IMPORTANT Strong Password Required READ THIS

News from Bicycles Network Australia and the Australian Cycling Forums

IMPORTANT Strong Password Required READ THIS

Postby AUbicycles » Sat Jan 08, 2011 10:45 am

As reported in the Forum Feedback > Login Oddity post, there are a lot of errors occuring where members are getting an error 'maximum login attempts exceeded' and a requirement to login with the captcha.

This problem is a recognised problem on phpbb forums and elsewhere it is being suggested that there are infected computers worldwide that are launching brute force attacks on phpbb forums to attempt to gain access of user accounts.


IMPORTANT: Please make sure your password is not easy to crack
You can change your password in your profile

Here's some tips borrowed from here for your account passwords and what you should choose:
* Avoid single word passwords that use a word found in the dictionary.
These are extremely easy to crack by these automated attempts
* Avoid using common names, phrases or cycling related words.
Because they are easy for people visiting or some unscrupulous friend to guess!
* Do use a number, or even better, a number and a symbol in your password - e.g. bett#69
* Try and alter the cAsE of your PaSswOrd to make it harder to guess - e.g. Dur@c3LL
* Change your password regularly if you share or use multiple computers to sign in

--

Unfortunately there will still be the "maximum login attempts" problem which we can't stop.

Action has been taken to try and minimise the damage of the attacks however as a member - you need to help and if your password is too simple, change your password

I will take action of deactivating member accounts which have not been active for some time and include a post here. Feel free to post reports of the "maximum login attempts" error here: Login Oddity.

If you are using tapatalk and receive the error - use your web browser to login in (entering the captcha) and then from tapatalk you should be able to log in again
2015 BNA Cycling Kit Very Awesome and Coming Soon!
User avatar
AUbicycles
Site Admin
Site Admin
 
Posts: 9408
Joined: Tue Aug 23, 2005 2:14 am
Location: Sydney

by BNA » Sat Jan 08, 2011 11:35 am

BNA
 

Re: IMPORTANT Strong Password Required READ THIS

Postby Aushiker » Sat Jan 08, 2011 11:35 am

Hi

I would add one more hint ... use a different password for each site/place of login. Not that hard actually and I do it. If someone got my password here it cannot be used anywhere else.

Andrew
User avatar
Aushiker
 
Posts: 20513
Joined: Tue Jun 05, 2007 1:55 pm
Location: Fremantle, WA

Re: IMPORTANT Strong Password Required READ THIS

Postby AUbicycles » Sat Jan 08, 2011 12:06 pm

Before the speculation starts, members inactive here for over 2 months have had their accounts deactivated. Sorry I had to do this however it will protect these accounts if the owners are not around to ensure their passwords are strong.
Have a look at the forum stats on the homepage, 10.000+ members 2 days ago, 8.000 yesterday and 2.600 today.

For the purpose of clarity, please help keep this thread on topic, for comments 'just to chat' and that are not on topic - lets use the login oddity thread. This will help other members get the facts and useful tips (like Aushikers comment).
2015 BNA Cycling Kit Very Awesome and Coming Soon!
User avatar
AUbicycles
Site Admin
Site Admin
 
Posts: 9408
Joined: Tue Aug 23, 2005 2:14 am
Location: Sydney

Re: IMPORTANT Strong Password Required READ THIS

Postby ozzymac » Sat Jan 08, 2011 7:10 pm

Hi,
I was reading a tip the other day for making passwords that are a bit more difficult than the normal ones.

There suggestion was when making a password decide on a combination lets say " SNOWPATROL2010"

Now when you go to use it on a site instead of typing snow etc....

You use the key next to the letter you want to use, thus " SNOWPATROL2010" would become " DMPE[SYTPM@)!)" for numbers you can use shift to get extra characters.

It makes it easy to have harder passwords without really having to remember them.

I hope thats right anyway.

cheers
User avatar
ozzymac
 
Posts: 688
Joined: Sat Aug 07, 2010 6:14 pm

Re: IMPORTANT Strong Password Required READ THIS

Postby WarrenH » Sun Jan 09, 2011 12:42 pm

For anyone who cant log-on using Firefox, perhaps this change might work.

I followed Admin's advice to the tee and I still couldn't log-on. I must have tried at least 50x over the past two weeks, to log-on using Firefox. I cleared the cookies, to start again ... but no cigar.

I changed to Google Chrome this morning and logged-on first go. I went back and tried Firefox and failed to log-on again. I'm back here on Chrome.

Warren.
"But on steep descending...Larson TT have bad effect on the mind of a rider" - MadRider from Suji, Korea 2001.

"Paved roads ... another fine example of wasteful government spending." - a bumper sticker.
User avatar
WarrenH
 
Posts: 522
Joined: Fri May 28, 2010 3:58 am

Re: IMPORTANT Strong Password Required READ THIS

Postby daniel.s » Sun Jan 09, 2011 12:53 pm

ozzymac wrote:Hi,
I was reading a tip the other day for making passwords that are a bit more difficult than the normal ones.

There suggestion was when making a password decide on a combination lets say " SNOWPATROL2010"


I use another variant on this theme for my day to day passwords. Going with the "Snow Patrol 2010" example, the password would end up being "Sno@)!)roL". You just do the following:
1. First 3 letters of the first word, uppercase first letter
2. Type the number while holding shift
3. Last 3 letters of the second word, uppercase last letter.

This works well, except for when you go overseas and they keyboard layouts have different characters on the shift keys. The good thing is that it's easy to remember, and you can always use longer numbers or change the words periodically.

Otherwise, use a password manager such as KeePass. I do this, and have unique, long random passwords for every different site.
2011 Giant Defy 1
Image
User avatar
daniel.s
 
Posts: 107
Joined: Thu Sep 20, 2007 3:09 pm
Location: Macquarie Fields, NSW

Re: IMPORTANT Strong Password Required READ THIS

Postby CommuRider » Sun Jan 09, 2011 12:55 pm

WarrenH wrote:I changed to Google Chrome this morning and logged-on first go. I went back and tried Firefox and failed to log-on again. I'm back here on Chrome.


Using Firefox 3.6.13 no problems logging in for the last 48 hours or so.
Amateur oenologist and green-friendly commuter.
User avatar
CommuRider
 
Posts: 5053
Joined: Sat Sep 25, 2010 6:16 pm
Location: Sydney

Re: IMPORTANT Strong Password Required READ THIS

Postby Spiza » Sun Jan 09, 2011 7:16 pm

Hi Christopher,
Just an idea... if the attacks continue, your programmer might be able to change/customise the login screen or process to fool the automated attacks.
Take a look at the Westpac login screen https://businessonline.westpac.com.au/esis/Login/SrvPage
User avatar
Spiza
 
Posts: 1967
Joined: Sat Jun 28, 2008 8:46 pm
Location: Castle Hill, NSW

Re: IMPORTANT Strong Password Required READ THIS

Postby eeksll » Sun Jan 09, 2011 9:34 pm

I'd suggest use a password manager like https://lastpass.com/ you'll never have to remember another password or make one up as you can get it to auto-generate a random password. It will require a master password .... and has browser integration.

I personally use a combination of keepass http://keepass.info/ and lastpass.

Keepass for my bank accounts and stuff like that which i want more secure or is not browser type passwords. And stuff which I dont want auto-login (in case someone steals my computer/gets access)

and i use lastpass for most of my browser stuff which I dont mind auto login for.
eeksll
 
Posts: 1455
Joined: Tue Oct 20, 2009 9:36 pm

Re: IMPORTANT Strong Password Required READ THIS

Postby jules21 » Mon Jan 10, 2011 3:40 pm

a combination of word and nos. is pretty safe, as long as the word is not too common - e.g. "john" or something obvious. it would take a brute force attack a long time to crack that.
Image
User avatar
jules21
 
Posts: 8992
Joined: Thu Apr 02, 2009 10:14 pm
Location: deep in the pain cave

Re: IMPORTANT Strong Password Required READ THIS

Postby twowheels » Tue Jan 11, 2011 12:37 pm

I got the login oddity message. Just wondering if the admin can change the captcha colour format. The first one was too difficult to read & i guessed the second one (WRT is that an 8 or a B sort of thing). I'm not colour blind, but I'm guessing it would be too difficult if one were, ie orange on green letters. The font & brightness/contrast of letters to background made it real hard. i'm guessing many returning members may not be able to read the captcha.
twowheels
 
Posts: 849
Joined: Mon Apr 23, 2007 6:14 pm
Location: Perth

Re: IMPORTANT Strong Password Required READ THIS

Postby rustguard » Tue Jan 11, 2011 2:46 pm

2 months is not long. I'd say its a fair bet that people who have just had a hard time, holiday, or other responsibilities (or a cycle tour) might of just lost their account. you should keep the records so you can re-activate an account if the owner messages the admin.
rustguard
 
Posts: 1324
Joined: Thu Jul 10, 2008 2:31 am
Location: Perth, WA

Re: IMPORTANT Strong Password Required READ THIS

Postby casual_cyclist » Tue Jan 11, 2011 3:27 pm

Aushiker wrote:Hi

I would add one more hint ... use a different password for each site/place of login. Not that hard actually and I do it. If someone got my password here it cannot be used anywhere else.

