Author Topic: ATTENTION: Attempted security attack discovered!  (Read 41023 times)

helvetica

  • Arcade Maid
  • *
  • United Federation
ATTENTION: Attempted security attack discovered!
« on: February 17, 2011, 04:53:21 AM »
In the past couple of days some of you may have been randomly logged out of your accounts.  This turns out to have been caused by an ongoing attack trying to bruteforce people's logins.  There have been no signs of any successful breach but just to be safe we are asking everyone to change their passwords at this time.

The people targetted have their username set to match their display name.  If at all possible please try to keep them separate.  We are looking at a long term solution, most likely login via email or some other type of hidden info.  For now profile viewing and member list viewing has been blocked for people with less than 10 posts (guests could never view).  If  you would like to have your username changed please get in contact with me or another admin and we will gladly do so.

As a result of the security precautions, TOR is blocked from accessing the site.  We apologize for any inconvenience and we respectfully ask you disable TOR or any other anonymizing proxy if your situation allows.


Twitter: @hipsterfont | Discord: helvetica#0573 | LINE: hipsterfont

He thought that on that same day he was to take the city of Priam, but he little knew what was in the mind of Jove, who had many another hard-fought fight in store alike for Danaans and Trojans."


Tengukami

  • Breaking news. Any season.
  • *
  • I said, with a posed look.
Re: ATTENTION: Attempted security attack discovered!
« Reply #1 on: February 17, 2011, 05:04:01 AM »
Thanks for the heads up, changing password now.

So, where is this attack coming from?

"Human history and growth are both linked closely to strife. Without conflict, humanity would have no impetus for growth. When humans are satisfied with their present condition, they may as well give up on life."

Edible

  • One part the F?hrer, one part the Pope
  • *
  • It's the inevitable return, baby
Re: ATTENTION: Attempted security attack discovered!
« Reply #2 on: February 17, 2011, 05:11:34 AM »
Very small but persistent attack from TOR.

We disabled TOR access to the site for the time being.

Schezo

  • en-counse
Re: ATTENTION: Attempted security attack discovered!
« Reply #3 on: February 17, 2011, 05:17:00 AM »
Ah, so that would be why.  It was unusually frequent for like the past 5 or so days.  Running to change password now.  (Although not the name yet because of Mafia)

nintendonut888

  • So those that live now, pledge on your fists and souls
  • Leave a sign of your life, no matter how small...
Re: ATTENTION: Attempted security attack discovered!
« Reply #4 on: February 17, 2011, 05:18:34 AM »
My name.

It has been butchered in the name of safety.

;_;
nintendonut888: Hey Baity. I beat the high score for Sanae B hard on the score.dat you sent me. X3
Baity: For a moment, I thought you broke 1.1billion. Upon looking at my score.dat, I can assume that you destroyed the score that is my failed (first!) 1cc attempt on my first day of playing. Congratulations.

[19:42] <Sapz> I think that's the only time I've ever seen a suicide bullet shoot its own suicide bullet

Kerigis

  • *Gnaws Donut*
  • Bow down before the true administrator!
Re: ATTENTION: Attempted security attack discovered!
« Reply #5 on: February 17, 2011, 05:27:13 AM »
Ouch, thanks for the heads up.
Pass changed.
No, I will not tell you.

*Goes back to curling up*

Powerup punchin'!

HakureiSM

  • Reimu is all of it
  • I suddenly feel like I ate a crowbar.
Re: ATTENTION: Attempted security attack discovered!
« Reply #6 on: February 17, 2011, 05:35:30 AM »
I believe this doesn't have anything to do with the big truck in my sig 2 days ago? :derp:

Just to be sure.
[20:45:19] Ciryano: come and behold why they call it the Panzerfaust
[20:45:39] Hakurei Reimu: ... because it shoots once and then you throw it out?
                                                                                   .

theshirn

  • THE LAWS OF THE FIESTA MEAN NOTHING
  • *
    • Wisdom is Not a Dump Stat
Re: ATTENTION: Attempted security attack discovered!
« Reply #7 on: February 17, 2011, 05:38:59 AM »
Hmmm...I'll change it for now.

