PDA

View Full Version : BOT/SCRIPT attempting to login to (CRACK) your XLF account


bplinson
24th June 2008, 10:27
Lately XLF has been under a BOT or SCRIPT attack which is attempting to login to XLF accounts by guessing passwords. I have tools set up to block access for 15 minute for usernames have 5 failed login attempts.

There is really no way for me to prevent this other then block the IP address of the attempt. The problem with this is that people that set up BOT or SCRIPT attacks switch IP addresses quite often.

A few have already received emails from XLF members stating that there were 5 invalid attempts to access your XLF account. If you get one of these emails please reply to it so I get a copy of it.

Also please insure that you are using a strong password on your XLF account and that you change it at least once every six months. I might make this password change mandatory.

Here are some good guidelines to follow when selecting a password.

1. Don't use any part of your username in your password. (SOME BOTS TRY YOUR USER NAME AS THE PASSWORD ON THE FIRST TRY AND IF YOU ARE USING YOUR USER NAME AS YOUR PASSWORD THEY ARE IN.)
2. Don't use common words (in any language)
3. Make your password 10 - 15 characters long
4. Use at least two uppercase, two lower case, two digits, and two special characters in your password.
5. Do not use the same character twice.

We all like to use passwords that are easy to remember but many times easy to remember passwords are easy to crack.

I suggest using a password vault program to create and store unique RANDOM CHARACTER passwords for every website that requires a log in.

I use KeePass which is free and also portable on a memory stick.

You can get KeePass here: http://keepass.info

If you use a weak password you are putting your own private info at risk (i.e. email address). If your user name is hacked it can be used to SPAM XLF.

It is YOUR responsibility to choose a STRONG password. If you are using a weak password I would strongly suggest that you change it now.

bplinson
24th June 2008, 14:23
Now that the USA is waking up. BUMP!

jrossty
24th June 2008, 14:35
Now that the USA is waking up. BUMP!

:laugh:laugh:laugh :D

Seriously though, always good practice to change up your password...



which reminds me... :wonderlan :doh

shotgun46
24th June 2008, 14:52
I wonder if thats why everytime I come to the XL I am logged out ? I never log out any ideas ??

V-XL
24th June 2008, 14:53
thanks for the warning, but what do they have to gain with an xlf account?

V-XL
24th June 2008, 14:54
I wonder if thats why everytime I come to the XL I am logged out ? I never log out any ideas ??

yeah, when you clear all of your internet footprints so your wife doesn't see what you have been up to, it erases that info. ::doh

shotgun46
24th June 2008, 14:59
yeah, when you clear all of your internet footprints so your wife doesn't see what you have been up to, it erases that info. ::doh

Hey she Likes porn too ! LMFAO !

bplinson
24th June 2008, 15:03
thanks for the warning, but what do they have to gain with an xlf account?

They could run a script to post 1000's of SPAM messages in a matter of minutes with your username.

They would also have your email address and SPAM you or sell your email address to other SPAMMERS.

bplinson
24th June 2008, 15:05
I wonder if thats why everytime I come to the XL I am logged out ? I never log out any ideas ??

Do you have any programs running that clear cookies after a certain time period? Google or Yahoo toolbar can do this I believe.

V-XL
24th June 2008, 15:05
ouch! so apparently thay haven't gotten any of ours yet. good looking out!!

Mr Jimi
24th June 2008, 15:26
I've had a member send me a PM telling me that this happened to him and he looked up the IP and it was in Amsterdam ? I suggest the he change his password pronto and let you know about it.
:tour

doc
24th June 2008, 15:34
Hey Bert,
Ever since I changed my password (earlier this morning), it logs me out every time I leave. It never did that before.

Mr Jimi
24th June 2008, 15:38
Doc, did you check the remember me box? that will do it everytime

boilermaker
24th June 2008, 15:47
someone tried my account on sunday I didnt reply to the E-mail sorry I erased it from my E-mail account

doc
24th June 2008, 15:49
Doc, did you check the remember me box? that will do it everytime

Yep. Everytime I've had to login.

dirtyone
24th June 2008, 16:58
someone tried my account on sunday I didnt reply to the E-mail sorry I erased it from my E-mail account

yea thats when it happen to me.but this is the only place that it
has happen at.

bplinson
24th June 2008, 17:20
Clear all xlforum.net cookies and your cache and try to login again.

doc
24th June 2008, 17:47
Clear all xlforum.net cookies and your cache and try to login again.

Tried it. No luck.

Roadster_Rider
24th June 2008, 18:07
options->privacy->accept cookies(on firefox at least).

AOW
24th June 2008, 18:11
I'm having the same issue as Doc. Since resetting my password this morning, everytime I leave the site to go somewhere else I have to reenter my login and password when I come back.

bplinson
24th June 2008, 18:30
Guys, I can't recreate the problem.

I use Firefox.

I just changed my password, logged out, closed the browser. Reopened the browser, logged in with new password w/REMEMBER ME check box checked, had Firefox save the password, closed the browser without logging out, opened browser and I was logged in.

Check that your browser is set to remember passwords and clear any passwords you have saved for xlforum.net. I had three passwords saved and deleted all except the right one.

doc
24th June 2008, 19:14
It seems to be working now. Don't know what was up. :dunno