Author Topic: WARNING: Compromised Accounts  (Read 37823 times)

0 Members and 1 Guest are viewing this topic.

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 39026
  • Country: au
    • EEVblog
WARNING: Compromised Accounts
« on: February 20, 2024, 11:42:15 pm »
There has been a recent spate of existing forum accounts being compromised by spam bots.
Presumably they had their details stolen and reused passwords?
So just a reminder to make your password unique and/or use the 2FA security feature.
« Last Edit: February 21, 2024, 02:32:24 am by EEVblog »
 
The following users thanked this post: PeterG, stryker, xrunner, Kean, cosmicray, 2N3055, TERRA Operative

Online xrunner

  • Super Contributor
  • ***
  • Posts: 7837
  • Country: us
  • hp>Agilent>Keysight>???
Re: WARNING: Compromised Accounts
« Reply #1 on: February 21, 2024, 12:05:50 am »
Yea I have seen a lot of them recently. Therefore I just set up 2FA here and the process was painless and worked.  :-+
I told my friends I could teach them to be funny, but they all just laughed at me.
 

Offline KE5FX

  • Super Contributor
  • ***
  • Posts: 2096
  • Country: us
    • KE5FX.COM
Re: WARNING: Compromised Accounts
« Reply #2 on: February 21, 2024, 12:43:14 am »
How does one brute-force a password?  Don't you lock the account out for X hours after Y unsuccessful attempts?

Usually, "brute forcing" a password involves a stolen password database file, potentially from some other site where the user with the same name used the same password.
 

Offline coppercone2

  • Super Contributor
  • ***
  • Posts: 11345
  • Country: us
  • $
Re: WARNING: Compromised Accounts
« Reply #3 on: February 21, 2024, 12:44:29 am »
the meat of our dead crew members is being turned into spammer-advertiser cyborgs

can the morgue be locked?
« Last Edit: February 21, 2024, 12:49:33 am by coppercone2 »
 

Offline MLXXXp

  • Frequent Contributor
  • **
  • Posts: 344
  • Country: ca
Re: WARNING: Compromised Accounts
« Reply #4 on: February 21, 2024, 01:39:07 am »
and/or use the 2FA security feature.

Any chance support for FIDO hardware security keys for 2FA (Yubico, Google Titan, etc.) could be added?
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 39026
  • Country: au
    • EEVblog
Re: WARNING: Compromised Accounts
« Reply #5 on: February 21, 2024, 02:31:36 am »
How does one brute-force a password?  Don't you lock the account out for X hours after Y unsuccessful attempts?
Usually, "brute forcing" a password involves a stolen password database file, potentially from some other site where the user with the same name used the same password.

Yes, probably more likely to be the owner had their account compromised and shared a password.
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 39026
  • Country: au
    • EEVblog
Re: WARNING: Compromised Accounts
« Reply #6 on: February 21, 2024, 02:33:20 am »
and/or use the 2FA security feature.
Any chance support for FIDO hardware security keys for 2FA (Yubico, Google Titan, etc.) could be added?

If there is an SMF plugin that does that then I'm happy to install it, I use hardware keys myself. But last I looked there wasn't.
 

Offline coppercone2

  • Super Contributor
  • ***
  • Posts: 11345
  • Country: us
  • $
Re: WARNING: Compromised Accounts
« Reply #7 on: February 21, 2024, 03:29:38 am »
arent all these accounts long dormant?
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 39026
  • Country: au
    • EEVblog
Re: WARNING: Compromised Accounts
« Reply #8 on: February 21, 2024, 04:11:41 am »
arent all these accounts long dormant?

Haven't checked them all, but from what I've seen, not recent posters. But they were still active accounts with legit posts.
 

Online CatalinaWOW

  • Super Contributor
  • ***
  • Posts: 5572
  • Country: us
Re: WARNING: Compromised Accounts
« Reply #9 on: February 21, 2024, 06:18:40 am »
Do you send notifications to those who have been compromised?
 

Offline Zoli

  • Frequent Contributor
  • **
  • Posts: 583
  • Country: ca
  • Grumpy old men
Re: WARNING: Compromised Accounts
« Reply #10 on: February 21, 2024, 06:54:07 am »
I've checked(other forum, so is a widespread issue) some of the compromised e-mails: typically pawned in 10+ data breaches; add bad password hygiene in the mix, and you have the current situation.
Edit: since I've seen the spam posts(similar to the other location), I recommend to Dave, to use the forum censorship to change the *.site advertisement to something else(spam would be an idea).
« Last Edit: February 21, 2024, 06:58:29 am by Zoli »
 

Online magic

  • Super Contributor
  • ***
  • Posts: 7460
  • Country: pl
Re: WARNING: Compromised Accounts
« Reply #11 on: February 21, 2024, 08:25:21 am »
How does one brute-force a password?  Don't you lock the account out for X hours after Y unsuccessful attempts?

Usually, "brute forcing" a password involves a stolen password database file, potentially from some other site where the user with the same name used the same password.
"Brute forcing" means repeatedly trying random passwords without any idea which one could be right.

I tested this forum during the last wave of compromised account spam. A few failed login attempts lock the account for a few minutes and during this time even the correct password doesn't work. So true brute forcing is slow and unlikely to succeed.

These compromises are caused by using "well known" login/pw combinations, usually obtained from other hacked websites. If you know that some login had a particular password on another site, it's a no brainer to check if the same password also works here.
« Last Edit: February 21, 2024, 08:27:12 am by magic »
 
The following users thanked this post: thm_w

Offline jvmartins

  • Newbie
  • Posts: 2
  • Country: ae
Re: WARNING: Compromised Accounts
« Reply #12 on: December 12, 2024, 04:13:28 am »
Can someone explain how to set 2FA in this forum?
My account was hacked, I managed to reset the password but now I want to include 2FA.

 

Online Kean

  • Supporter
  • ****
  • Posts: 2469
  • Country: au
  • Embedded systems & IT consultant
    • Kean Electronics
Re: WARNING: Compromised Accounts
« Reply #13 on: December 12, 2024, 04:17:26 am »
Can someone explain how to set 2FA in this forum?
My account was hacked, I managed to reset the password but now I want to include 2FA.

Visit https://www.eevblog.com/forum/profile/
Then go to menu Modify Profile, then Two-Step Authentication
I have it enabled already so I cannot tell you what you will see there, but it should be pretty straightforward to set up using an Authenticator app or email codes.
 
The following users thanked this post: EEVblog

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 39026
  • Country: au
    • EEVblog
Re: WARNING: Compromised Accounts
« Reply #14 on: December 12, 2024, 05:40:03 am »
Can someone explain how to set 2FA in this forum?
My account was hacked, I managed to reset the password but now I want to include 2FA.

Visit https://www.eevblog.com/forum/profile/
Then go to menu Modify Profile, then Two-Step Authentication
I have it enabled already so I cannot tell you what you will see there, but it should be pretty straightforward to set up using an Authenticator app or email codes.

I've been using 2FA for years since I installed it, and it works great. Slightly annoying to enter the code every 30 days, but well worth the extra security.
 
The following users thanked this post: Kean

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 39026
  • Country: au
    • EEVblog
Re: WARNING: Compromised Accounts
« Reply #15 on: December 12, 2024, 05:43:48 am »
Do you send notifications to those who have been compromised?

FYI
gnif has written a custom script that tries to detect compromised accounts and automatically locks them with a notice to the user to email me direct to get their account back.
I get a few emails a month from existing users that have had thier computer hacked or password compromised in some other way and it's been auto-detected.

For those unsure how this happens, rest assured the passwords are NOT being stolen from this forum, but they have had their data stolen from some other site or hack on their own computer, and people often reuse passwords on different sites.
They can often find out using:
https://haveibeenpwned.com/
« Last Edit: December 12, 2024, 05:47:36 am by EEVblog »
 
The following users thanked this post: thm_w, Kean

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: WARNING: Compromised Accounts
« Reply #16 on: December 17, 2024, 09:24:41 am »
I banned two manually today as well. Seems like another wave coming through.
 

Online voltsandjolts

  • Supporter
  • ****
  • Posts: 2550
  • Country: gb
Re: WARNING: Compromised Accounts
« Reply #17 on: December 17, 2024, 10:06:47 am »
For anyone who isn't sure how this 2FA works, here is my understanding:

When you sign-up for 2FA, a random seed code is generated by this forum and shared to your chosen authenticator app, via a QR code scan or manual entry. Thereafter, when you want to login, the authenticator app will generate a one-time-code based on that seed and the current time, using the math described in RFC 6238. The forum verifies the one-time-code using your seed and the current time.

You can use any authenticator app that supports RFC 6238. I already used the microsoft authenticator app for work stuff and found it works fine with 2FA on this forum. There are other options, such as Google Authenticator or Authy.

When you setup 2FA, you're given a 'backup code' that you can use to gain access if, say, you lose your phone. If that fails, contact the sys admins through email.

I was unsure at first, but now recommend it, it's super easy!
 
The following users thanked this post: EEVblog, Rerouter

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 39026
  • Country: au
    • EEVblog
Re: WARNING: Compromised Accounts
« Reply #18 on: December 17, 2024, 01:57:58 pm »
For anyone who isn't sure how this 2FA works, here is my understanding:

When you sign-up for 2FA, a random seed code is generated by this forum and shared to your chosen authenticator app, via a QR code scan or manual entry. Thereafter, when you want to login, the authenticator app will generate a one-time-code based on that seed and the current time, using the math described in RFC 6238. The forum verifies the one-time-code using your seed and the current time.

It should be noted that the forum can remember your login for 30 days before you have to use the authenticator app again.
I use Google Authenticator for the forum.
 

Offline MLXXXp

  • Frequent Contributor
  • **
  • Posts: 344
  • Country: ca
Re: WARNING: Compromised Accounts
« Reply #19 on: December 17, 2024, 05:13:37 pm »
There are other options, such as Google Authenticator or Authy.

When on a PC, I use KeePassXC.

I still wish that FIDO hardware security keys were supported.  :(
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: WARNING: Compromised Accounts
« Reply #20 on: December 27, 2024, 12:34:51 am »
There are other options, such as Google Authenticator or Authy.

When on a PC, I use KeePassXC.

I still wish that FIDO hardware security keys were supported.  :(

You might want to consider Bitwarden. I was a Keepass user for many years, I now prefer Bitwarden as it's cross-platform and supports FIDO2 keys even on the free tier. (I pay for it, that's how much I like it.)
 
The following users thanked this post: BradC

Offline MLXXXp

  • Frequent Contributor
  • **
  • Posts: 344
  • Country: ca
Re: WARNING: Compromised Accounts
« Reply #21 on: December 27, 2024, 05:30:07 pm »
I now prefer Bitwarden as it's cross-platform

KeePassXC is cross platform, as well.

and supports FIDO2 keys even on the free tier.

I meant I wish that the EEVblog forum supported FIDO keys, so I didn't even have to use KeePassXC, Google Authenticator, or any other TOTP generator for 2FA.
« Last Edit: December 27, 2024, 05:56:07 pm by MLXXXp »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf