Results 1 to 10 of 10
  1. #1
    All the years to come I want you to remember the one man who beat you. Cropels's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Apr 2014
    Location
    México City
    Age
    28
    Posts
    65

    So 46.28.110.136 Tried to access my account.

    Yesterday I received an Email from AOD, which said the address "46.28.110.136" tried to access my account.

    Original email:

    Dear AOD_Cropels,
    Someone has tried to log into your account on ClanAOD.net Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.
    The person trying to log into your account had the following IP address: 46.28.110.136

    All the best,
    ClanAOD.net Forums

    So, I'm not the only one with this problem...
    Maybe you should take measures against this...

  2. #2
    Can I have your Tots AhrenHawkins's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Dec 2014
    Location
    Montreal, Canada
    Age
    26
    Posts
    13

    Default

    The given IP is a TOR exit. Hence, there's no way to localize who did it, if it was a bot doing it's automation or a person willingly targetting AOD.

    In any case, i see no measure requiring to be taken. The person/bot was obviously not able to log in to the account as you are recieving this warning.

    The only measure that i suggest taking is to have a password that is not easy to guess.

    Here's a quick Google page on password security and the utmost basic tips.

  3. #3
    All the years to come I want you to remember the one man who beat you. Cropels's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Apr 2014
    Location
    México City
    Age
    28
    Posts
    65

    Default

    Quote Originally Posted by AhrenHawkins View Post
    The given IP is a TOR exit. Hence, there's no way to localize who did it, if it was a bot doing it's automation or a person willingly targetting AOD.

    In any case, i see no measure requiring to be taken. The person/bot was obviously not able to log in to the account as you are recieving this warning.

    The only measure that i suggest taking is to have a password that is not easy to guess.

    Here's a quick Google page on password security and the utmost basic tips.

    Yeah about that, some weeks ago I changed my password for avoid this kind of stuff. and then this happened.

    So, How many times do I need to change my password?

  4. #4
    Can I have your Tots AhrenHawkins's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Dec 2014
    Location
    Montreal, Canada
    Age
    26
    Posts
    13

    Default

    Quote Originally Posted by AOD_Cropels View Post
    Yeah about that, some weeks ago I changed my password for avoid this kind of stuff. and then this happened.

    So, How many times do I need to change my password?
    Depends on the type of account, really. At work, due to extremely sensitive projects we are working on, we're required to change our passwords once every month.

    But for forum internet accounts, as long as your password is a bit lengthy and complicated, your computer secure and you clear of surfing on shady websites (Ex. DownloadFreeGameWithoutSurveysToday.co.biz.uk) or such, you should be more than fine to keep it for quite a while :)

    Here's a reference link by the UCSF on what's a bad and what's a good password. https://it.ucsf.edu/policies/bad-passwords

    Certain websites offer a "two-step verification" option. Where you may link a phone number or use an email address which the website will send a verification code to that email/number. So if an attacker is able to compromise a website/software account, and do not have access to the Cellphone/Email, they're unable to do anything. A good example of this is Steam Guard

    I could go on for hours and pages explaining Computer security and related things, but you can easily access already written articles and works on the subject via Google. But if you wish me to link some, ask ahead! :).


    TL;DR : It depends. Don't be paranoid about it, but don't be lazy!

  5. #5
    All the years to come I want you to remember the one man who beat you. Cropels's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Apr 2014
    Location
    México City
    Age
    28
    Posts
    65

    Default

    Quote Originally Posted by AhrenHawkins View Post
    Depends on the type of account, really. At work, due to extremely sensitive projects we are working on, we're required to change our passwords once every month.

