1. big soft moose

    big soft moose An Admoostrator Staff Supporter Contributor Community Volunteer

    Joined:
    Aug 1, 2016
    Messages:
    21,577
    Likes Received:
    24,795
    Location:
    East devon/somerset border

    Account security & Good passwords

    Discussion in 'Announcements' started by big soft moose, Jan 18, 2023.

    Hi All

    We are seeing a trend of accounts , which appear to have been genuine once before going dormant popping up posting spam for crypto sites

    We'd encourage you all to make sure you have a decent password - 10 characters plus, letters and numbers, capitals and lower case etc, all the usual... some good tips here https://www.makeuseof.com/tag/6-tips-for-creating-an-unbreakable-password-that-you-can-remember/

    Also we're having to ban these accounts for obvious reasons, so if you are reading this and have returned after a long absence to find that you are banned for posting spam, use the contact us to get in touch , admin can reactivate the account so you can take control back by changing your password
     
    Catrin Lewis likes this.
  2. Madman

    Madman Life is Sacred Contributor

    Joined:
    Jun 26, 2012
    Messages:
    937
    Likes Received:
    933
    Location:
    Sweden
    There also seems to be two-step verification on this site. Might be useful if you plan on going away from the forum for a long time. Might make things just slightly harder for the intruders.
     
  3. big soft moose

    big soft moose An Admoostrator Staff Supporter Contributor Community Volunteer

    Joined:
    Aug 1, 2016
    Messages:
    21,577
    Likes Received:
    24,795
    Location:
    East devon/somerset border
    Also if you know you are going to be away for months let us know and we can set your account to inactive which will stop it being misused in your absence
     
  4. ps102

    ps102 Senior Member

    Joined:
    May 25, 2022
    Messages:
    308
    Likes Received:
    345
    Location:
    Cyber Space
    My question is how the spammers obtain the account credentials in the first place.
     
  5. Earp

    Earp Contributor Contributor

    Joined:
    Jan 13, 2016
    Messages:
    3,934
    Likes Received:
    7,480
    Location:
    Bowl season, so in front of a screen,
    Your user name is your login, and easy-to-guess passwords can be discovered using brute force kiddy scripts. I'll admit my password is pretty simple, but I use it for most sites where I don't have any important information to lose. I guess I hadn't thought of the hassle for administrators. Of course, I'm never away from here for more than six minutes, unless I'm banned. I'll change it now.
     
    Catrin Lewis likes this.
  6. ps102

    ps102 Senior Member

    Joined:
    May 25, 2022
    Messages:
    308
    Likes Received:
    345
    Location:
    Cyber Space
    Oh, absolutely. But you'd think that the forum software has protection measures against brute-force attacks, like limiting login attempts once an IP address has made a certain amount of them. It's not like they are brute forcing a compressed archive where you basically have infinite attempts.
     
  7. big soft moose

    big soft moose An Admoostrator Staff Supporter Contributor Community Volunteer

    Joined:
    Aug 1, 2016
    Messages:
    21,577
    Likes Received:
    24,795
    Location:
    East devon/somerset border
    we do... given that in this case three long dormant accounts were compromised from the same IP and there was no sign in the logs of them being brute forced, or of passwords being reset (which would indicate an email compromise), i assume the users concerned had set very simple passwords like 'password1' or using their username as their password and like that...which didnt actually need a scripted attack

    these things happen - its just a timely reminder to all to use stronger passwords even though theres no financial information etc here
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice