Author Topic: Log in every time??? (Read 5950 times)

micki · « **on:** February 15, 2011, 19:39:59 »

For the past three days I've had to log in using my user name and password. I've checked the Log In Forever box and yet I still have to log back in. Anyone else having this issue?

kattz · « **Reply #1 on:** February 15, 2011, 19:43:35 »

micki · « **Reply #2 on:** February 15, 2011, 19:49:42 »

BRIAN!!!

Kenn · « **Reply #3 on:** February 15, 2011, 19:54:01 »

I have noticed this as well

lazylivin · « **Reply #4 on:** February 15, 2011, 20:08:13 »

Me to, let me see what I can find out.

buckeyereefer · « **Reply #5 on:** February 15, 2011, 20:50:26 »

no problem here so far.

rayviv · « **Reply #6 on:** February 15, 2011, 20:50:51 »

Me also; Plus when I try to send mail or reply to mail I hit send and it says I have been timed out and I lose what I have typed and have to login again

lazylivin · « **Reply #7 on:** February 15, 2011, 20:52:01 »

I made a change in timeout duration. Let me know if it helps or not.

Secondgen · « **Reply #8 on:** February 16, 2011, 00:32:39 »

Still having to log in everytime Brian.

Kenn · « **Reply #9 on:** February 16, 2011, 00:35:18 »

Mine connection seems to be doing fine now ... I will post if it changes

lazylivin · « **Reply #10 on:** February 16, 2011, 00:50:54 »

I made a couple tweaks, hopefully it resolves the issue.

ohioreef · « **Reply #11 on:** February 16, 2011, 01:01:16 »

I noticed that on my end also. Real PITB!

Joel · « **Reply #12 on:** February 16, 2011, 05:55:34 »

As of this morning (wed 16th) I still am having to re log in.

Another problem that I am having is that when I click on "show unread posts" it displays nothing. I had to scroll through the forum to find this thread.

This problem happens at home as well as at the shop so I don't think it's my computer.

Joel

micki · « **Reply #13 on:** February 16, 2011, 07:46:30 »

Quote from: Joel on February 16, 2011, 05:55:34

As of this morning (wed 16th) I still am having to re log in.

Another problem that I am having is that when I click on "show unread posts" it displays nothing. I had to scroll through the forum to find this thread.

This problem happens at home as well as at the shop so I don't think it's my computer.

Joel

Same here...

kattz · « **Reply #14 on:** February 16, 2011, 10:43:18 »

Mine is OK since 2 days ago.

Sunny · « **Reply #15 on:** February 16, 2011, 11:49:49 »

Mine is good now that I clicked on the "stay logged in" box after I had to log on. Maybe it's the 2012 thing starting to mess with our computers ..

ohioreef · « **Reply #16 on:** February 16, 2011, 12:13:05 »

Not fixed here either.

I'll try clearing my cache and cookies and let you know if that changes anything.

micki · « **Reply #17 on:** February 16, 2011, 12:51:02 »

Not working here either. Had to log in again...

lazylivin · « **Reply #18 on:** February 16, 2011, 12:54:10 »

I temporally disabled the Image Shack Plug-in just to eliminate that from the equation. If it happens again that I will add it back and disable something else that was recently added to the forum. I will also check the logs tonight when I get home to see if I can find root cause. Thanks for your patience.

micki · « **Reply #19 on:** February 16, 2011, 13:00:18 »

Thanks for all your help!

Secondgen · « **Reply #20 on:** February 17, 2011, 00:05:37 »

Still having to log in everytime Brian. Just letting you know.

lazylivin · « **Reply #21 on:** February 17, 2011, 00:17:12 »

Warning Please Read

Got home really late from work tonight so just now getting to look at the logs. I was surprised to find 10's of thousands of failed login attempts. Even for non active members. It's become obvious pretty quick that someone is running a script to try and guess members passwords. What I can tell you is that this hacker is sitting behind a TOR which makes it pretty much impossible for me to track back to source without a lot of work and resources I don't have. There are a lot of reasons why someone would do this. Most likely for a financial gain. Once gaining access to your User Name, Email Address and Password they will take that information and try logging into sites like Paypal with it. Another reason would be someone that just doesn't like Ohio Reef and wants to do it harm. Less likely but possible due to the knowledge it takes to create and execute this kind of activity. With this said please ensure your password to Ohio Reef is unique. It is not a good idea to have the same password as you would use for your online financial transactions.

To give you an example of what I am seeing in the log. Below is a filter of just one of 100's of IP address that is attacking ohioreef.com. As you can see it is passing the username and a password and will continue to do so until it gets a successful login.

199.48.147.41   Guest   Password incorrect - verper
199.48.147.41   Guest   Password incorrect - Learning_The_Hard_Way
199.48.147.41   Guest   Password incorrect - Lazylivin
199.48.147.41   Guest   Password incorrect - gregsayers2000
199.48.147.41   Guest   Password incorrect - Secondgen
199.48.147.41   Guest   Password incorrect - Secondgen
199.48.147.41   Guest   Password incorrect - Secondgen
199.48.147.41   Guest   Password incorrect - gregsayers2000
199.48.147.41   Guest   Password incorrect - sticks_wife
199.48.147.41   Guest   Password incorrect - micki
199.48.147.41   Guest   Password incorrect - ~reefchik~
199.48.147.41   Guest   Password incorrect - Joel
199.48.147.41   Guest   Password incorrect - ohioreef
199.48.147.41   Guest   Password incorrect - Lazylivin
199.48.147.41   Guest   Password incorrect - rancoo

There are things I can do to combat these malicious attacks but it is not going to be an overnight fix. So please be sure to protect yourself having a unique complex password.

Wall_Tank · « **Reply #22 on:** February 17, 2011, 19:14:51 »

Brian, since these attacks all come from a single IP address, can't you automatically block an IP address based on failed log in attempts. Granted they will just change their IP address, but it should slow them down, and possibly get frustrated.

micki · « **Reply #23 on:** February 17, 2011, 19:21:51 »

Thanks for the update Brian. I'm sorry this has turned into such a PITB for you.

cyberwollf · « **Reply #24 on:** February 17, 2011, 19:39:05 »

It would have to be an SMF targeted bot that gets in as a guest in order to collect usernames to try, right?

Kenn · « **Reply #25 on:** February 17, 2011, 20:12:09 »

thats a good possibility ... someone could also collect member names from the home page. Online members are listed on the left even if your not signed in

cyberwollf · « **Reply #26 on:** February 17, 2011, 20:15:34 »

Quote from: Kenn on February 17, 2011, 20:12:09

thats a good possibility ... someone could also collect member names from the home page. Online members are listed on the left even if your not signed in

Are we really a big enough club for someone to go through the hassel of manually collecting usernames? I'd think someone would write a script to target SMF fourms since they'd all use the same HTTP Headers. They could just get a list of all SMF sites and let the CPU do its work.

ohioreef · « **Reply #27 on:** February 17, 2011, 20:47:44 »

We aren't the only ones experiencing this: http://www.simplemachines.org/community/index.php?topic=416928.0

Kenn · « **Reply #28 on:** February 17, 2011, 22:23:26 »

Quote from: cyberwollf on February 17, 2011, 20:15:34

Are we really a big enough club for someone to go through the hassel of manually collecting usernames? I'd think someone would write a script to target SMF fourms since they'd all use the same HTTP Headers. They could just get a list of all SMF sites and let the CPU do its work.

I dont disagree with you but people who do this have a lot of time on thier hands and when you discount someone would do it just because YOU (not you personally

) think it is a slow and tedious way, you open yourself up to exploitation.

lazylivin · « **Reply #29 on:** February 17, 2011, 23:12:30 »

Thanks for the link Gary, it led me to a fix that is looking promising.

Paul the list I provided was a sort by IP addresses so I could show a single IP to many account logon attempts. There were 100's of new IP addresses hitting us each hour.

lazylivin · « **Reply #30 on:** February 18, 2011, 22:37:45 »

We are definitely good to go. Was seeing several attempted logins per minute last night and haven't seen one since the fix. You may have had to re-login once more after the fix but that shouldn't not happen anymore.

ohioreef · « **Reply #31 on:** February 18, 2011, 22:56:09 »

Seems to be fixed here!! Good job, Brian!!

lazylivin · « **Reply #32 on:** February 19, 2011, 00:36:07 »

Great! Thanks

Kenn · « **Reply #33 on:** February 19, 2011, 00:57:20 »

Everything is working good on my end as well

Thanks for all the work Brian

Secondgen · « **Reply #34 on:** February 19, 2011, 01:23:00 »

Good for me Brian. Thank you.

micki · « **Reply #35 on:** February 19, 2011, 07:56:40 »

I'm gone most of this weekend, but thought I would try this morning before I left and it's a GOOD TO GO!!! Thanks so much Brian!!!

reefkeeper · « **Reply #36 on:** February 19, 2011, 09:34:15 »

Thanks Brian. It's working great now!

