|
Someone trying to Hack into my account here
Yesterday I had two email notifications that my account was locked out due to someone exceeding the 5 attempts at logging in with the wrong password. And it wasn't me. When I looked up the IP address provided it was across the country. This concerns me. Has this happened to anyone else?
|
Quote:
Doreen p.s. - I've merged your post with an earlier thread on this matter to keep the discussion in one place :idea: |
Had the same thing happen to me this morning. I logged on earlier with no problem and had not been trying again until I had an e-mail from admin.
Then I tried to sign in and got the same message. Different IP address than mine but I changed my network password anyway. |
While I still don't know 100% what's the problem, I want to encourage everyone to change your password :exclm:. This is just good sense anyway, so now's as good a time as any to do it :)
Don't use the same password all over the web. Especially don't use the same password here as you use for online banking!!! A good tip is to use a mix of numerals, upper and lower case letters. Where possible, add in a few symbols, such as #$%. Check this article .. How to Create a Strong Password (and Remember It) "password123" is NOT a strong password. Just sayin' Hope this helps :rose: Doreen |
And when you log in, and it says "password not found" - "not found" is not a good idea to change your password to ;)
Bob |
Thanks! I appreciate the quick response. And I feel better knowing it wasn't just me. I did change the password right away to something more complex.
|
My account was locked again last night due to someone/something trying to log in to it. Sadly, I do not feel safe using this website anymore.
|
Jane, I have read some comments to you that this doesn't happen with a Mac but I have a Mac and it happened to me several times. I changed my network password and also my password to this site and still got the error message.
Hasn't happened again in the last week or so. |
I've been having this problem as well the last few days. Have to wait 15 minutes to log in because of excessive attempts. I'm thinking about deleting my account altogether. Is there a way to do that?
|
Personally, my guess (and it is a guess) is that there is a software malfunction that rears its ugly bits every now and then.
Patience and tolerance might be the words for today. Let the moderators know, and if it is a glitch, the techs might be able to fix the problem. Bob |
I have been having the same problems again also. It only seems to happen to me in the early morning hours between 2 and 6.
|
Quote:
If a member no longer wishes to participate here at Active Low-Carber, then we can permanently delete the account. However, account deletions for the sole purpose of re-registering with a new name isn't permitted, so please don't do it. Also, new registrations are just as prone to this error as older ones, so signing up with a new name will not resolve the problem. I'm not a webmaster so not sure of the exact mechanics behind this glitch but it appears to be due to automated search engine activity, like Google, Bing and others. There's no bored teenager or nefarious foreigner trying to hack into each of our accounts. The best way to secure your account is to change your password right now. This is wise thing to do everywhere around the web, including facebook, amazon, your bank. Never, never use the same password for all of your online accounts! :exclm: How to Create a Strong Password (and Remember It), from How-To Geek Doreen :rose: |
Doreen T, thanks for your input.
As long as the webmaster knows, and the problem is being addressed, I have enough patience to wait and come back later. Sometimes troubleshooting problems can be maddeningly time extensive compounded with the pressure that you want to fix it as soon as possible. IMO The friendship and information here are much more important than the occasional problem logging in. Bob |
I had it happen to me yesterday. Here's what's happening.
