Yeah, that's kind of how they do it. The basically scour site like a search engine (crawls all links from forever) grabs all the usernames that can be grabbed from the pages (need a little knowhow to write that script) then plugs those usernames into brute force app that tries each username as many times as it can till time out.

The smart ones then keep a list per user of common passwords that have already been tried for a particular user so they 're not covering the same ground twice.

A better, and more sophisticated, method for getting email/password combos is to actually hack the site where this info is stored, most of it in clear text but a lot of times the passwords on not strongly encrypted or poor ones can be reversed by using rainbow tables https://en.wikipedia.org/wiki/Rainbow_table

I've even had my special emails that I create for sites show up as emails back to me saying they have my password for the site, They do have it but it's basically useless for anything but that particular site. This method is very good for creating "skareware" as I call it - sending you an email usually from your own address saying that they have hacked you and have been watching you surf the internet and then demanding bitcoin payment for not spreading the news of your lurid browsing habits. It's a really effective social engineering piece. NEVER PAY RANSOM WARE. this will only be the tip of the iceberg if you do.

here's a good site to see if you email has been compromised on various websites - if yours shows up, don't worry too much but be aware that some script someone might have your email address and password combo that you used on the site you signed up for.

https://haveibeenpwned.com/

Also some pertty good steps to help protect keep you safer signing up for stuff, and stuff...

This alone makes it a good idea to change your master/safe/important passwords periodically - sucks but that's the way it is for now till we get past the need for password - this exists but not the norm for now

Be safe, don't trust strangers on the internets. I'm one of them ;)

Thank you, Bob-o and Thud and everyone. Good info and advice. The whole matter disgusts me, but we can only do what we can do.

There are plenty of password managers, some of them free, that help you store your passwords. You can copy and paste and don't have to remember dozens or more passwords.

Also, do not let your browser store and fill in passwords. Browsers can be hacked.

Bob

A couple of months ago I got one of those e-mails telling me they filmed me via my computer's camera having fun while I surfed porn, and demanded bitcoins (I don't even have a camera on my computer - it's old and I didn't go for that option).

The password they used was one I used many years ago on a forum that I closed my account on years ago. I supposed they hacked that site.

Anyway, they obviously sold me address and expired password to others because at it's peak I was getting 10 or 15 per day.

I just ignored and deleted.

I keep good AV and Malware apps on my computer, keep them updated, use strong passwords, and am careful with my surfing habits. That doesn't guarantee I'll never get hacked, but it lowers the odds greatly. The hackers would rather go for low hanging fruit. If they are going to spend a lot of work hacking, they will usually go for something more rewarding than what I have to steal.

The most commonly used and easily hacked passwords of 2018 according to one source (avoid these or anything easy)

123456
password
123456789
12345678
12345
111111
1234567
sunshine
qwerty
iloveyou
princess
admin
welcome
666666
abc123
football
123123
monkey
654321
!~#$%^&*
charlie
aa123456
donald
password1
qwerty123

Anybody using passwords like these is living dangerously.

Bob

Great tips, Bob. Thank you :thup:

I haven't logged in since Friday and I probably messed up my password tonight , but I only had the one attempt and was informed to wait 15 minutes before trying again. I was able to log in once I waited but I was wondering why I had the message. Now I understand. I will be changing my password.

I have changed my password on this site and on my home network. Didn't do any good.
Getting the log in error more than ever. This is the only site that I have had this problem.

Having this same login problem again.

Did your login error look like the picture in this post?? .. https://forum.lowcarber.org/showthr...912#post9335912

No, it's the one that says name/password incorrect and exceeded login attempts.
Try again in 15 minutes.

Has happened several days in a row now the first time I try to login.

Had that happen once a couple of days ago. I just went elsewhere that afternoon.

It seems to have been only once.