Translate
Sub Menu
Links Menu
Online Users

In total there are 86 users online :: 2 registered, 0 hidden and 84 guests

Most users ever online was 561 on Fri Mar 20, 2020 1:13 am

Registered users: Bing [Bot], Google [Bot] based on users active over the past 60 minutes

Last Online
In order to view the online list you have to be registered and logged in.



We are a free and open
community, all are welcome.

Click here to Register

An account was just locked. - Repeated 80 times...

Support for IntegraMOD 141

Moderator: Integra Moderator

An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Thu Jan 20, 2011 3:33 pm

Hi,

I got on my 1.4.1 forum the following pm :

An account was just locked. Below are the details.

Account Locked: XXXXX
IP For Who Locked It: 91.213.50.235

This is an automated response, do not reply. If you have an IP tracker installed, check the above IP against the ones you have stored in the database.


And repeated 80 times, for 80 different accounts, last 24 hours... My best guess is that someone tries to brute force all account one after the other.

Two questions :

- how can I prevent that (IPs are different everytime...)
- how can I reset the security so that all those members do not need to answer their security question (preferably by myphp to do it automatically).

I also must mention that all administrator accounts, including mine, where targeted too, and I had to use several time the captcha procedure to unblock my own account...

Thanks <img>

sanji
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Joined: Wed Apr 12, 2006 9:18 pm

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Prosk8er » Thu Jan 20, 2011 3:54 pm

yeah i think thats happening to alot of phpbb boards people are tring to get the passwords ive seen it on a few different sites

Prosk8er
Newbie
Newbie
 
Posts: 1
Joined: Thu Dec 11, 2008 7:30 am
Location: Rochester, Ny

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Fri Jan 21, 2011 2:45 am

Anything we can do against that ?

And how to reset the count of "errors", so that normal users do not have to enter their safety question ?
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Joined: Wed Apr 12, 2006 9:18 pm

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Michaelo » Sat Jan 22, 2011 6:27 am

I have added this to the portal tools, you can reset all user login attempts or any given user...
I will post the code later...
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Joined: Sat Mar 11, 2006 6:14 pm
Location: Dublin, Ireland

Re: An account was just locked. - Repeated 80 times...

PostAuthor: MWE_001 » Sun Jan 23, 2011 3:06 pm

You know, I was curious about this problem. Every single phpBB2 or 3 board I normally visit, I am having to use the captcha for excessive amount of login attempts. Even at sites I only visit once or twice a month.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Administrator
Administrator
 
Posts: 1263
Images: 12
Joined: Fri Apr 21, 2006 7:59 pm
Location: Illinois

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Mon Jan 24, 2011 1:30 am

"Michaelo" wrote:I have added this to the portal tools, you can reset all user login attempts or any given user...
I will post the code later...


I have managed to do this through myphp... but this not deter people from continuing to try to log on the site by bruteforce...

In fact, a good idea could be to block an IP which attempt to log - and fails - on several usernames from the same IP.

I am just afraid that some users won't have a password strong enough, even if I do not see the interest of managing to log as a normal user on a forum...

sanji
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Joined: Wed Apr 12, 2006 9:18 pm

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sudipta » Fri Jan 28, 2011 12:36 am

"sanji" wrote:Hi,

I got on my 1.4.1 forum the following pm :

An account was just locked. Below are the details.

Account Locked: XXXXX
IP For Who Locked It: 91.213.50.235

This is an automated response, do not reply. If you have an IP tracker installed, check the above IP against the ones you have stored in the database.


And repeated 80 times, for 80 different accounts, last 24 hours... My best guess is that someone tries to brute force all account one after the other.

Two questions :

- how can I prevent that (IPs are different everytime...)
- how can I reset the security so that all those members do not need to answer their security question (preferably by myphp to do it automatically).

I also must mention that all administrator accounts, including mine, where targeted too, and I had to use several time the captcha procedure to unblock my own account...

