Author Topic: WARNING: Compromised Accounts  (Read 541 times)

0 Members and 1 Guest are viewing this topic.

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 37565
  • Country: au
    • EEVblog
WARNING: Compromised Accounts
« on: February 20, 2024, 11:42:15 pm »
There has been a recent spate of existing forum accounts being compromised by spam bots.
Presumably they had their details stolen and reused passwords?
So just a reminder to make your password unique and/or use the 2FA security feature.
« Last Edit: Yesterday at 02:32:24 am by EEVblog »
 
The following users thanked this post: PeterG, stryker, xrunner, Kean, cosmicray, 2N3055, TERRA Operative

Online xrunner

  • Super Contributor
  • ***
  • Posts: 7456
  • Country: us
  • hp>Agilent>Keysight>???
Re: WARNING: Compromised Accounts
« Reply #1 on: Yesterday at 12:05:50 am »
Yea I have seen a lot of them recently. Therefore I just set up 2FA here and the process was painless and worked.  :-+
I told my friends I could teach them to be funny, but they all just laughed at me.
 

Online KE5FX

  • Super Contributor
  • ***
  • Posts: 1843
  • Country: us
    • KE5FX.COM
Re: WARNING: Compromised Accounts
« Reply #2 on: Yesterday at 12:43:14 am »
How does one brute-force a password?  Don't you lock the account out for X hours after Y unsuccessful attempts?

Usually, "brute forcing" a password involves a stolen password database file, potentially from some other site where the user with the same name used the same password.
 

Offline coppercone2

  • Super Contributor
  • ***
  • Posts: 9024
  • Country: us
  • $
Re: WARNING: Compromised Accounts
« Reply #3 on: Yesterday at 12:44:29 am »
the meat of our dead crew members is being turned into spammer-advertiser cyborgs

can the morgue be locked?
« Last Edit: Yesterday at 12:49:33 am by coppercone2 »
 

Offline MLXXXp

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: ca
Re: WARNING: Compromised Accounts
« Reply #4 on: Yesterday at 01:39:07 am »
and/or use the 2FA security feature.

Any chance support for FIDO hardware security keys for 2FA (Yubico, Google Titan, etc.) could be added?
 

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 37565
  • Country: au
    • EEVblog
Re: WARNING: Compromised Accounts
« Reply #5 on: Yesterday at 02:31:36 am »
How does one brute-force a password?  Don't you lock the account out for X hours after Y unsuccessful attempts?
Usually, "brute forcing" a password involves a stolen password database file, potentially from some other site where the user with the same name used the same password.

Yes, probably more likely to be the owner had their account compromised and shared a password.
 

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 37565
  • Country: au
    • EEVblog
Re: WARNING: Compromised Accounts
« Reply #6 on: Yesterday at 02:33:20 am »
and/or use the 2FA security feature.
Any chance support for FIDO hardware security keys for 2FA (Yubico, Google Titan, etc.) could be added?

If there is an SMF plugin that does that then I'm happy to install it, I use hardware keys myself. But last I looked there wasn't.
 

Offline coppercone2

  • Super Contributor
  • ***
  • Posts: 9024
  • Country: us
  • $
Re: WARNING: Compromised Accounts
« Reply #7 on: Yesterday at 03:29:38 am »
arent all these accounts long dormant?
 

Online EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 37565
  • Country: au
    • EEVblog
Re: WARNING: Compromised Accounts
« Reply #8 on: Yesterday at 04:11:41 am »
arent all these accounts long dormant?

Haven't checked them all, but from what I've seen, not recent posters. But they were still active accounts with legit posts.
 

Offline CatalinaWOW

  • Super Contributor
  • ***
  • Posts: 5137
  • Country: us
Re: WARNING: Compromised Accounts
« Reply #9 on: Yesterday at 06:18:40 am »
Do you send notifications to those who have been compromised?
 

Offline Zoli

  • Frequent Contributor
  • **
  • Posts: 487
  • Country: ca
  • Grumpy old men
Re: WARNING: Compromised Accounts
« Reply #10 on: Yesterday at 06:54:07 am »
I've checked(other forum, so is a widespread issue) some of the compromised e-mails: typically pawned in 10+ data breaches; add bad password hygiene in the mix, and you have the current situation.
Edit: since I've seen the spam posts(similar to the other location), I recommend to Dave, to use the forum censorship to change the *.site advertisement to something else(spam would be an idea).
« Last Edit: Yesterday at 06:58:29 am by Zoli »
 

Offline magic

  • Super Contributor
  • ***
  • Posts: 6702
  • Country: pl
Re: WARNING: Compromised Accounts
« Reply #11 on: Yesterday at 08:25:21 am »
How does one brute-force a password?  Don't you lock the account out for X hours after Y unsuccessful attempts?

Usually, "brute forcing" a password involves a stolen password database file, potentially from some other site where the user with the same name used the same password.
"Brute forcing" means repeatedly trying random passwords without any idea which one could be right.

I tested this forum during the last wave of compromised account spam. A few failed login attempts lock the account for a few minutes and during this time even the correct password doesn't work. So true brute forcing is slow and unlikely to succeed.

These compromises are caused by using "well known" login/pw combinations, usually obtained from other hacked websites. If you know that some login had a particular password on another site, it's a no brainer to check if the same password also works here.
« Last Edit: Yesterday at 08:27:12 am by magic »
 
The following users thanked this post: thm_w


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf