Sub Menu
Links Menu
Online Users

In total there are 305 users online :: 2 registered, 0 hidden and 303 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot] based on users active over the past 60 minutes

An account was just locked. - Repeated 80 times...

Support for IntegraMOD 141

Moderator: Integra Moderator

An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Thu Jan 20, 2011 2:33 pm

Hi,

I got on my 1.4.1 forum the following pm :

An account was just locked. Below are the details.

Account Locked: XXXXX
IP For Who Locked It: 91.213.50.235

This is an automated response, do not reply. If you have an IP tracker installed, check the above IP against the ones you have stored in the database.


And repeated 80 times, for 80 different accounts, last 24 hours... My best guess is that someone tries to brute force all account one after the other.

Two questions :

- how can I prevent that (IPs are different everytime...)
- how can I reset the security so that all those members do not need to answer their security question (preferably by myphp to do it automatically).

I also must mention that all administrator accounts, including mine, where targeted too, and I had to use several time the captcha procedure to unblock my own account...

Thanks <img>

sanji
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Prosk8er » Thu Jan 20, 2011 2:54 pm

yeah i think thats happening to alot of phpbb boards people are tring to get the passwords ive seen it on a few different sites

Prosk8er
Newbie
Newbie
 
Posts: 1
Likes: 0 post
Liked in: 0 post
Joined: Thu Dec 11, 2008 6:30 am
Cash on hand: 0.00
Location: Rochester, Ny

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Fri Jan 21, 2011 1:45 am

Anything we can do against that ?

And how to reset the count of "errors", so that normal users do not have to enter their safety question ?
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Michaelo » Sat Jan 22, 2011 5:27 am

I have added this to the portal tools, you can reset all user login attempts or any given user...
I will post the code later...
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

Re: An account was just locked. - Repeated 80 times...

PostAuthor: MWE_001 » Sun Jan 23, 2011 2:06 pm

You know, I was curious about this problem. Every single phpBB2 or 3 board I normally visit, I am having to use the captcha for excessive amount of login attempts. Even at sites I only visit once or twice a month.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Mon Jan 24, 2011 12:30 am

"Michaelo" wrote:I have added this to the portal tools, you can reset all user login attempts or any given user...
I will post the code later...


I have managed to do this through myphp... but this not deter people from continuing to try to log on the site by bruteforce...

In fact, a good idea could be to block an IP which attempt to log - and fails - on several usernames from the same IP.

I am just afraid that some users won't have a password strong enough, even if I do not see the interest of managing to log as a normal user on a forum...

sanji
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sudipta » Thu Jan 27, 2011 11:36 pm

"sanji" wrote:Hi,

I got on my 1.4.1 forum the following pm :

An account was just locked. Below are the details.

Account Locked: XXXXX
IP For Who Locked It: 91.213.50.235

This is an automated response, do not reply. If you have an IP tracker installed, check the above IP against the ones you have stored in the database.


And repeated 80 times, for 80 different accounts, last 24 hours... My best guess is that someone tries to brute force all account one after the other.

Two questions :

- how can I prevent that (IPs are different everytime...)
- how can I reset the security so that all those members do not need to answer their security question (preferably by myphp to do it automatically).

I also must mention that all administrator accounts, including mine, where targeted too, and I had to use several time the captcha procedure to unblock my own account...

Thanks <img>


Looks like its a recently started problem. We are facing the same issue from 19th January, 2011. Daily we are receiving 200+ PM. I tried blocking IP in the firewall but still facing the same. Its really frustrating. Any work around to block this??

sudipta
Newbie
Newbie
 
Posts: 2
Likes: 0 post
Liked in: 0 post
Joined: Thu Oct 04, 2007 10:22 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Fri Jan 28, 2011 1:51 am

you can go to Admin / CrackerTracker / Reports, and check all IP addresses used to try to login. You then add those addresses in the IP & Agents blockers (not sure the exact translation, but it is in the same CrackerTracker menu), and you add all those IP addresses one by one. It takes some time, but you make sure that those hackers won't be able to use the same IP address twice...
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Fri Jan 28, 2011 5:51 pm

to reset your users accounts, unzip and upload the attached file to your forum root, then browse to reset_login.php. Be sure to delete the file when finished. It will reset both phpBB security and CrackerTracker login tries.
Always use Protection
Image


Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4167
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Mar 11, 2006 3:46 pm
Cash on hand: 172.60
Location: Seattle Wa
IntegraMOD version: IM 3

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sudiptaghosh » Sat Jan 29, 2011 9:23 am

Hello Friends,

This is my first post in the forum.
I have received 300 such PM's in last 3 hours on our 1.4.0 forum the following pm :

An account was just locked. Below are the details.

Account Locked: XXXXX
IP For Who Locked It: 78.107.237.16

This is an automated response, do not reply. If you have an IP tracker installed, check the above IP against the ones you have stored in the database.


All administrator accounts where targeted along with the user accounts. The worst part is our site admin suddenly left the organisation & none of us is aware how to upgrade IM to latest version. I am looking for desperate help to upgrade IM to latest version & install CrackerTracker.

I am not sure if this is the best place to ask if any one is willing to do the above on a chargeable basis.

Looking forward for positive response.

Thanks,
SG

sudiptaghosh
Newbie
Newbie
 
Posts: 1
Likes: 0 post
Liked in: 0 post
Joined: Sat Jan 29, 2011 8:46 am
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sat Jan 29, 2011 8:54 pm

I have some time tomorrow. PM me your ftp info for the 140 site
Always use Protection
Image


Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4167
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Mar 11, 2006 3:46 pm
Cash on hand: 172.60
Location: Seattle Wa
IntegraMOD version: IM 3

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Sat Feb 12, 2011 5:46 pm

Helter / IntegraMod team,
I have been experiencing the same brute force attacks as the others describe here. To combat this, I have been doing as sanji suggests, and identifying IPs used to attach two or more different screen names and then blocking them. Yesterday I was in the process of adding some more to the blocked list, when suddenly I became blocked myself. Since then I have been getting flooded by emails from my site's members complaining of the same thing. It seems that the hackers have succeeded in gaining access to my ACP and blocking everyone out.

Can anyone advise me on how to regain control of my site?

Thanks in advance!

AlaskaMat
Newbie
Newbie
 
Posts: 21
Likes: 0 post
Liked in: 0 post
Joined: Fri Aug 20, 2010 1:43 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sat Feb 12, 2011 11:00 pm

it looks like you may have added a wildcard to your ban list.
if you used ctracker to ban then youll have to edit your db via phpmyadmin to remove the ban data. If you used phpBB's or phpbb security to ban then rename your root/ctracker folder, then loging and remove the ban data via your acp.
Always use Protection
Image


Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4167
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Mar 11, 2006 3:46 pm
Cash on hand: 172.60
Location: Seattle Wa
IntegraMOD version: IM 3

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Sun Feb 13, 2011 7:31 am

"HelterSkelter" wrote:it looks like you may have added a wildcard to your ban list.
if you used ctracker to ban then youll have to edit your db via phpmyadmin to remove the ban data.

I was using the CTracker. I do not, however, know how to edit a database. Is there any chance you'll have any free time that you could assist me with this? It is off season (for wrestling) so I'm not in any huge rush for this.

AlaskaMat
Newbie
Newbie
 
Posts: 21
Likes: 0 post
Liked in: 0 post
Joined: Fri Aug 20, 2010 1:43 pm
Cash on hand: 0.00

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sun Feb 13, 2011 7:40 am

your last entry in the ctracker ban table was blank so it basically banned all ips. I deleted it and your site is accessible again <img>
Always use Protection
Image


Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4167
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Mar 11, 2006 3:46 pm
Cash on hand: 172.60
Location: Seattle Wa
IntegraMOD version: IM 3

Next

Return to IntegraMOD 141

Who is online

Registered users: Bing [Bot], Google [Bot]

cron