Telekinesis · « **Reply #37 on:** February 19, 2011, 10:02:47 »

Good thing I have the most ridiculous password ever. Those of you who had auto-login issues might want to change your passwords, as I'm pretty sure this means your account was successfully logged into. I'm assuming providing an incorrect password for a random username from a different connection/PC wouldn't be enough to tamper with your settings. In fact, I'd make sure you weren't using the same one for bank info or anything more personal. Maybe it isn't that serious, but it's better to be safe than sorry. There are a lot of reasons people steal passwords, but posting under your account on a reef club forum is hardly one of them.

Just my two cents. Feel free to correct me if I'm wrong about the log settings.

ohioreef · « **Reply #38 on:** February 19, 2011, 10:17:56 »

Unless your password was ridiculously easy, ie same as log-in, I'm pretty sure no passwords were compromised. The error log showed all incorrect attempts, correct me if I'm wrong, Brian. The need to log-in each time was a security feature of the software.

Joel · « **Reply #39 on:** February 19, 2011, 10:20:52 »

All is back to normal for me as well, great job!

lazylivin · « **Reply #40 on:** February 19, 2011, 10:39:18 »

You are 100% correct Gary, it is very unlikely a password was comprised and the need to relogin was a result of the Security protection feature on Ohio Reef. Just to add to that the log won't show a successful login, so a account could have been comprised and not know to us. With this said it is a good idea to change your passwords for your online financial banking/transactions if it was the same as what you have on Ohio Reef.

Telekinesis · « **Reply #41 on:** February 19, 2011, 10:44:46 »

Ahh, gotcha. Thanks for the info, all. I've never maintained an SMF board, so it's nice to know there's a security feature like that in place. I'm glad to see it appears to be resolved. I'm far too lazy to log in and out all the time.

lazylivin · « **Reply #42 on:** February 19, 2011, 11:03:38 »

I just checked the configuration and it was set to trigger at three failed attempts. When breaching that it would remove the cached session in the database and require a authentication. I am not sure how that helps from a security stand point other then creating awareness that there is an issue. Maybe that is it?

cyberwollf · « **Reply #43 on:** February 20, 2011, 19:48:21 »

You'd be surprised at some of the password dictionaries that have been created for cracking. #1 make sure your password is NOTHING that exists in Websters, etc. #2 not a ASDF type keyboard pattern. Those too are pretty well mapped and easily guessed in the first few 100,000 tries lol. Anytime a password database is hacked, those guys pass around the results to update "common" passwords

rayviv · « **Reply #44 on:** February 20, 2011, 20:00:52 »

What is === ASDF type keyboard pattern?

Wall_Tank · « **Reply #45 on:** February 20, 2011, 20:03:20 »

Look at your keyboard Ray. You would be surprised how many use passwords

12345
qwerty
asdfg
zxcvb

etc.

rayviv · « **Reply #46 on:** February 20, 2011, 20:21:14 »

Thanks man.
Seems the older I get the more I seem to need things spelled out for me.
Appreciate your help.

cyberwollf · « **Reply #47 on:** February 20, 2011, 20:58:46 »

Quote from: rayviv on February 20, 2011, 20:00:52

What is === ASDF type keyboard pattern?

like just going across the middle line of the keyboard "asdfghjkl" (or top line "qwertyuiop") same goes with vertical patterns. You figure lots of folks have lots of passwords and a pattern is easier to remember. BUT those are much easier to crack. Just think, If its anything that anyone else might EVER consider, its in a password cracker database somewhere (names included). Combinations of special charactors (@#$%) and numbers with words is best.

cyberwollf · « **Reply #48 on:** February 20, 2011, 21:00:04 »

Quote from: Wall_Tank on February 20, 2011, 20:03:20

Look at your keyboard Ray. You would be surprised how many use passwords

12345
qwerty
asdfg
zxcvb

etc.

DOH, didnt refresh to see your response lol

2024 Ohio Reef Frag Swap

Author Topic: Log in every time??? (Read 5950 times)