Happy Atheist Forum

hey all
I tried logging in the forum last night, but even though it was my first attempt, I got this message

You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to enter the confirm code from the image you see below.

I had to log in by typing a security code.

Today, when I tried to log in again, I got the same message

anyone knows whats going on?

I use mozilla firefox btw

Quote from: "MariaEvri"hey all
I tried logging in the forum last night, but even though it was my first attempt, I got this message

You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to enter the confirm code from the image you see below.

I had to log in by typing a security code.

Today, when I tried to log in again, I got the same message

anyone knows whats going on?

I use mozilla firefox btw

I got that message once yesterday as well. Never had the problem before.

Same here. Let me log in just fine after i put in the security code, but was really weird.

Interesting. Sorry for the snag. This has now also happened to me a couple of times in the last few days. I alerted Whitney to the issue and she will check on it. She or I will get back to everyone with some info as soon as we figure out what is going on.

Possible account theft attempt.

For those of you who believe in lifetime passwords, it might be a good idea to change them... Even though such are notoriously hard to crack in many cases.

Quote from: "Asmodean"Possible account theft attempt.

For those of you who believe in lifetime passwords, it might be a good idea to change them... Even though such are notoriously hard to crack in many cases.

Interesting. I just had the problem again, second time. It would be particularly important if Whitney or any of the staff have had the problem and McQ has already noted that he has had this problem.

It happened to me too...not sure what I can do to stop it since anyone can look at the member list and try to log in as someone else by guessing the password.

I suggest that anyone who has an easy to guess password changes it to something hard and completely unrelated to their username, atheism or anything else someone might be able to guess.

Quote from: "Whitney"It happened to me too...not sure what I can do to stop it since anyone can look at the member list and try to log in as someone else by guessing the password.

I suggest that anyone who has an easy to guess password changes it to something hard and completely unrelated to their username, atheism or anything else someone might be able to guess.

Damn!  Mine was "username".

Yes, I would advise folks to make sure their passwords are a bit difficult to get a hold of. Mine is now encrypted pretty well and I don't think it's going to be an issue for me. But keep an eye on your profiles, and let us know if anything weird happens with your accounts.
Thanks!

So since I'm not having a problem.... I guess I'm good huh?  

Examples of weak passwords:

hotdog
CrOwN
l8r

Examples of mediocre passwords:

xX0KiSSES0Xx
14theRoad

A mediocre password is usually sufficient on forums, but a strong one is recommended.

Examples of strong passwords:

My1nAMe9IS7Alex3

This password like this is easy enough to remember but hard to crack. A birth year is split in place of space bars and at the end (No, I'm not a 1973 model. Example). Capital letters form the word "mama"

Please do not use this exact setup - it is meant to provide you with an idea of how to create a strong password. Such passwords are not 100% secure, however, unless you want a random sequence of numbers and letters to jealously guard in your house vault and forget every second login, they are the way to go.

Yeah, something's up.  Got the same security message when I logged out and back in.

Also got logged off automatically after a bit.

Password changed just in case...

There are good password generator programs and encryption programs available too.

1 Password is a very good one, and it syncs your passwords among your devices, such as iPhone/Desktop/iPad, etc. It uses very high grade encryption and won't get hacked easily, if at all.

I had the problem about 12 hours ago, it's was OK on last attempt.
Those security codes have gotten a lot harder, case sensitive hmm.
If they get much more difficult I will have trouble maintaining my human status.

What evil people do, is set keycrackers at work. A keycracker is an automated program which tries to crack a password usually over the course of hours or even days. The built-in countermeasures prevent such programs from being too successful because of the manually entered security code, but they can get lucky after multiple attempts on an unchanged password.

Quote from: "Asmodean"What evil people do, is set keycrackers at work. A keycracker is an automated program which tries to crack a password usually over the course of hours or even days. The built-in countermeasures prevent such programs from being too successful because of the manually entered security code, but they can get lucky after multiple attempts on an unchanged password.

So it would be advisable for anyone that keeps seeing that message to keep changing their password...right?

This is becoming annoying. Although my encrypted (and now rotating) passwords are unlikely to be cracked, I am having to use the code to get in every time I log in. Is there any way to find out where these attempted hacks are coming from?

Quote from: "McQ"Is there any way to find out where these attempted hacks are coming from?

It doesn't provide an IP address for login attempts and even if it did I'm sure someone like that would be using a proxy anyway.

Quote from: "Whitney"

Quote from: "McQ"Is there any way to find out where these attempted hacks are coming from?

It doesn't provide an IP address for login attempts and even if it did I'm sure someone like that would be using a proxy anyway.

So does that also mean that our hosting company can't determine the hacker identity? That would be a bummer.

I logged in with no problem today donno if that means anything

Quote from: "Whitney"So it would be advisable for anyone that keeps seeing that message to keep changing their password...right?

It's always adviseable to change passwords regularly. You do not have to do that every day or even every week though. Once a month or two is nice.

As for finding out, you'd have to rummage through your server statistics, IP logs and requested operations... A lot of work.

EDIT: ME, since some members have trouble while others do not, it is my assumption that someone is using a keycracker on us. They just didn't use it on your login. So if I am correct, you're safer than some for now  

Quote from: "Asmodean"EDIT: ME, since some members have trouble while others do not, it is my assumption that someone is using a keycracker on us. They just didn't use it on your login. So if I am correct, you're safer than some for now  

If Mr Blackhat was successful I'd assume you wouldn't get the security code request.
If he tries but isn't successful you do get the security code request.
Do many of these guys actually use character recognition?

Quote from: "McQ"So does that also mean that our hosting company can't determine the hacker identity? That would be a bummer.

They probably can....but it's godaddy (the company that tells me it is my fault that the forum is down when I haven't touched a thing); so I am not sure they would.

Let's see if the hacker gets tired of trying...as long as we keep the moderator accounts stay safe there isn't anything that bad that can be done.

Quote from: "The Magic Pudding"If Mr Blackhat was successful I'd assume you wouldn't get the security code request.
If he tries but isn't successful you do get the security code request.
Do many of these guys actually use character recognition?

If Blackhat succeeds, we'll probably have someone suddenly fall hopelessly in love with Markuze  :pop:

Luckily for us, it's not that easy, getting a hold of someone's password without infecting them with a keylogger their AV won't munch up.