[09:46] <theshim|work> there is nothing like working for a real estate company to make one contemplate arson

Zengar Zombolt

  • Space-Time Tuning Circle - Wd/Fr
  • Green-Red Divine Clock
Re: ATTENTION: Attempted security attack discovered!
« Reply #8 on: February 17, 2011, 05:39:44 AM »
Shenanigans have me safe! Still, gonna get a hand on that pass.

Re: ATTENTION: Attempted security attack discovered!
« Reply #9 on: February 17, 2011, 05:42:07 AM »
Been logged out a couple of times, so I changed my name and password. Thanks for the heads-up.
All lies and all sin, all dreams and all majesty, Everything rots in this ruined hell

[The Perfect, Elegant Maid] [Pathos of the Hated People] [Music, Projects, and Art]

Re: ATTENTION: Attempted security attack discovered!
« Reply #10 on: February 17, 2011, 05:45:21 AM »
I'll probably end up changing my name to back after the mafia game.
Thank you for the warning.

Dragoshi

  • Some sort of lurking trainwreck
  • May or may not exist. Possibly. Maybe.
Re: ATTENTION: Attempted security attack discovered!
« Reply #11 on: February 17, 2011, 05:49:26 AM »
Name changed.

Thanks for tellin' us.
All shall be well and all shall be well and all manner of things shall be well.

Drake

  • *
Re: ATTENTION: Attempted security attack discovered!
« Reply #12 on: February 17, 2011, 05:58:34 AM »
i'm just a dork

A Colorful Calculating Creative and Cuddly Crafty Callipygous Clever Commander
- original art by Aiけん | ウサホリ -

Vibri

  • yo, the beats are strong
  • but the night is long
Re: ATTENTION: Attempted security attack discovered!
« Reply #13 on: February 17, 2011, 06:03:39 AM »
sweet now I have an excuse to change all my shit and confuse everyone

Edible

  • One part the F?hrer, one part the Pope
  • *
  • It's the inevitable return, baby
Re: ATTENTION: Attempted security attack discovered!
« Reply #14 on: February 17, 2011, 06:08:53 AM »
sweet now I have an excuse to change all my shit and confuse everyone

;_; I loved you, and your glorious music-based platformy gameplay.

Re: ATTENTION: Attempted security attack discovered!
« Reply #15 on: February 17, 2011, 06:10:16 AM »
I was just logged out, even with my display name being different from my username.

Might be a sign that they're stepping it up a bit.

Byaaakuren

  • Youkai Jesus, Queen of the Monks
    • Animu List
Re: ATTENTION: Attempted security attack discovered!
« Reply #16 on: February 17, 2011, 06:11:39 AM »
Changed. Thanks for the warning

I thank my friend for the sig <3
My noob replays :V
Tumblr (I post NSFW stuff there)

Dormio Ergo Sum

  • MotK's Official Idlebot
  • *
  • I don't bite... much.
Re: ATTENTION: Attempted security attack discovered!
« Reply #17 on: February 17, 2011, 06:16:12 AM »
So that's what that was.

Kips McKipzerson

  • I never did learn
Re: ATTENTION: Attempted security attack discovered!
« Reply #18 on: February 17, 2011, 06:18:21 AM »
Ah god damn, I gotta change my password, eh?
Also, I'm getting a lot of 403, aka "Forbidden" errors. Would that be part of this attack or no?

NekoInc Likes Birds

  • Flying like a bird
  • BIRD.
Re: ATTENTION: Attempted security attack discovered!
« Reply #19 on: February 17, 2011, 06:23:18 AM »
Thank you very much for the professional, reasonably detailed report as to what was happening, and what the fixing measure are.

I would like to suggest, next time you're working on the SMF files, that somehow, a notification that your login and visible names should be different should be provided at registration. Forgetting how the registration works on SMF, I'm betting that there's a line for visible name during registration - simply adding a boldfaced "For security reasons, do not make this the same as your login name" should be a reasonable warning.

