Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: NOTICE: Passwords

  1. #1
    Join Date
    Aug 2001
    Location
    Fort Wayne, IN, USA
    Posts
    27,246

    Default NOTICE: Passwords

    If you have a dreadfully simple password (which VB suggests only 27 out of 7000 here do), now would be a good time to change it.

    It seems that someone has tried to access an account by entering the wrong password 5 times or more. This is a first here at 3dB. Someone from the same IP address has attempted to do the same at other forums as well.

    If you are logged in, click on the Settings tab in the upper right hand corner of this page. That will take you to the settings page. In the column on the left side of that page, there is a box called MY SETTINGS. Under the heading MY SETTINGS, there is a tab for EDIT EMAIL AND PASSWORD. You can change your password there.

    We are taking steps to ban the IP address that attempted to access someone's account. I just wanted to make you all aware.
    Lynn Fuston
    3D Audio

    Making beautiful music SEEM easy since 1979.

  2. #2
    Join Date
    Nov 2004
    Location
    Europe
    Posts
    2,566

    Default

    I'd like to take the opportunity to remind the members of 3dB that although every member can choose his/her individual password, this password should comply to some standards. If someone for example decided to use a simple password like "qwerty" or even "password", there is not much we can do from preventing an account of being easily cracked.

    Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to correctly guess it. The strength of a password is a function of length, complexity, and randomness.

    A good advice is to use a 12+ combination of characters, letters, numbers and symbols.

    If you have a strong password there is no need to worry. 3dB is pretty well protected against "brute force" attacks.

    Best regards
    Andreas Lassak
    SoundDesign Studio

    It's maddening: As soon as I make it right - it suddenly works!

  3. #3
    Join Date
    Sep 2001
    Location
    Birmingham, Alabama
    Posts
    951

    Default

    Please check out this link. It shows the 10 most common passwords on Gawker. DON'T even think of using any of these.

    http://www.quickonlinetips.com/archi...r-media-users/
    John Whitmer

    "They didn't want it good, they wanted it Wednesday."
    --Robert A. Heinlein

  4. #4
    Join Date
    Jan 2004
    Location
    Franklin, TN
    Posts
    14,647

    Default

    Quote Originally Posted by John Whitmer View Post
    Please check out this link. It shows the 10 most common passwords on Gawker. DON'T even think of using any of these.

    http://www.quickonlinetips.com/archi...r-media-users/
    monkey???
    Todd Robbins
    TX3 Productions, Inc.
    www.toddro.com

  5. #5
    Join Date
    Jan 2004
    Location
    Franklin, TN
    Posts
    14,647

    Default

    Quote Originally Posted by 3daudioinc View Post
    If you have a dreadfully simple password (which VB suggests only 27 out of 7000 here do), now would be a good time to change it.

    It seems that someone has tried to access an account by entering the wrong password 5 times or more. This is a first here at 3dB. Someone from the same IP address has attempted to do the same at other forums as well.

    If you are logged in, click on the Settings tab in the upper right hand corner of this page. That will take you to the settings page. In the column on the left side of that page, there is a box called MY SETTINGS. Under the heading MY SETTINGS, there is a tab for EDIT EMAIL AND PASSWORD. You can change your password there.

    We are taking steps to ban the IP address that attempted to access someone's account. I just wanted to make you all aware.
    I'll bet this is a disgruntled member who has recently announced he/she is leaving and now he/she is trying to seek revenge on a member. Will you be notifying the member whose account was targeted?
    Todd Robbins
    TX3 Productions, Inc.
    www.toddro.com

  6. #6
    Join Date
    Aug 2001
    Location
    Fort Wayne, IN, USA
    Posts
    27,246

    Default

    Quote Originally Posted by Todd Robbins View Post
    I'll bet this is a disgruntled member who has recently announced he/she is leaving and now he/she is trying to seek revenge on a member. Will you be notifying the member whose account was targeted?
    Two things. I searched the user database and the IP address is not one that was used by anyone who has registered here. So 1) It's likely not a member or ex-member, rather it's someone trolling.

    2) It was the member who someone attempted to hack that notified me. If you have never received a notice that says

    "Someone has tried to log into your account on 3dB with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

    The person trying to log into your account had the following IP address: 199.48.147.45

    All the best,
    3dB"
    then you needn't worry. This is also the first time I've ever heard of it happening here at 3dB.
    Lynn Fuston
    3D Audio

    Making beautiful music SEEM easy since 1979.

  7. #7
    Join Date
    Aug 2001
    Location
    Fort Wayne, IN, USA
    Posts
    27,246

    Default

    John Whitmer's take (excerpted from a PM):

    More than likely, it's a bot that's crawling through pages and extracting user IDs and then trying to log in using the most common passwords, hoping that one of them is an admin account. Happens all the time.
    The evidence that the same thing has happened at other unrelated sites, from a PM from a different user:

    There have been multiple tries at other sites:
    http://www.forumopolis.com/showpost....94&postcount=3
    Andreas also notes (excerpt from a PM):

    Ok, let's look closely at this issue.

    Let's suppose someone finds a way to get the password of a member. What's the worst that could happen if a members account is compromised? This fake-member can edit posts of the original user of this account. He also could change the password of the original user. That's about it.

    This said.

    vBulletin seems to be pretty well protected against "brute force" attacks. If someone cannot get their password right after 5 tries, then there's a timeout of 15 minutes. So in the end I'd say this "attack" isn't nice but not really dramatic.

    Although it's a good opportunity to remind the users, that they are responisble to choose a password for their account that should comply some standards as mentioned above: (12+ characters, letters, numbers, symbols).
    So in summary, I have strengthened my ADMIN password, you will be notified if anyone tries to access your account unsuccessfully more than 5 times in a row, and know that I am doing everything I can to keep the data and personal info contained here at 3dB safe for today and future generations.

    "If this had been an actual emergency you would have been instructed on where to tune for instructions. We now return you to the regularly scheduled programming."

    [For our overseas friends, this is the tag from the interrupts on commercial TV and radio by the American EBS, Emergency Broadcast System.]
    Lynn Fuston
    3D Audio

    Making beautiful music SEEM easy since 1979.

  8. #8
    Join Date
    Jan 2004
    Location
    Franklin, TN
    Posts
    14,647

    Default

    Quote Originally Posted by 3daudioinc View Post
    Two things. I searched the user database and the IP address is not one that was used by anyone who has registered here. So 1) It's likely not a member or ex-member, rather it's someone trolling.

    2) It was the member who someone attempted to hack that notified me. If you have never received a notice that says



    then you needn't worry. This is also the first time I've ever heard of it happening here at 3dB.
    Yeah - that same IP is all over the internet as the source of multiple attacks - this one via a ski boat forum:

    Apparently someone has been trying to log into my TO account...
    The message from TO.com said they are at IP 199.48.147.45. This address is assigned to "Formless Networking" in San Francisco.
    Todd Robbins
    TX3 Productions, Inc.
    www.toddro.com

  9. #9
    Scott Fraser is offline Gold Club Member (1000+ posts)
    Join Date
    Jan 2007
    Location
    Los Angeles
    Posts
    2,347

    Default

    Quote Originally Posted by Todd Robbins View Post
    monkey???
    lifehack???

    Scott Fraser

  10. #10
    Join Date
    Aug 2001
    Location
    Fort Wayne, IN, USA
    Posts
    27,246

    Default

    Quote Originally Posted by Todd Robbins View Post
    monkey???
    I've always found monkey123 to be far more secure, personally.
    Lynn Fuston
    3D Audio

    Making beautiful music SEEM easy since 1979.

Page 1 of 2 12 LastLast

Similar Threads

  1. Do the players ever notice?
    By OTRMastering in forum Asides (a parenthetical departure; a digression)
    Replies: 1
    Last Post: 01-12-2008, 02:22 AM
  2. Just in case you didn't notice...
    By 3daudioinc in forum Microphones and Preamps
    Replies: 1
    Last Post: 06-12-2004, 02:59 PM
  3. NOTICE: Down for maintenance
    By 3daudioinc in forum The Old Yellow Board
    Replies: 0
    Last Post: 02-07-2004, 05:08 PM
  4. Notice that we haven't heard from Dan recently...
    By Tim Farrant in forum The Old Yellow Board
    Replies: 5
    Last Post: 01-20-2003, 12:53 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •