So I'm probably only seeing a subset of these, and many might not be bouncing back because the emails are still valid.

These attempts log the IP address, but the problem is that just about every one is coming from a completely different IP. It appears to be a persistent effort, used by proxies and/or botnets, that is not trivial to prevent, while keeping the site still usable / accessible.

So - consider changing your password on this site and others from time to time. Use as strong a password as you are comfortable with. Consider using a password manager like LastPass or DashLane, which both automate using very complicated passwords on all the sites & apps you use. And let me know if you're seeing anything strange; I'll do the same here.

- Alex

:werd:

Thank you!

on another forum i am in .. a new user ( with one post) wrote the following..

Sorry if this is in the wrong place.
I received an automated email stating that there were failed attempts
to log in under my user name.
the IP Address 120.202.249.205
This address is linked to multiple fourm attacks and is from China.
Blocking the upstream servers would be advisable. Thank you.


name is Xoy geha from New Mexico, Las Cruces...

one post and putting that up on that other forum..

i'll be changing my password soon..

Just received an E-mail someone attempted 5x to log into my account. I am the only person with the password (wife and friends dont have it) to this account so someone is trying to hack NINJETTE.ORG. Keep an eye on your own accounts.:eek:

Ducati999, here's some info.

on another forum i am in .. a new user ( with one post) wrote the following..

Sorry if this is in the wrong place.
I received an automated email stating that there were failed attempts
to log in under my user name.
the IP Address 120.202.249.205
This address is linked to multiple fourm attacks and is from China.
Blocking the upstream servers would be advisable. Thank you.


name is Xoy geha from New Mexico, Las Cruces...

one post and putting that up on that other forum..

i'll be changing my password soon..

There are other reports of this on the main vbulletin forum. All of the IP addresses coming through on these are completely different, each time. There isn't an easy (or a hard) way to simply block the bad guys here, without blocking the ability of all users to be able to log in as normal. The 5-time lockout for 15 minutes is a relatively effective control to keep people from guessing forever. For a relatively strong password, random guessing 5 times every 15 minutes would take millions of years based on random chance. Of course if the password is more easily guessable (same as username, used on many sites and compromised elsewhere, "password123", etc.), people can certainly have their accounts taken over by this.

Yeah I just got another email on a airsoft forum I used to be on years ago.

There isn't an easy (or a hard) way to simply block the bad guys here, without blocking the ability of all users to be able to log in as normal.

have you tried just asking them nicely?

Dear internet bad guys: Please stop.

got an email yesterday about my username trying to be hacked as well. from IP: 213.238.128.130.

2-17-15 12:45 am, IP 84.72.142.174. Traces to Wohlen, Switzerland. Of course, IPs can be spoofed. While looking up that IP, I came across an interesting anti-spammer/harvester/attacker project:

https://www.projecthoneypot.org/faq.php

Also, you can check an IP address to see what kind of "record" it has:

https://www.projecthoneypot.org/search_ip.php

Given the lengths and complexity of passwords I have to use on a daily basis, I am always reminded of the XKCD comic.

http://imgs.xkcd.com/comics/password_strength.png

This attack is hard to prevent. We have a ton of anti-spammer type controls in place here that work pretty well. There are hundreds (some days thousands) of attempts to sign up new accounts. All of those are validated through anti-spam databases. Even after someone gets past that, their first few posts have a pretty stringent spam filter, so it catches them before it is shown to others, and they can be easily deleted.

But - just the process of attempting to log in, it's hard to block ahead of time. Yes, I can list any individual IP address or network to be blocked to the forum, but it becomes an unwinnable game of whackamole. I haven't seen a dupe IP yet in the hundreds of notifications I've looked through. And there is no provision for vBulletin to dynamically check an IP before even allowing it to attempt to log in, against the known spammer addresses. It can maybe be done at the server level, through mods to apache, but again, it needs to be dynamic and updated automatically, or it is pointless.

come on, it's totally easy.

just add an extra field to the login screen that says "what are you?" and remove the people who answer "Spam bot"

I dunno about most of you guys, but I stay logged in most of the time. Alex, if you added a captcha to the login, I personally wouldn't mind. Might wanna get the feedback of other ninjetters, though

come on, it's totally easy.

just add an extra field to the login screen that says "what are you?" and remove the people who answer "Spam bot"

If you had read the Terms and Conditions in its entirety, you would've seen "no spam bots allowed"

i have no issue typing a captcha when i need to log in. but i know some people are less able to recognize a picture of numbers on the side of a house.

I've found scripts to auto-populate the blocking lists with the Spamhaus and other blocklists, but running the last handful of IPs coming through on the notifications shows them all to still be clean on Spamhaus (in other words, it wouldn't block them then, and it still wouldn't block them now). Captcha for login is not directly available; which is a little surprising, as it is available for registration, posting, contact us, searching, etc. Just not as a requirement for each login. There was a mod for 3.6 to add it, but it hasn't been updated for years and isn't compatible with this version.

