Boatless Fishing Forum, Reports, Info

Need every ones help need some questions answered.

This has to do with the Data base crashes.

1. Have you received at the time of log in a message that said you have exceeded your log in attempts and had to put the captcha code in ? I already know "YES the captcha code is very difficult" has to be and you will learn why soon? If so did it happen on first attempt or did you try a few times previous? If you had tried a few times previous NO need to answer, But those that had only tried once or none I want to hear from you.

2. For those people that it did happen to, What Operating system are you using XP, Vista, 7 and so on.


I will explain after we hear from a few people, I believe I have this in hand but I am verifying a few things across the forum before I say anything.


Explanation

We have been getting hit by Brute Force attacks

EVERYONE the security has been working that is why you are seeing the message, that is another reason for more complicated captcha.

But please tighten up your passwords 8 character passwords are OK but 12 character is better and combination letters and numbers is even better.

DO NOT USE PERSONAL PASSWORDS like ones you use for networks or bank accounts always keep them different.

I am on it, just waiting to see what PHPBB is doing from that side - is there a new script "bot" what ever is out there that losers are using.

Tommy i received the invalid login at my first attempt and i was putting the right PW, which is why i emailed you about it.

I tried it on my phone and on a different browser and it said the same thing, once you changed the pw it was fine though, maybe it stopped crashing?

I am running Windows 7.

The "View new posts" icon is now flashing for me...

Good Ron, Thanks
Everyone that is the screen that you should have seen

Happ to me on my iPad now I can't get back on with my ipad

The wife's puter is still doing it (Windows 7) Mine's still not having problem's. (XP)

Hi,

the only issue i had on xp was i would hit enter after entering password and the page would be blank and I would have to backspace..seems to have gone away

I just logged on and all I get is Porn. I don't want you to fix it, I'm just braggin

Tommy, I got the exact screen that Ron had up one day last week, but I got it on the first attempt. I normally have automatic login, but when I went to login, I got that screen and the CAPTCHA was impossible to read! After several attempts, I finally gave up. Then when I got home and tried from my desk top, I had no issues at all. I use XP on both computers.

Ok, I know some have figured it out but for those that have not.

Someone, it appears, has been attempting to brute force the user accounts, but I am also suspecting a possible bug, so I am watching.

I have been aware for two weeks that something is off and I have been monitoring IPs and the server.

This is not only here, I have found that different forums ( not only PHPBB3 ) have been seeing this for the same amount of time.

I have connected one ip used in this site as attempting to obtain passwords at another site and I am viewing my server logs and have contacted the ip's server for further investigation because it seems related in the forum also.

This may have relevance or it may not, but it is very coincidental.

They may be aware, also they may not.

But if you are I will give you a hint, for only you, so you realize a HAIL of T REX puckies are coming your way. I will give you that hint in a little while SWEAT and under appreciate my abilities for now.

I have been told I do not play well with others - I guess you may be asking me to come out and play.

EVERYONE the security has been working that is why you are seeing the message, that is another reason for more complicated captcha.

But please tighten up your passwords 8 character passwords are OK but 12 character is better and combination letters and numbers is even better.

DO NOT USE PERSONAL PASSWORDS like ones you use for networks or bank accounts always keep them different.

I am on it, just waiting to see what PHPBB is doing from that side - a bug or is there a new script "bot" what ever is out there that losers are using.

I use the auto log in feature. I just logged out and back in and had no problems XP is my OS. I never had a problem

This is just one method

Attack anatomy
To perform the attack, the attacker registers an account on the forum and tests that the memberlist is available for them to obtain lists of users. The attacker then uses an automated process to login and download thousands of user names from the memberlist, After collecting this data the attacker attempts to brute-force account credentials by repeatedly sending login requests to the forum. As the attack does not attempt to solve the invalid login attempts CAPTCHA, it is limited to the amount of attempts specified in the "Maximum number of login attempts" configuration option.

Signs
Visible signs of this attack include:

* Users being required to enter a CAPTCHA after an initial login attempt.
* Increased server load.
* Repeated POST requests to ucp.php?mode=login from the same IP address.

Prevention
phpBB provides several tools that enable users to mitigate these efforts.

* To prevent successful brute-forcing, an administrator may ensure that "Maximum number of login attempts" , ensuring that a CAPTCHA will be required if an excessive number of failed login attempts occur.

* Additionally, this attack may be mitigated by proper password selection. Ensure that your password contain letters and numbers and are not common words, phrases, combinations (password, 1234, etc.).

They would have to get real Lucky in 3 shots and if that's the case they should be buying LOTTO tickets, Not trying to breach accounts.

I am not convinced that they got our member list, it seems that those effected on here post a lot, I believe the culprit is using member names that they see easy as in posting and I think it may just be one of are users playing around, not realizing the laws they are breaking.

Like I said I have been tracking a user and will post a little something for them later so they know I know, but I want them to wonder and pee pee in there pants especially if this is intentional.

Its all part of the Game.

8-16=
0101100101101111011101010100110001101111011100110110010101110010

Its Simple oh so simple

good luck with kicking hacker butt tommy

for some reason the " View new post" keeps blinking on and off. maybe thats only on my account. dont know if it is ordoes everyone else see that to.

good luck tommy...

i had to sign in today and must say the new captcha had me really working my eye sight lol. but its all for a good cause.

fixed80 wrote:for some reason the " View new post" keeps blinking on and off. maybe thats only on my account. dont know if it is ordoes everyone else see that to.

Seems to be working fine for me...

thanks for the watchful eye.
i havent been affected using vista or my phone.
but i use auto sign for both and have the 8 character/number type pw

there is also a program that lets you bypass captcha by appscene . i don't know if that applies to this.

if it is my ip it is coincidence and not malicious

i have blinking view new posts also

I did that to the new post link so it was more obvious.

fixed80 wrote:for some reason the " View new post" keeps blinking on and off. maybe thats only on my account. dont know if it is ordoes everyone else see that to.

Its doing the same thing for me.