    But for forum internet accounts, as long as your password is a bit lengthy and complicated, your computer secure and you clear of surfing on shady websites (Ex. DownloadFreeGameWithoutSurveysToday.co.biz.uk) or such, you should be more than fine to keep it for quite a while :)

    Here's a reference link by the UCSF on what's a bad and what's a good password. https://it.ucsf.edu/policies/bad-passwords

    Certain websites offer a "two-step verification" option. Where you may link a phone number or use an email address which the website will send a verification code to that email/number. So if an attacker is able to compromise a website/software account, and do not have access to the Cellphone/Email, they're unable to do anything. A good example of this is Steam Guard

    I could go on for hours and pages explaining Computer security and related things, but you can easily access already written articles and works on the subject via Google. But if you wish me to link some, ask ahead! :).


    TL;DR : It depends. Don't be paranoid about it, but don't be lazy!

    Thanks for everything, I already changed my all passwords using help from those links (not long ago ( 3 weeks ago)), but here still the problem, maybe I can change my passwords twice every month or week, but how can I be sure that will stop the guys who tried to get my Account...?

    As far I know, every account I have, needs a "two step verification" from my Cellphone and I'm fine with that, but I'll be more quieter if AOD doesn't let the people try to get someone's account without an existing account.
    And that is just an idea what can they do...

  6. #6
    The Token Staff Sergeant Master Butters's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Jul 2010
    Location
    Spokane, Washington
    Age
    31
    Posts
    5,324

    Default

    This has been happening to a lot of people, so you're not alone.

  7. #7
    A Mighty Pirate!
    AOD_Guybrush's Avatar
    Rank
    Master Sergeant
    Division
    Skull and Bones
    Status
    Active
    Join Date
    Sep 2014
    Location
    Raleigh, NC
    Age
    35
    Posts
    4,175

    Default

    Quote Originally Posted by AOD_Cropels View Post
    Maybe you should take measures against this...
    This is sort of the reason for the 24 hour block after 5 failed attempts to login. It prevents anyone from brute forcing their way into an account.


    Quote Originally Posted by AOD_Cropels View Post
    Thanks for everything, I already changed my all passwords using help from those links (not long ago ( 3 weeks ago)), but here still the problem, maybe I can change my passwords twice every month or week, but how can I be sure that will stop the guys who tried to get my Account...?.
    You can't. Anyone can try to login as you (or me, or pretty much anyone whose posts are viewable to users not logged in). It's that they only get 5 attempts to do so before they're blocked for 24 hours.

    Obviously, rotating passwords on a regular basis is a good way to ensure account security. But unless your password just so happens to be "apple" or "123", it's highly unlikely that someone will be able to gain access within 5 tries.

    If the number of failed attempts is reduced, the level of security goes up, but you're going to have some unhappy campers who aren't good at keeping up with passwords.

    At any rate, I wouldn't lose any sleep over this if I were you.


    but I'll be more quieter if AOD doesn't let the people try to get someone's account without an existing account.
    Not quite sure what you mean by this
    Last edited by AOD_Guybrush; 07-21-2015 at 06:22 PM.

  8. #8
    All the years to come I want you to remember the one man who beat you. Cropels's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Apr 2014
    Location
    México City
    Age
    28
    Posts
    65

    Default

    Quote Originally Posted by AOD_Guybrush View Post
    Not quite sure what you mean by this
    That they Need an account for get the Login button or the boxes where you write your username and password

  9. #9
    A Mighty Pirate!
    AOD_Guybrush's Avatar
    Rank
    Master Sergeant
    Division
    Skull and Bones
    Status
    Active
    Join Date
    Sep 2014
    Location
    Raleigh, NC
    Age
    35
    Posts
    4,175

    Default

    Quote Originally Posted by AOD_Cropels View Post
    That they Need an account for get the Login button or the boxes where you write your username and password
    How would you know they have an account before they've logged in?

  10. #10
    All the years to come I want you to remember the one man who beat you. Cropels's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Apr 2014
    Location
    México City
    Age
    28
    Posts
    65

    Default

    Quote Originally Posted by AOD_Guybrush View Post
    How would you know they have an account before they've logged in?
    Yeah, I think about that.. Nvm


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
vBulletin Skin By: ForumThemes.com
Top