Author Topic: Site Attack  (Read 11438 times)

Lyle Brotherton

  • Administrator
  • Hero Member
  • *****
  • Posts: 939
  • Competent and safe navigation sets you free.
    • View Profile
Site Attack
« on: November 23, 2011, 09:59:22 AM »
Logged on early this morning to find multiple SPAM postings.

A group of spammers had managed to get into our system by breaking exisitng users passwords. The spammers did not enter new topics or threads, instead modified existing ones.

Callum & Pete's passwords were the most vunerable, I have spoken with Callum and Pete this morning.

Please can everybody ensure that their password is alpha-numeric and at least 10 characters long - ideally 12?
“Opinion is the medium between knowledge and ignorance” - Plato

Hugh Westacott

  • Sr. Member
  • ****
  • Posts: 306
    • View Profile
    • Walk with Westacott
Re: Site Attack
« Reply #1 on: November 23, 2011, 11:21:31 AM »
What is the procedure for changing my password (sorry, I'm a bit dense!).

Hugh

Phil

  • Guest
Re: Site Attack
« Reply #2 on: November 23, 2011, 11:23:56 AM »
I've had a look at my posts, everything seems okay. Shame really, kind of hoping someone would improve them ;)

I think my password is okay...well it's long enough.

Phil

  • Guest
Re: Site Attack
« Reply #3 on: November 23, 2011, 11:29:31 AM »
Hi Hugh

There is a bar along the top section of the forum " Home Help Search Profile ...etc"

Click on Profile then Account settings

There should be a section called 'Modify' in there is a section for changing your password.

Put in your new password and again in the Verify box and click on update at the bottom.

If all goes to plan you are done. If not I've probably just messed up your settings for you  ;)

Phil

  • Guest
Re: Site Attack
« Reply #4 on: November 23, 2011, 11:32:01 AM »
Hugh

I knew I'd get something wrong. ::)

You also need to put your current password at the bottom before updating.
« Last Edit: November 23, 2011, 02:04:42 PM by Phil »

Lyle Brotherton

  • Administrator
  • Hero Member
  • *****
  • Posts: 939
  • Competent and safe navigation sets you free.
    • View Profile
Re: Site Attack
« Reply #5 on: November 23, 2011, 01:10:34 PM »
Thank you Phil and I hope Hugh you are now sorted.

SPAM is the blight of the net and it has reminded me to take up those who have volunteered to help moderate this forum and if any other members would like to help please PM me.

The sad component is that Cal and Pete have lost their postings.
“Opinion is the medium between knowledge and ignorance” - Plato

Callum

  • Administrator
  • Hero Member
  • *****
  • Posts: 512
    • View Profile
Re: Site Attack
« Reply #6 on: November 23, 2011, 01:24:29 PM »
No probs Lyle :)

Reality is that it has been a wake-up call for me to improve my internet security.

Ashamed to say, but I had become complacent and used the same password for a lot of things and I have spent this morning rectifying this, so to lose a few posts is far better than losing money from my bank account or worse still being a victim of identity theft.

Lyle Brotherton

  • Administrator
  • Hero Member
  • *****
  • Posts: 939
  • Competent and safe navigation sets you free.
    • View Profile
Re: Site Attack
« Reply #7 on: November 23, 2011, 01:29:16 PM »
Easily done Callum.

Adi and I were having a telephone conversation recently about a very secure base we both know, double perimeter fences, live rounds type of base, where the mistress of the Base Commander used to drive freely on and off in her black VW Golf!

Oh and I see this is your first posting, welcome on-board Callum ::)
« Last Edit: November 23, 2011, 01:31:01 PM by Lyle Brotherton »
“Opinion is the medium between knowledge and ignorance” - Plato

Hugh Westacott

  • Sr. Member
  • ****
  • Posts: 306
    • View Profile
    • Walk with Westacott
Re: Site Attack
« Reply #8 on: November 24, 2011, 09:26:33 AM »
Thanks to Phil and Lyle I've now changed my password.

Hugh

Pete

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: Site Attack
« Reply #9 on: November 24, 2011, 06:52:39 PM »
Is this another Pete than me??


Logged on early this morning to find multiple SPAM postings.

A group of spammers had managed to get into our system by breaking exisitng users passwords. The spammers did not enter new topics or threads, instead modified existing ones.

Callum & Pete's passwords were the most vunerable, I have spoken with Callum and Pete this morning.

Please can everybody ensure that their password is alpha-numeric and at least 10 characters long - ideally 12?
'All Men Die, Not All Men Have Truly Lived.

Phil

  • Guest
Re: Site Attack
« Reply #10 on: November 25, 2011, 08:25:57 AM »
Hi Pete

Yes, It was Pete McK's account that was mugged.

adi

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 548
    • View Profile
Re: Site Attack
« Reply #11 on: November 25, 2011, 12:20:03 PM »
MicroNavigation Forum has made it to the big time and has come on to the radar of hackers, at least it was the forum and not the main site.

So Cal and Pete where using the password 'God' then, one of the most used passwords on the planet, see, not even he can protect you!
"We do not belong to those who only get their thought from books, or at the prompting of books - it is our custom to think in the open air, walking, leaping, climbing or dancing, of lonesome mountains by preference, or close to the sea, where even the paths become thoughtful." Friedrich Nietzsche

Skills4Survival

  • Full Member
  • ***
  • Posts: 235
  • Know the concepts !
    • View Profile
Re: Site Attack
« Reply #12 on: January 24, 2012, 08:57:17 PM »
Lyle,

I know quite a bit on IT security, do not know whether the forum a password complexity capabilities. 8 really should be sufficient, as long as you
- have atleast one capapital
- 1 numeric (ideally not at the end of the password but somewhere else)  e.g. password1 is bad, pass1word is better, although still stupid, but you get the point.
-  1 special character (%$#&() etc.)
- prevent using existing wording.

If it is possible to lock the account after x attempt for x amount of time, that also helps.

regards,
Ivo


Logged on early this morning to find multiple SPAM postings.

A group of spammers had managed to get into our system by breaking exisitng users passwords. The spammers did not enter new topics or threads, instead modified existing ones.

Callum & Pete's passwords were the most vunerable, I have spoken with Callum and Pete this morning.

Please can everybody ensure that their password is alpha-numeric and at least 10 characters long - ideally 12?
Ivo

Skills4Survival

  • Full Member
  • ***
  • Posts: 235
  • Know the concepts !
    • View Profile
Re: Site Attack
« Reply #13 on: January 24, 2012, 09:01:09 PM »
Collum,

Some security advice ...make a difference between e-mail, banking and things like that, compared to forums. Forums in general have less protection because the software has less options to configure in that area. Make e.g. three  risk catogories
1. banking / privacy related / tax return  etc  - 12 characters, non-existing word, mixed with numeric and special characters
2. email / socal media 
3. the rest

No probs Lyle :)

Reality is that it has been a wake-up call for me to improve my internet security.

Ashamed to say, but I had become complacent and used the same password for a lot of things and I have spent this morning rectifying this, so to lose a few posts is far better than losing money from my bank account or worse still being a victim of identity theft.
Ivo