It won't stop idiots, but this might be a case where, if we can get a majority of accounts to avoid this, then this hack becomes ill-worthwhile - the machine effort put in becoming more useful to put to attack other forums. Essentially, the same principle as herd immunity in disease-research fields.

(I also changed my secret question and answer to "WHY ARE YOU ASKING THIS WHEN YOU HAVE YOUR PASSWORD STORAGE PROGRAM?!", and then made sure the secret answer would be ridiculously hard to get by any means ever.)

Jana

  • mrgrgr
  • *
Re: ATTENTION: Attempted security attack discovered!
« Reply #20 on: February 17, 2011, 06:25:27 AM »
Also, I'm getting a lot of 403, aka "Forbidden" errors. Would that be part of this attack or no?

This has to do more with forum traffic. I suggest clearing your cache.

Thanks for remaining ever-vigilant! o7


Fluffy Rocket Tails

  • The fluffiest.
  • Far superior to any Tanuki.
Re: ATTENTION: Attempted security attack discovered!
« Reply #22 on: February 17, 2011, 06:28:05 AM »
Fortunately I accidentally spelled my name wrong when I joined.  :V
So when I realized, I changed the display name to the way I'd meant to spell it (Skyrocket) so I don't have to change anything here.

I'll change the password right away, as soon as I think of a good one, which shouldn't take long at all.
Take me on a rocket ride.

Kaboom!

Bias Bus

  • It's unpleasent
  • *
  • if you're better than me
Re: ATTENTION: Attempted security attack discovered!
« Reply #23 on: February 17, 2011, 06:57:41 AM »
Changed whatever was changeable in profile. Thanks for the heads up, although...
I was just logged out, even with my display name being different from my username.
Yeah, this for me too.
No Math Zone - Tumblr (slight nsfw) | Legend of a Hot-Blooded Pig

"The only guy you know to draw fat Touhous." - Erebus

HakureiSM

  • Reimu is all of it
  • I suddenly feel like I ate a crowbar.
Re: ATTENTION: Attempted security attack discovered!
« Reply #24 on: February 17, 2011, 07:03:04 AM »
Came here to say the same Erebus and Rdj did.
Just got logged off. Reset my password again.
[20:45:19] Ciryano: come and behold why they call it the Panzerfaust
[20:45:39] Hakurei Reimu: ... because it shoots once and then you throw it out?
                                                                                   .

Kips McKipzerson

  • I never did learn
Re: ATTENTION: Attempted security attack discovered!
« Reply #25 on: February 17, 2011, 07:06:11 AM »
So, Why exactly are we getting attacked? Are they just jelly or wut?

Zengar Zombolt

  • Space-Time Tuning Circle - Wd/Fr
  • Green-Red Divine Clock
Re: ATTENTION: Attempted security attack discovered!
« Reply #26 on: February 17, 2011, 07:17:50 AM »

theshirn

  • THE LAWS OF THE FIESTA MEAN NOTHING
  • *
    • Wisdom is Not a Dump Stat
Re: ATTENTION: Attempted security attack discovered!
« Reply #27 on: February 17, 2011, 07:18:31 AM »
Oddly enough, I haven't gotten it again...

[09:46] <theshim|work> there is nothing like working for a real estate company to make one contemplate arson

Dormio Ergo Sum

  • MotK's Official Idlebot
  • *
  • I don't bite... much.
Re: ATTENTION: Attempted security attack discovered!
« Reply #28 on: February 17, 2011, 07:19:27 AM »
It happened again just now for me.
Guess I'll be changing my display name then.

Sophilia

  • Exposition Patchouli
  • Seeker of Truth
Re: ATTENTION: Attempted security attack discovered!
« Reply #29 on: February 17, 2011, 07:25:10 AM »
Just got me, and I hadn't had any problems before I changed my stuff.
Life and death are without purpose.  Our attempts to give them one are quite presumptuous of us.  But in the end, we exist, and that is enough.

Current status: Dissuading deliberately choking for imagined fame.