Thanks <img>


Looks like its a recently started problem. We are facing the same issue from 19th January, 2011. Daily we are receiving 200+ PM. I tried blocking IP in the firewall but still facing the same. Its really frustrating. Any work around to block this??

sudipta
Newbie
Newbie
 
Posts: 2
Joined: Thu Oct 04, 2007 11:22 pm

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sanji » Fri Jan 28, 2011 2:51 am

you can go to Admin / CrackerTracker / Reports, and check all IP addresses used to try to login. You then add those addresses in the IP & Agents blockers (not sure the exact translation, but it is in the same CrackerTracker menu), and you add all those IP addresses one by one. It takes some time, but you make sure that those hackers won't be able to use the same IP address twice...
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Joined: Wed Apr 12, 2006 9:18 pm

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Fri Jan 28, 2011 6:51 pm

to reset your users accounts, unzip and upload the attached file to your forum root, then browse to reset_login.php. Be sure to delete the file when finished. It will reset both phpBB security and CrackerTracker login tries.
Image
Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4126
Joined: Sat Mar 11, 2006 4:46 pm
Location: Seattle Wa

Re: An account was just locked. - Repeated 80 times...

PostAuthor: sudiptaghosh » Sat Jan 29, 2011 10:23 am

Hello Friends,

This is my first post in the forum.
I have received 300 such PM's in last 3 hours on our 1.4.0 forum the following pm :

An account was just locked. Below are the details.

Account Locked: XXXXX
IP For Who Locked It: 78.107.237.16

This is an automated response, do not reply. If you have an IP tracker installed, check the above IP against the ones you have stored in the database.


All administrator accounts where targeted along with the user accounts. The worst part is our site admin suddenly left the organisation & none of us is aware how to upgrade IM to latest version. I am looking for desperate help to upgrade IM to latest version & install CrackerTracker.

I am not sure if this is the best place to ask if any one is willing to do the above on a chargeable basis.

Looking forward for positive response.

Thanks,
SG

sudiptaghosh
Newbie
Newbie
 
Posts: 1
Joined: Sat Jan 29, 2011 9:46 am

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sat Jan 29, 2011 9:54 pm

I have some time tomorrow. PM me your ftp info for the 140 site
Image
Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4126
Joined: Sat Mar 11, 2006 4:46 pm
Location: Seattle Wa

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Sat Feb 12, 2011 6:46 pm

Helter / IntegraMod team,
I have been experiencing the same brute force attacks as the others describe here. To combat this, I have been doing as sanji suggests, and identifying IPs used to attach two or more different screen names and then blocking them. Yesterday I was in the process of adding some more to the blocked list, when suddenly I became blocked myself. Since then I have been getting flooded by emails from my site's members complaining of the same thing. It seems that the hackers have succeeded in gaining access to my ACP and blocking everyone out.

Can anyone advise me on how to regain control of my site?

Thanks in advance!

AlaskaMat
Newbie
Newbie
 
Posts: 21
Joined: Fri Aug 20, 2010 2:43 pm

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sun Feb 13, 2011 12:00 am

it looks like you may have added a wildcard to your ban list.
if you used ctracker to ban then youll have to edit your db via phpmyadmin to remove the ban data. If you used phpBB's or phpbb security to ban then rename your root/ctracker folder, then loging and remove the ban data via your acp.
Image
Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4126
Joined: Sat Mar 11, 2006 4:46 pm
Location: Seattle Wa

Re: An account was just locked. - Repeated 80 times...

PostAuthor: AlaskaMat » Sun Feb 13, 2011 8:31 am

"HelterSkelter" wrote:it looks like you may have added a wildcard to your ban list.
if you used ctracker to ban then youll have to edit your db via phpmyadmin to remove the ban data.

I was using the CTracker. I do not, however, know how to edit a database. Is there any chance you'll have any free time that you could assist me with this? It is off season (for wrestling) so I'm not in any huge rush for this.

AlaskaMat
Newbie
Newbie
 
Posts: 21
Joined: Fri Aug 20, 2010 2:43 pm

Re: An account was just locked. - Repeated 80 times...

PostAuthor: Helter » Sun Feb 13, 2011 8:40 am

your last entry in the ctracker ban table was blank so it basically banned all ips. I deleted it and your site is accessible again <img>
Image
Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4126
Joined: Sat Mar 11, 2006 4:46 pm
Location: Seattle Wa

Next

Return to IntegraMOD 141

Who is online

Registered users: Bing [Bot], Google [Bot]

cron