Hi All We are seeing a trend of accounts , which appear to have been genuine once before going dormant popping up posting spam for crypto sites We'd encourage you all to make sure you have a decent password - 10 characters plus, letters and numbers, capitals and lower case etc, all the usual... some good tips here https://www.makeuseof.com/tag/6-tips-for-creating-an-unbreakable-password-that-you-can-remember/ Also we're having to ban these accounts for obvious reasons, so if you are reading this and have returned after a long absence to find that you are banned for posting spam, use the contact us to get in touch , admin can reactivate the account so you can take control back by changing your password
There also seems to be two-step verification on this site. Might be useful if you plan on going away from the forum for a long time. Might make things just slightly harder for the intruders.
Also if you know you are going to be away for months let us know and we can set your account to inactive which will stop it being misused in your absence
Your user name is your login, and easy-to-guess passwords can be discovered using brute force kiddy scripts. I'll admit my password is pretty simple, but I use it for most sites where I don't have any important information to lose. I guess I hadn't thought of the hassle for administrators. Of course, I'm never away from here for more than six minutes, unless I'm banned. I'll change it now.
Oh, absolutely. But you'd think that the forum software has protection measures against brute-force attacks, like limiting login attempts once an IP address has made a certain amount of them. It's not like they are brute forcing a compressed archive where you basically have infinite attempts.
we do... given that in this case three long dormant accounts were compromised from the same IP and there was no sign in the logs of them being brute forced, or of passwords being reset (which would indicate an email compromise), i assume the users concerned had set very simple passwords like 'password1' or using their username as their password and like that...which didnt actually need a scripted attack these things happen - its just a timely reminder to all to use stronger passwords even though theres no financial information etc here
This is my first time back after a long absence. This post is a test to see if I am still active. My login still works. Don't think I've been hacked, and my passwords are likely impossible to guess as they are made up nonsense words that I can easily remember.