General > General Technical Chat
Check your email address(s) and passwords for cyber security breaches
madires:
--- Quote from: MK14 on January 13, 2023, 06:11:42 am ---Because if they did, and it was scripted/automated (on their side). Server/router/etc automated rules (whatever its called), possibly could have auto-banned the (presumably) single IP they used, for such attempted account breaching. I.e. A single IP address, shouldn't be able to try many different email addresses, without being challenged and/or given big/powerful captcha hurdles.
--- End quote ---
Some botnets are a bit more professional and perform controlled distributed attacks/scans, i.e. from many different IP addresses with random delays to hide their activity in the common noise created by the bad guys. Can be quite hard to spot.
AndyBeez:
@Halcyon: ever feel you're p*ssing in the breeze with some of these guys?
magic:
To be fair, typing your users' email addresses into some random 3rd party website would probably be illegal under current EUSSR regulations; dunno how the situation is in Oz.
Shock:
--- Quote from: Halcyon on January 13, 2023, 03:54:44 am ---At the end of the day, the advice I have given is sound, but it doesn't work for everyone.
--- End quote ---
Not sound advice, which is why people are bringing it up.
There are circumstances where it's acceptable (if you ask for permission) but I think you are confusing forum members credentials with your employee or clients credentials.
The bit about who you work for, your government customers, the password management you use, the fact you are getting spam in your inbox, all useful to hackers. Quick harvest of all the published emails on the forum and a phishing attack linking to this thread with all the people backing you up saying this is good advice makes it easier to exploit the situation.
Which is why it's never a good idea to discuss security stuff openly on the forum which hopefully you may take onboard with the other advice given.
MK14:
--- Quote from: madires on January 13, 2023, 01:10:42 pm ---Some botnets are a bit more professional and perform controlled distributed attacks/scans, i.e. from many different IP addresses with random delays to hide their activity in the common noise created by the bad guys. Can be quite hard to spot.
--- End quote ---
I agree, and think it is generally accepted. That some of the measures I mentioned (and similar techniques), pick up or prevent (wild estimate) 50% to 90% of possible attacks. But that is still at least an improvement.
On the bright side though. This website (forum), seems to only primarily record peoples email addresses and some metadata (their IP addresses etc). So, unless a user shares more information (e.g. by using a password shared with other things), or provides more contact information etc. There is relatively little information, powerful hacks on the forum webserver, would be able to obtain.
As I see it. If you have used that same email address, on 25 to 200+ websites, already. Sooner or later (but not definitely), that email address, will risk becoming relatively common knowledge, to some bad guys, sooner or later.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version