Warning - Distributed brute force attack on user profiles in progress

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Dave A
    Site Caretaker

    • May 2006
    • 22803
    #1

    Warning - Distributed brute force attack on user profiles in progress

    Dear members of TFSA,

    I advise that there is currently a distributed brute force attack trying to gain access to member profiles on TFSA.

    It is a particularly clever attack that has attempted to be stealthy in that it is not triggering the user profile lockout limit (which is triggered when there are 5 unsuccessful log-in attempts from the same IP address). It is doing so by using a very wide range of IP addresses and appears to be deliberately stopping short of making too many attempts from the same IP address.

    So far I have identified 7 hacked profiles - all of which fall in the category of dormant (generally never posted or not logged into for over a year). However, other than seeing a steady stream of failed login attempts at a rate of 3 to 5 per minute in the activity log, I can't see which user profiles are being attacked.

    I am working on a way to blunt this form of brute force attack without triggering a flood of warning emails to legitimate users of the site. In the interim I ask that regular users in particular ensure that they have strong passwords that would make their profile difficult to hack.
    Participation is voluntary.

    Alcocks Electrical Services | Alcocks Pest Control & Entomological Services | Alcocks Hygiene Services
    Tags: None
    • Neville Bailey
      Diamond Member

      • Nov 2010
      • 2786
      #2
      Thank you for the heads up, Dave.

      I have just changed my password.
      Neville Bailey - Sage Pastel Accounting Consultant
      www.accountingsoftwaresupport.co.za
      neville@accountingsoftwaresupport.co.za
      IronTree Online Solutions

      "Give every person more in use value than you take from them in cash value."
      WALLACE WATTLES (1860-1911)

        Comment

        • AndyD
          Diamond Member

          • Jan 2010
          • 4946
          #3
          A bit late I know but hope you guys had a great holiday and all the best for 2023.

          Thanks for the heads-up Dave. Why would they go to such sophisticated lengths to hack low level accounts? Even if they were sucessful on a small scale what have they got to gain?
          _______________________________________________

          _______________________________________________

            Comment

            • Dave A
              Site Caretaker

              • May 2006
              • 22803
              #4
              Originally posted by AndyD
              A bit late I know but hope you guys had a great holiday and all the best for 2023.

              Thanks for the heads-up Dave. Why would they go to such sophisticated lengths to hack low level accounts? Even if they were sucessful on a small scale what have they got to gain?
              So far it has just been to post links to a crypto pump website. The posts have been caught by the auto-moderation scripts which is why no-one else will have noticed up to now. Sometimes hacked accounts are used for PM spam, but no evidence of that in this instance as yet.

              So far our systems have coped with the consequences well. However, if they manage to hack a regular's account, it will become a much more significant challenge to contain or prevent nuisance.

              The sophistication is probably to delay detection of their activities, but it is also a way to be able to attack at a faster rate if you don't trip known lock-out mechanisms. My immediate problem is I can make mods in the code to lock out profiles quicker and for longer, but it may impact normal use if they are targeting regulars, and it will seed a flurry of "failed log-in" notification emails. Kinda feeling this one over for an elegant solution.

              In the meantime, encouraging strong passwords seems the first step to mitigate.
              Last edited by Dave A; 20-Jan-23, 07:14 AM.
              Participation is voluntary.

              Alcocks Electrical Services | Alcocks Pest Control & Entomological Services | Alcocks Hygiene Services

                Comment

                • Mike C
                  Diamond Member

                  • Apr 2012
                  • 2891
                  #5
                  Thanks Dave. Password changed.
                  No act of kindness, no matter how small, is ever wasted. - Aesop "The Lion and the Mouse"

                    Comment

                    Previous template Next
                    Working...

                    We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                    By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                    I Agree