Attempted hack?

[Travis]

You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below.

This is what I was greeted with when logging in today. I can only surmise that someone has repeatedly tried to access my account. How else would this built-in security function have been "tripped"?

I assume, Big Orange, that you have no way of discovering the villain's identity?

Unmasked or not however, I'd like to extend a very derisive FUCK YOU to the perpetrator.

Sincerely,

Me

[David]

That's odd. I got the very same thing tonight. Strange, strange, passing strange.

[Ros]

I had this last night.

[Travis]

Has anyone else experienced this? I'd like to know if people outside of the admin/mod/former mod circle has been affected.

That suspicion aside, because it wasn't isolated (you two had it happen as well), the likelihood that it's related to some sort of update is more likely. But we'll see I guess.

[Travis]

Oh, and just to be safe, I'd advise changing your current passwords, even if you think they're sturdy enough. Strictly speaking, if attempts were made to hack your accounts, the person or persons responsible now have more information than they did prior to making the attempts; i.e., they know what your passwords AREN'T. It's a small mathematical edge you can give yourselves. Reset them back to zero. Assuming of course, that "they" exist. But better safe than sorry.

[David]

I could change my password, but ... I can't see what advantage anyone would gain by hacking into my PG account. Perhaps that's just my ignorance showing. They could pretend to be me, but how long could they plausibly keep that up for? Even I find it hard work.

Of course I suppose they could change my password, which would be an enormous pain.

[Travis]

They could change your password, locking you out. You would lose your privacy (hacker would have immediate access to private correspondences). Your post history would be in jeopardy (hacker could delete/edit posts). And because you're a mod, everyone else would be at risk of altered/deleted posts as well.

[David]

Erk. Here's hoping I remember the damn new one.

[Nicola]

That's weird. It did the same for Cam but not me. Strange. I will investigate.

[Nicola]

I have investigated -

phpbb support forum says:

"This is not a new occurrence, it may just now happening to you.
It is happening world wide and not just to phpBB, and it's not version specific.
Hackers/spammers are trying to 'brute force' passwords"

They recommend people use strong passwords so perhaps it's time to change them!

[Lake]

It happened to me, too.

[ray miller]

This happened to me just now.It asked me for my favourite animal then told me that the answer was chicken. I suspect fowl play.

[BenJohnson]

Same here, damn spammers. Mind you I think they got in it explains that last poem from Ray

[twoleftfeet]

I could change my password, but ... I can't see what advantage anyone would gain by hacking into my PG account. Perhaps that's just my ignorance showing. They could pretend to be me, but how long could they plausibly keep that up for? Even I find it hard work.

Of course I suppose they could change my password, which would be an enormous pain.

David,
Have a read of this:
http://lifehacker.com/#!5505400/how-id- ... -passwords

Many people use the same password for more than one site, and don't have a strong password for their Email a/c either.
If they get into your Email you could be in deep merde if there are personal and financial details to be had.

[Travis]

Yeah, it's happened to me again today. Annoying.

[Nicola]

Just for reassurance - I have read this and made sure all the preventative measures have been taken.

http://www.phpbb.com/community/viewtopic.php?t=1947925

I'm not sure what else to do. I may go through the new members and delete those who haven't posted anything.

I think it would be a good idea for people to change their passwords even though I know it is a pain.

[BenJohnson]

Have you banned the IP address range that attacks are coming from?

[Nicola]

Have you banned the IP address range that attacks are coming from?

I have looked at it but it's prving pretty difficult to establish where it's coming from.

See

http://www.phpbb.com/community/viewtopi ... &t=2116469

I think the key is your passwords - make sure they are complex. I do change the CAPTCHA regularly but if it gets too difficult real people can't read it which is frustrating.

The whole thing is very annoying but no forum security seems to have been breached so far.

[David]

Yes, I just got it again too. My PG password is (a) pretty obscure and (b) not used for anything else, so I (hopefully) shouldn't be too much at risk.

[Nash]

This has happened to me too.

Did the bit where you change your password always say:

Password must be between 6 and 30 characters long, must contain letters in mixed case and must contain numbers.

because my old one didn't. I've just changed it to include this and it all seems to be fine now.

[twoleftfeet]

Yes, I just got it again too. My PG password is (a) pretty obscure and (b) not used for anything else, so I (hopefully) shouldn't be too much at risk.

Sounds good to me, especially the "not used for anything else" part.

I really don't think there's anything to worry about when the hacker only gets 3 attempts before being blocked!

Mind you, having read that article about passwords I won't be using a 6 character password anytime soon - more like 16!

EDIT: The articles gone! Maybe the site was hacked?

[JohnLott]

Same login problem for me: 30/03/11 10:54

J.