Andrew

I do that too.
<removed by request>
User avatar
casual_cyclist
 
Posts: 7340
Joined: Fri Feb 20, 2009 10:41 am
Location: Kewdale

Re: IMPORTANT Strong Password Required READ THIS

Postby AUbicycles » Tue Jan 11, 2011 10:18 pm

As a reminder, no accounts have been lost or deleted.

The deactivation is an account put on hold and can either be reactivated by the user (via send a reactivation email) or in the case of problems, email me and I will reactivate manually. I would have preferred not to have had to deactivate such a large volume of accounts however have created notes when these members try to log-in so that they easily understand the process and know that it is not their error and reactivation is (usually) easy. The deactivation is now protecting these members from having their accounts compromised.

--

I am working on the sessions - essentially, for users who never log out, there are no problems - however in the last while most users need to log in every day... my current task is to make it as comfortable as possible, at least for most.
2015 BNA Cycling Kit Very Awesome and Coming Soon!
User avatar
AUbicycles
Site Admin
Site Admin
 
Posts: 9408
Joined: Tue Aug 23, 2005 2:14 am
Location: Sydney

Re: IMPORTANT Strong Password Required READ THIS

Postby trailgumby » Tue Jan 11, 2011 10:22 pm

Looks like my account got hit a second time. Had to enter a Captcha password. Fortunately my password is reasonably strong and unlikely to be cracked by a brute force attack.
User avatar
trailgumby
 
Posts: 10405
Joined: Sat Jan 03, 2009 4:30 pm
Location: Northern Beaches, Sydney

Re: IMPORTANT Strong Password Required READ THIS

Postby Joeblake » Wed Jan 12, 2011 10:40 am

Got hit this morning. The first captcha was almost impossible to read (Colours).

One suggestion for keeping a password list at hand but still reasonably secure is to keep a text file of all your passwords, but saved under a name which is unlikely to be associated with passwords. Using the word processor on your computer, create a macro which will find the file then open it. Keep the name of macro on a piece of paper somewhere as an aid memoir if necessary.

Depending on which wordprocessor you use, it should be possible to put a secure password on the text document itself and either have THAT password on a post-it note or even built into the macro.

Joe
To acquire immunity to eloquence is of the utmost importance to the citizens of a democracy
Bertrand Russell
Many people feel their lifestyle has a high price, but they're quite cool with that .. as long as somebody ELSE pays the price.
Joeblake
 
Posts: 12960
Joined: Fri Oct 17, 2008 9:04 pm
Location: Lesmurdie WA

Re: IMPORTANT Strong Password Required READ THIS

Postby CommuRider » Wed Jan 12, 2011 10:48 am

trailgumby wrote:Looks like my account got hit a second time. Had to enter a Captcha password. Fortunately my password is reasonably strong and unlikely to be cracked by a brute force attack.


I'm just trying to get my head around this...so if I see the Captcha password it's because some people have been trying to access my account on here? :shock: Don't they have better things to do?
Amateur oenologist and green-friendly commuter.
User avatar
CommuRider
 
Posts: 5053
Joined: Sat Sep 25, 2010 6:16 pm
Location: Sydney

Re: IMPORTANT Strong Password Required READ THIS

Postby AUbicycles » Wed Jan 12, 2011 7:21 pm

Joeblake, pratically that is a good suggestion (who doesn't do it) though most security experts would not recommend it.

CommuRider - it is an automated attack sent via infected computers world-wide with the likely aim of breaking into user accounts and then spamming forums.