This site, along with every other BBS and thing you can imagine, has been stripped of usernames (that's easy enough for a kid to do) and then those usernames are fed into a program which tries to "brute force" password guesses, Like doreen mentioned - simple ones like "password" or "123" or username as password. This system (our BBS here) apparently allows 5 tries on password before locking you out for 15 minutes - if you try to log in during the timeout period from the brute force attempt you'll get the message that you've tried to many time s and wait to login 5 attempts then block usually triggers the hackers script to move on to the next username that's been harvested from here. Scripts will be reused so it's possible that it could happen often although it was a first for me and I've been on here a few years. again, doreen mentioned to use a decent password and one THAT IS NOT THE SAME ONE YOU MIGHT USE ELSE WHERE with the email you have on file here. That's the beginning of a hard time for you! If you get hacked here, the hacker (a bot at first) can login as you and go to your Control Panel and get your email address on file, then start using this email/password combo on sites such as: Common Banks Ebay PayPal you name it My method to avoid these kind of head aches is to use a unique email for each site I sign for and a set of passwords that have not related to any of my "critical" passwords I use elsewhere This is a head ache of it's own but worth it to me. BOTTOM LINE: If you are going to use your general email for signing up for sites, use a UNIQUE password for all sites and keep a list of those in some kind of encrypted form. KeePass works pertty good and is open source. You can check it out here... https://keepass.info/ I use this at work. Good Luck, Stay Smart, Stay Safe |
Thank you Mr. Thud :thup:
For the record, our Webmaster (tamarian) has made some changes very recently to greatly reduced search engine activity on our forum. |
Quote:
Yeah, that's kind of how they do it. The basically scour site like a search engine (crawls all links from forever) grabs all the usernames that can be grabbed from the pages (need a little knowhow to write that script) then plugs those usernames into brute force app that tries each username as many times as it can till time out. The smart ones then keep a list per user of common passwords that have already been tried for a particular user so they 're not covering the same ground twice. A better, and more sophisticated, method for getting email/password combos is to actually hack the site where this info is stored, most of it in clear text but a lot of times the passwords on not strongly encrypted or poor ones can be reversed by using rainbow tables https://en.wikipedia.org/wiki/Rainbow_table I've even had my special emails that I create for sites show up as emails back to me saying they have my password for the site, They do have it but it's basically useless for anything but that particular site. This method is very good for creating "skareware" as I call it - sending you an email usually from your own address saying that they have hacked you and have been watching you surf the internet and then demanding bitcoin payment for not spreading the news of your lurid browsing habits. It's a really effective social engineering piece. NEVER PAY RANSOM WARE. this will only be the tip of the iceberg if you do. here's a good site to see if you email has been compromised on various websites - if yours shows up, don't worry too much but be aware that some script someone might have your email address and password combo that you used on the site you signed up for. https://haveibeenpwned.com/ Also some pertty good steps to help protect keep you safer signing up for stuff, and stuff... This alone makes it a good idea to change your master/safe/important passwords periodically - sucks but that's the way it is for now till we get past the need for password - this exists but not the norm for now Be safe, don't trust strangers on the internets. I'm one of them ;) |
Thank you, Bob-o and Thud and everyone. Good info and advice. The whole matter disgusts me, but we can only do what we can do.
|
There are plenty of password managers, some of them free, that help you store your passwords. You can copy and paste and don't have to remember dozens or more passwords.
Also, do not let your browser store and fill in passwords. Browsers can be hacked. Bob |
Quote:
A couple of months ago I got one of those e-mails telling me they filmed me via my computer's camera having fun while I surfed porn, and demanded bitcoins (I don't even have a camera on my computer - it's old and I didn't go for that option). The password they used was one I used many years ago on a forum that I closed my account on years ago. I supposed they hacked that site. Anyway, they obviously sold me address and expired password to others because at it's peak I was getting 10 or 15 per day. I just ignored and deleted. I keep good AV and Malware apps on my computer, keep them updated, use strong passwords, and am careful with my surfing habits. That doesn't guarantee I'll never get hacked, but it lowers the odds greatly. The hackers would rather go for low hanging fruit. If they are going to spend a lot of work hacking, they will usually go for something more rewarding than what I have to steal. The most commonly used and easily hacked passwords of 2018 according to one source (avoid these or anything easy) 123456Anybody using passwords like these is living dangerously. Bob |
Great tips, Bob. Thank you :thup:
|
I haven't logged in since Friday and I probably messed up my password tonight , but I only had the one attempt and was informed to wait 15 minutes before trying again. I was able to log in once I waited but I was wondering why I had the message. Now I understand. I will be changing my password.
|
I have changed my password on this site and on my home network. Didn't do any good.
Getting the log in error more than ever. This is the only site that I have had this problem. |
Having this same login problem again.
|
Quote:
Did your login error look like the picture in this post?? .. https://forum.lowcarber.org/showthr...912#post9335912 |
No, it's the one that says name/password incorrect and exceeded login attempts.
Try again in 15 minutes. Has happened several days in a row now the first time I try to login. |
Had that happen once a couple of days ago. I just went elsewhere that afternoon.
It seems to have been only once. |
| All times are GMT -6. The time now is 22:04. |
Copyright © 2000-2024 Active Low-Carber Forums @ forum.lowcarber.org
Powered by: vBulletin, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.