Forum woes

bubba

bubba

Administrator
As Les has said - this won't stop you getting logged out, there's little we can do about that at the moment. But if you've got a weak password then it's possible the bot will stumble upon the right one by chance.

Some people do use passwords that are stupidly easy to guess and presumably the bots are using some kind of dictionary attack in order to exploit this.
 
JasonC

JasonC

Well-known member
Les W said:
Can you not identify the IP address and block it?
Click to expand...

Not if it's a botnet doing the hacking.  Mind you, a forum like this seems a strange target for anyone to attack - I can't see what they'd have to gain ?
 
SamT

SamT

Moderator
A good few years ago - the whole site was attacked , a load of posts were lost from the data base, graphics all cocked up , matrix style numbers scrolling down the screen .. all a bit random really. IIRC bubs found out the hackers were part of some hacking war between gangs of hackers, trying to out do each other by hacking as many sites as possible.

Or I could have just dreamt all that.  :blink:
 
bubba

bubba

Administrator
JasonC said:
Les W said:
Can you not identify the IP address and block it?
Click to expand...

Not if it's a botnet doing the hacking.  Mind you, a forum like this seems a strange target for anyone to attack - I can't see what they'd have to gain ?
Click to expand...
Yep, there's loads of IPs involved. Hopefully they'll just get bored and move on to a different target.

Busy forums achieve good search engine placement so the spammers tag their spam links into legitimate topics;  the idea being that the search-engine bots that constantly crawl the site will be fooled into thinking the spam links are legit.

So the spammer gets an artificially high search-engine placement and hence more traffic to the site that they are promoting.
 
TheBitterEnd

TheBitterEnd

Well-known member
Just timed me out whilst posting this  o_O ...

The thing I've implemented for a few websites now is a timer between log in attempts for a given IP. The time gets longer every time there is a failed login from a given IP address. Attempts to access the login page too quickly get redirected to a holding page.

The other thing that helps to put the bots off the scent is randomising the name of the username & password input fields.
 
Roger W

Roger W

Well-known member
Just got kicked out of the system today...  :cry:

Logged in, went to "show unread posts" and began working my way down the list.  No problems until I came to Moorebooks' post on his Drakelow trip.  Wouldn't let me see it - Access denied.  Seems I would need to log in again.

Hum!  Back-buttoned to the "unread posts" screen - still logged in there - and happily read all the other postings - no problems.  Tried Moorebooks again - not logged in again.  "What had I done to offend the man?" I thought.  Clicked on "Uk caving" to see all the boards, and there I was - logged out.

Oh well...    :coffee:
 
S

SpeleoTrog

Member
Roger W said:
Hum!  Back-buttoned to the "unread posts" screen - still logged in there
Click to expand...

If you press the back button, you are literally going back to the last time you loaded the page so it would show you logged in. What happens if you click back and then refresh?
 
T

Trogs friend

Guest
Hi folks, hope one of you computer literate types can help me. This post is by Trog but I've been having a few problems logging on. I tried to get on the forum yesterday but had been logged out (normally stay logged in all the time). I can't remember my password and the 'forgot my password' help sends a message to an old email address that I no longer have acccess to. I've registered again as Trogs Friend (it really hurt me that apostrophes were not allowed in a username) just so I can participate, but would really prefer to be Trog again. What do I do?

Trog
 
Roger W

Roger W

Well-known member
? e-mail an administrator enclosing copies of birth certificate, passport and full caving history to prove you really are Trog ?

And next time keep a copy of your password on a piece of that waterproof paper glued to the inside of your helmet...
 
bubba

bubba

Administrator
Trogs friend said:
Hi folks, hope one of you computer literate types can help me. This post is by Trog but I've been having a few problems logging on. I tried to get on the forum yesterday but had been logged out (normally stay logged in all the time). I can't remember my password and the 'forgot my password' help sends a message to an old email address that I no longer have acccess to. I've registered again as Trogs Friend (it really hurt me that apostrophes were not allowed in a username) just so I can participate, but would really prefer to be Trog again. What do I do?

Trog
Click to expand...

I've checked both accounts and you're posting from the same ISP, etc (can't have people hijacking accounts now!) so if you send me a PM with your current email address on it, I'll update Trog with that address, reset your password and send it to you.

You can then change the password to one that you want by editing your profile. Once that's done, I'll delete "Trogs Friend".
 
A

Amy

New member
Hrm I wasn't having logout issues back when Les started this thread but now I am, every time I re-visit I have to re-log-in even though my browser is set to keep the cookies for this site and I check the "stay logged in forever" button
 
graham

graham

New member
Amy said:
Hrm I wasn't having logout issues back when Les started this thread but now I am, every time I re-visit I have to re-log-in even though my browser is set to keep the cookies for this site and I check the "stay logged in forever" button
Click to expand...

Me too. Since yesterday afternoon.
 
kay

kay

Well-known member
And me.

And for some strange reason, I'm going through new posts this morning, and this post of Graham's is the first post that I haven't already read last night.
 
D

dunc

New member
Yep, same here, got worse in past few days, have to sign in nearly every visit, in fact I was signed out trying to post a reply to this, think I'll take a break from the forum until it is sorted.
 
bubba

bubba

Administrator
dunc said:
think I'll take a break from the forum until it is sorted.
Click to expand...
Well there's little we can do I'm afraid. There's nothing to stop anyone going to any SMF forum on the web and trying to log in using an incorrect password.

I've stopped guest access to the memberlist and member profiles.

This may help a little, we'll have to see - it depends upon how their bots are choosing which member to attempt to login as.

Preventing all guest access would probably work well but that's a bit over the top.
 
4bags

4bags

New member
Well, there's one good thing... for the first time in years I can now remember my UKC password without having to go and look it up. Despite the inconvenience, it's not reall that much of a chore to type in a user-name and password...
 
You must log in or register to reply here.
Top