I have made a change to the Captcha which will make it easier to enter as the hidden letters is really tough. If you have better suggestions for the security questions (so that a human can answer but a bot can't easily do the same) email me.
2015 BNA Cycling Kit Very Awesome and Coming Soon!
User avatar
AUbicycles
Site Admin
Site Admin
 
Posts: 9408
Joined: Tue Aug 23, 2005 2:14 am
Location: Sydney

Re: IMPORTANT Strong Password Required READ THIS

Postby CommuRider » Wed Jan 12, 2011 9:47 pm

AUbicycles wrote:If you have better suggestions for the security questions (so that a human can answer but a bot can easily do the same) email me.


Can or can't?

Being a bike forum, surely the security questions should be bike oriented? Name a bike maker starting with G, 5 letters etc?

:-)
Amateur oenologist and green-friendly commuter.
User avatar
CommuRider
 
Posts: 5053
Joined: Sat Sep 25, 2010 6:16 pm
Location: Sydney

Re: IMPORTANT Strong Password Required READ THIS

Postby Joeblake » Thu Jan 13, 2011 10:13 am

Which is better? Carbon or Steel? :lol:

Joe
To acquire immunity to eloquence is of the utmost importance to the citizens of a democracy
Bertrand Russell
Many people feel their lifestyle has a high price, but they're quite cool with that .. as long as somebody ELSE pays the price.
Joeblake
 
Posts: 12960
Joined: Fri Oct 17, 2008 9:04 pm
Location: Lesmurdie WA

Re: IMPORTANT Strong Password Required READ THIS

Postby Chanboy » Thu Jan 13, 2011 10:25 am

CAPTCHA is probably the best way to effectively differentiate a human login to a computer/bot login.

Security questions are a bit problematic, in that you need to have quite a lot of them - and a dedicated bot programmer would simply go through all the questions and program answers to them.
Chanboy
 
Posts: 690
Joined: Mon Jan 12, 2009 8:51 am
Location: Sydney

Re: IMPORTANT Strong Password Required READ THIS

Postby CommuRider » Thu Jan 13, 2011 11:24 am

Joeblake wrote:Which is better? Carbon or Steel? :lol:

Joe


Now Joe, it's supposed to be an easy, objective response that anyone can answer. If I write "neither" I probably won't be allowed in :-P
Amateur oenologist and green-friendly commuter.
User avatar
CommuRider
 
Posts: 5053
Joined: Sat Sep 25, 2010 6:16 pm
Location: Sydney

Re: IMPORTANT Strong Password Required READ THIS

Postby Joeblake » Thu Jan 13, 2011 11:35 am

The idea is that this question will immediately provoke a debate, proving that the attempted logger is human. :lol: :lol: :wink:

Joe
To acquire immunity to eloquence is of the utmost importance to the citizens of a democracy
Bertrand Russell
Many people feel their lifestyle has a high price, but they're quite cool with that .. as long as somebody ELSE pays the price.
Joeblake
 
Posts: 12960
Joined: Fri Oct 17, 2008 9:04 pm
Location: Lesmurdie WA

Re: IMPORTANT Strong Password Required READ THIS

Postby Baalzamon » Thu Jan 13, 2011 6:16 pm

trailgumby wrote:Looks like my account got hit a second time. Had to enter a Captcha password. Fortunately my password is reasonably strong and unlikely to be cracked by a brute force attack.

That has happened to me twice. Yesterday morning and after work when I got home had to use it. I've also been logged out a few times. But my password is quite strong and brute force attack would need to be trying over 1 year to crack it lol.
Masi Speciale CX 2008 - Brooks B17 special saddle, Garmin Edge 810
Image
Baalzamon
 
Posts: 4733
Joined: Mon Mar 12, 2007 1:23 pm
Location: Yangebup

Re: IMPORTANT Strong Password Required READ THIS

Postby verbs and nouns » Fri Jan 14, 2011 9:50 am

My account has been deactivated. I can't get a reactivation email and I need to see a PM regarding a frame. I had to start this "new" account just to post this.

This sucks.

Any help?

Old username was "Verbs & Nouns".
User avatar
verbs and nouns
 
Posts: 70
Joined: Fri Jan 14, 2011 9:30 am

Next

Return to Info / announcements

Who is online

Users browsing this forum: No registered users



Popular Bike Shops
Wiggle Wiggle UK
Ground Effect Ground Effect NZ
Ebay Ebay AU
Chain Reaction Cycles CRC UK

“Bicycles BNA Twitter
“Bicycles BNA Facebook
“Google+ BNA Google+
“Bicycles BNA Newsletter

> FREE BNA Stickers