Login problem

The place if you have forum issues to report, questions, feedback or just need information.
Post Reply
User avatar
jrbarber
Posts: 406
Joined: Fri Nov 02, 2007 4:29 pm
Location: Lakewood, CO

Login problem

Post by jrbarber »

On my 1st attempt to log in, I got the following message:
"You exceeded the maximum allowed number of login attempts."
Then I had to copy one of those indeciphable, hard to read strings of gibberish before I could get in.

What's up with that?

CO(lorado) Jim
CO(lorado) Jim
User avatar
BNMac
Posts: 1656
Joined: Fri Nov 02, 2007 3:45 pm
Location: Western Oregon

Re: Login problem

Post by BNMac »

The indecipherable string of characters is intended to mess up a bot that is trying to register or log in as a user. If a user (or a bot) tries to log in too many times, the user is presented with the panel you just received. I've seen it twice myself.

This seems to be a problem across a lot of boards, including phpbb.com itself. I've been working on determining the cause and implementing some short to mid-term patches and blocks to see if I can get a handle on it. The problem seems to be a spammer bot that is trying to log in as each one of us. It tries until it is blocked.

This may happen to everyone in the members list, which is why some boards limit visibility of the member list to logged in users only.

That said, everyone listen up! I have the passwords set to be 6 characters minimum and 30 characters maximum, and it requires letters and numbers. Make sure your password doesn't contain standard dictionary words and the like - the more mixed up the better. Suggested passwords could be "g_1a-2r*3b#4g5e" or something more silly. Make a note of it! Administrators CANNOT see your password, but we can change them for you.

Let's not let a bot mess up our day.

--Bruce.
There must be someplace in the middle of the fringe where I fit in... Woody Russell, Salt
User avatar
Eric
Posts: 507
Joined: Fri Nov 02, 2007 2:58 pm
Location: Lake Tahoe

Re: Login problem

Post by Eric »

To log in to any website you need a user name and a password.

Forums like this save hackers a lot of trouble because we give them user names right out in the open. So all the hacker has to do is guess the password associated with that user name and they have access to the account.

People have a tendency to use the same user name and password on accounts all over the Internet. If the hacker correctly guesses the password associated with a user's account on a forum, what they're probably going to do with it is take it over to the websites of Wells Fargo, Bank of America, US Bank, etc. and try to log in with that same user name and password.

The way to defeat this is not to use the same user name and password all the time. Certainly your banking should have a different user name than you use publicly as well as a complicated password. I don't know that non-admins really need complicated passwords for uses such as forum membership but on the other hand they shouldn't be so simple that they'd be easy to guess. Here's a list of 500 very common passwords. If you're going to use "porsche" for your password on a public forum, at least make it "por$che".
User avatar
Casa Blanca Hot Spring
Posts: 2329
Joined: Wed Nov 21, 2007 7:02 am
Location: Pie Town, New Mexico

Login problem

Post by Casa Blanca Hot Spring »

Hi All,

Along this same line, one of the banks we use requires us to change passwords every 30 days. That same bank recently required that user ID's contain letters and numbers and become case sensitive.

We never use anything that's familiar to our current situation, location, or names. For instance, one of us uses an Area Code we haven't lived in for 22 years as part of the user ID. We also use scrambled numbers.

It's interesting, though, that our Mozilla Firefox security software occassionally advises us that the security certificate of this particular bank isn't valid and that we should not go to the site. Go figure.

NN,
C&B
So Many Hot Springs, So Little Time...
User avatar
Eric
Posts: 507
Joined: Fri Nov 02, 2007 2:58 pm
Location: Lake Tahoe

Re: Login problem

Post by Eric »

Another issue I've seen is with the "security questions". Wasn't this how Sarah Palin's e-mail was hacked? The question was something like, "Where did you meet your husband?" Hacker guesses "Wasilla". Bingo, password revealed!

The solution is to do something like this:
What is your mother's maiden name? Ojsimpson
In what city did you attend high school? Ojsimpson
Who is your favorite author? Ojsimpson
What was your first car? Ojsimpson
User avatar
Kim_S
Moderator
Posts: 5281
Joined: Fri Nov 02, 2007 3:49 pm
Location: San Diego

Re: Login problem

Post by Kim_S »

Absolutely Eric- I've been doing that on all my security questions (and also adding numbers where required). I've also always wondered whether it's easy for hackers to get into "https" connections.
Kim Sturmer
Balneologist-at-large
"Soak A Lot More in 2024!"
User avatar
Greyfalcon
Site Admin
Posts: 1607
Joined: Sat Nov 17, 2007 6:53 pm
Location: Southeast U.S.

Re: Login problem

Post by Greyfalcon »

In addition to mixed case alphanumeric + symbols passwords that have nothing to do with common names, dates, etc., I often use illogical answers to security questions; if it asks for a city, my answer might be a number.
Stoked to soak!
Post Reply