While this is annoying, I don't know of 1 user who has had their account taken over yet, assuming that the first thing someone would do is start posting up spam of some sort.

:rotflmao: - why worry when the gents (or should I better use another word for them?) are sitting inside your harddisk and watch your activity from there?
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

^read about that in popsci earlier today. Thats some mad scientist crap right there.

It looks like they were able to pop one account (Viskoner) last night, and have used it to send an annoying spam to a number of members via PM. I have since deleted all of them, so if you received a notification and yet don't see it now; that's why. Viskoner's password has been changed, and I had to change his email as well, as I have no idea whether it points to him or the spammer. If you are reading this, please use the "contact us" link at the bottom of any page to get in touch and work to get your account restored to normal.

I didn't receive one here, but I got the same spam via a PM on another forum I am on last night as well, so this looks pretty widespread.

Use appropriate passwords, and change them every once in awhile to minimize the chances of this. :thumbup:

Thank you for all your hard work protecting this place Alex ;)

Thank you for all your hard work protecting this place Alex ;)

:whatshesaid: and why I do not block adds here.
Help keep our protector motivated.

Thanks for all your hard work Alex, I appreciate it. It must be difficult to run this entire site solo.

Yeah I received one of those spam private messages this morning. I guess it was from that viskoner guy cause it's been deleted. I also just changed my password to be safe. Thanks Alex

I know a few of you also received a pm from a memnber who had not been on in 2 years.


Alex is this from someone hacking into the users profile?

La Policia!

Just received a spam pm this morning from dvy5001.

La Policia!

Just received a spam pm this morning from dvy5001.

Ditto

I got the same spam as well.

All gone. Thx, folks. Sorry for the trouble.

I just got something from rjtrookie Alex

Same here... rjtrookie

^ this

All gone.

Cool, Thanks a on for the work you do Alex :clapping::thumbup::dancecool:

Yeah thanks! Preciate it :-)

i've been getting these really weird PMs from a few members...

but they're just weird people. i try to understand.

i've been getting these really weird PMs from a few members...

but they're just weird people. i try to understand.

Hang in there; Alex can only take care of one thing at a time.

Just got one from Timm3h. :spy:

Just got one from Timm3h. :spy:

Same here. It's starting to be a daily occurrence. :mad:

^^got the same

Yep. Not fun. :( All of his PM's have been deleted, and password changed.

They are having much more success than I would have guessed with this.

Thanks Alex, I got the email of the private message but when I logged on, it was nowhere to be found lol. I want to reply to their messages saying that cheapest isn't always best. Haha

Thanks Alex.

Forgive the dumb question, but once the password is cracked, is it likely a bot sending the PM or a person?

If a bot, could an extra check be added before being allowed to send a PM? Like the scrambled letter human checker thing? WTH is it called?

Won't stop the hacked account but may slow the spam?

If a bot, could an extra check be added before being allowed to send a PM? Like the scrambled letter human checker thing? WTH is it called?

It's called captcha, I believe.

I never get PM's here :( Except from Timm3h :dancecool:

I figured it was suspect. I was going to complain about the nonsense but then read about "Samer". That put it in perspective.

Captcha's suck
Heard another option is to use a picture and answer the picture instead of a word.
Really hope captcha's go way of the 8 track player.

Thank you for all your hard work protecting this place Alex ;)

Absolutely! +1,000!!

Thanks Alex for being on top of things.

I got the same PM from Timm3h. Not sure what was in it, however I do know timm3h.exe is a virus. Gotta watch those links.

I just got an email notification for a private message, in the message is a link for motosale or somesuch. If you like, I will forward it to you aa the link might give a chance to narrow down the culprit.
For what it is worth, I do not have a private messsge notification on the forum.
Cheers,
Rob.

I got the same PM, but it was missing from my inbox once I checked... maybe that means the account was already deleted, I don't know.

Just got one from Timm3h. :spy:

Same here, I got an email notification for a pm and the message was already deleted from the forum before I could log in. Good job moderators!

Another one a short while ago (drewpickles). Throttling on the number of PM's, and me happening to be near a computer, means he only got it out to 10 people before being banned/blocked.

Good job moderators!

Just a bit of info for new folks who haven't seen this yet....

Unlike other forums with a crew of mods under a few admins, we have Alex. One amazing awesome guy who takes care of all the backend stuff. So yeah, all the fielding of the hacked accounts is being handled by a team of one.

:bow::bow::bow::bow:

http://media.giphy.com/media/wSSooF0fJM97W/giphy.gif

Gawds I can hear that line and I haven't seen that movie in awhile.

Gawds I can hear that line and I haven't seen that movie in awhile.

:rotflmao: me too!

Another one this morning ( sokin4 ). Pain in the neck, even if they are trivial to clean up individually.

I had someone hammer on my webmail account login for a couple months a few years ago, which was extremely irritating, because it was locked 1/2 of the time when I tried to log in.

I just got virtually the same message over at Pashnit. I guess we aren't the only place having problems.

OK - I moved all users who haven't logged in over the past 2 years into a new limited usergroup, In that group, you can't send PM's, email other members, or create new posts. There is a notification at the top of the screen that explains that your account is in that state, and how to get out of it. Should be completely invisible to anyone who has logged within the last 24 months, but will make it pointless for someone to crack any older account.

:clapping:

Alex - now that you've pretty much sorted that out, can you fix our sim cards (https://firstlook.org/theintercept/2015/02/19/great-sim-heist/) please?

1. Fill a tall glass with 10 - 12 oz. of water
2. Hold phone above glass
3. Let go

^ Perfect solution! I'll fix my friends and co-workers phones with this method too!

I'm going to be so popular when they find out how I protected them :p

Alex - now that you've pretty much sorted that out, can you fix our sim cards (https://firstlook.org/theintercept/2015/02/19/great-sim-heist/) please?


That was just a test. Now the real challenge... can you fix my mortgage, career, and marriage?

Forget about the other two, and just worry about the career. If that is going well, that implies the mortgage is as well. And if those are both going well, what's to worry about in the marriage?

Keep 'em coming; I'm here all week. :)

I am getting old, and as I get older, I am getting older faster. Make it stop?

Forget about the other two, and just worry about the career. If that is going well, that implies the mortgage is as well. And if those are both going well, what's to worry about in the marriage?

Keep 'em coming; I'm here all week. :)

Thanks - I'm a little short right now, can you send me the bill?

http://i.imgur.com/FIT7KIm.jpg

There is no I in team. Alex is just a mod hog..hahaha

Just got one from Timm3h. :spy:

I got an email notice that I had a PM from him, several days ago, but apparently alex got to it before I did. It was gone when I went to my PMs.

One today ( jc_ninja). User has been here in the last two years, so they were able to get 2 PM's out to 10 people before being banned.

http://media2.giphy.com/media/llKJGxQ1ESmac/200.gif
http://media.giphy.com/media/oVvhEYvWDvE1G/giphy.gif
http://media1.giphy.com/media/1230rTAtEjLyLu/200.gif
http://media1.giphy.com/media/DBfYJqH5AokgM/200.gif

http://www.chasecaseco.net/wp-content/uploads/2014/12/w964.jpg


...whoa, that is 20 years old this year. Ugh

There is no I in team. Alex is just a mod hog..hahaha

YES THERE IS!!!!


http://blueprintbasketball.com/wp-content/uploads/2012/10/There-is-an-I-in-TEAM.png

http://www.chasecaseco.net/wp-content/uploads/2014/12/w964.jpg


...whoa, that is 20 years old this year. Ugh

it was such a cool movie when i was 6...

Don't make me feel old... I'm trying to have a good attitude today.

it was such a cool movie when i was 6...

I still find it a cool movie in that dated campy just for fun way. Course I like Fisher Stevens so eh. :p

It looks like some of the permissions changes I tried a few days ago, have locked down the marketplace areas more than intended. If folks were having issues posting in there, I believe it has been fixed at this point.

There is no I in team. Alex is just a mod hog..hahaha

YES THERE IS!!!!


http://blueprintbasketball.com/wp-content/uploads/2012/10/There-is-an-I-in-TEAM.png

Damn, you beat me to posting this exact thing!

YES THERE IS!!!!


http://blueprintbasketball.com/wp-content/uploads/2012/10/There-is-an-I-in-TEAM.png

Damn, you beat me to posting this exact thing!

:pound:

I still find it a cool movie in that dated campy just for fun way. Course I like Fisher Stevens so eh. :p

You mean... Mr The Plague

( I too <3 Hackers movie... then I learnt a lot about puters... then I discovered that nothing in Hackers bares any resemblance to real puter stuff... ... still <3 Hackers movie! )


...

"HACK THE PLANET!" :D

Edit: please do not hack ninjette.org... or the planet. k thx

I preferred SNEAKERS to HACKERS, but both are good movies

This is what Alex looks like when he's fending off the hackers,

http://i.ytimg.com/vi/NPp7N5iyCWY/maxresdefault.jpg

And here is a rare pic of him waiting for the next attempt

BRING THAT WEAK ASS SH*T HACKERS

http://www.flicksandbits.com/wp-content/uploads/2011/05/ian-mckellan-gandalf-3d.jpg

Keeping Ninjette.org safe for all,

like the boss he is

BTW Alex that last pic would be cool for your official picture