Advertisement:

Author Topic: Help~ Error Log - multiple attempts to access?  (Read 17237 times)

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Help~ Error Log - multiple attempts to access?
« on: January 04, 2011, 06:49:14 AM »
My error log shows a 70 year old member of my forum (known to me) trying to access his account multiple times every eight minutes and getting his password wrong. ???

I wrote to him and he wasn't even online. Checking again, the log-in IP addresses are all different! What is going on?


Guest
IP address 209.159.142.164
Today at 11:30 
session 6dfc5050bc113c1c707210ead9d36832
http://www.xxx.com/forum/index.php?action=login2
Password incorrect - T28trakgrip

Guest
IP address 192.251.226.205
Today at 11:22
session 105a0e649a593bc8df1dcfb3c5520529
http://www.xxx.com/forum/index.php?action=login2
Password incorrect - T28trakgrip
   
Guest
IP address 204.8.156.142 
Today at 11:14
df715b2ac5299b3e504d0c2f1699eee0
http://www.xxx.com/forum/index.php?action=login2
Password incorrect - T28trakgrip
   
Guest
IP address 109.169.29.56 
Today at 11:06
session 8c60ff88fda385ceaee4778883019407
http://www.xxx.com/forum/index.php?action=login2
Password incorrect - T28trakgrip


and so it goes on every eight minutes, all different IP addresses????

Help!
« Last Edit: January 04, 2011, 12:45:44 PM by willerby »
What type of washing machine is September?

An autumnatic. :)

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,149
Re: Help~ Error Log - multiple attempts to access?
« Reply #1 on: January 04, 2011, 07:32:42 AM »
looks like someone/something may be trying to hack into that account.

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Help~ Error Log - multiple attempts to access?
« Reply #2 on: January 04, 2011, 07:43:04 AM »
I can only imagine a spammer bot as its not an admin account. Do such things exist?

And why bother, I can block that username and reissue another even if it is successful.
What type of washing machine is September?

An autumnatic. :)

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,149
Re: Help~ Error Log - multiple attempts to access?
« Reply #3 on: January 04, 2011, 07:46:14 AM »
spammers will try whatever they can to get access to a forum and do their job. you could try giving that user a new name, in their profile and see if that helps. they dont need to be blocked and issued a new username.

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Help~ Error Log - multiple attempts to access?
« Reply #4 on: January 04, 2011, 09:07:11 AM »
Now that I am watching the error log, it is also happening to another member... again every eight minutes but this time a member who hasn't visited the site for a while...

Just been back in touch with Trakgrip, the member mentioned above and this activity is causing him grief as when he does log-in each time the spam-bot tries to log-in over the top of him and gets the password wrong the software disconnects him and he has to log-in legitimately again. Will switch his user ID and ban the current but others should be aware that this is potentially why error logs fill with incorrect password attempts...

F*&%£$g spammers

W
What type of washing machine is September?

An autumnatic. :)

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Help~ Error Log - multiple attempts to access?
« Reply #5 on: January 04, 2011, 09:30:19 AM »
Wait a minute... this doesn't make sense.

Why would a spam bot access a site every eight minutes and try and guess a password? It would take for ever.

Is it possibly a spoiling tactic for SMF forums eg. if the forum has limited password attempts set, that user would have to go through the process of regenerating a password? As differing IP addresses are used, is this some sort of replicable virus? I have no idea what is going on here, just guessing - can someone else throw any light on this?

W
What type of washing machine is September?

An autumnatic. :)

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Help~ Error Log - multiple attempts to access?
« Reply #6 on: January 04, 2011, 10:57:04 AM »
Having changed the user log-in names for two users affected, all incorrect password traffic has ceased and error log empty...
What type of washing machine is September?

An autumnatic. :)

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
What type of washing machine is September?

An autumnatic. :)

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Help~ Error Log - multiple attempts to access?
« Reply #8 on: January 05, 2011, 08:13:27 AM »
Not sure you guys are taking this seriously  :-\

This bot thing is relentless. I have so far banned 50 IP addresses and still it comes back with more, always trying to login as an existing user every eight minutes. At one point I am sure it used the IP address of a valid member - I banned the IP and then a regular user got locked out nd I had to delete that ban trigger... is that technically possible? I have no idea

I have implemented vbgamers Account Protection mod which allows users to specify IP addresses they want to use and blocks all others but this is a major undertaking for 3,000 members and severely restricts access to the site for users travelling / using variable IP addresses. If the above is correct, not sure how the mod will fare anyway.

If this replicates onto other forums you may need a better solution guys. Sorry...
What type of washing machine is September?

An autumnatic. :)

Offline Dermot

  • Semi-Newbie
  • *
  • Posts: 37
  • Gender: Male
    • @irishgaming2k on Twitter
    • Irish Gamers Community
Re: Help~ Error Log - multiple attempts to access?
« Reply #9 on: January 05, 2011, 08:25:40 AM »
This is also happening to me.

Most of the time they're trying to get my password

Code: [Select]

Guest
 192.251.226.205   
  Today at 05:08:29 AM
 8be39087360cb7fb4ce636834bec6efe
 Type of error: User
http://www.irish-gaming.net/index.php?action=login2Password incorrect - Dermot
Guest
 192.251.226.205   
  Today at 05:13:41 AM
 aba7be3d46c9690578ca848fd78848a1
 Type of error: User
http://www.irish-gaming.net/index.php?action=login2Password incorrect - Dermot
Guest
 199.48.147.44   
  Today at 05:19:15 AM
 8d907c3e694dbb30727a97d29909d4d4
 Type of error: User
http://www.irish-gaming.net/index.php?action=login2Password incorrect - Dermot
Guest
 199.48.147.43   
  Today at 05:24:44 AM
 77095c324535426cacf00a766f510caf
 Type of error: User
http://www.irish-gaming.net/index.php?action=login2Password incorrect - Dermot
Guest
 193.198.207.8   
  Today at 05:29:56 AM
 3f43ab408658a9d18a8aaa7445d3d59e
 Type of error: User
http://www.irish-gaming.net/index.php?action=login2Password incorrect - Dermot
Guest
 81.218.219.122   
  Today at 05:35:35 AM
 2ad9636c356f62082ec3c1f3fa24a4e3
 Type of error: User
http://www.irish-gaming.net/index.php?action=login2Password incorrect - Dermot
Guest
 86.61.72.185   
  Today at 05:41:00 AM
 cc138110dd76d2265ff938996ee67b0f
 Type of error: User
http://www.irish-gaming.net/index.php?action=login2Password incorrect - Dermot
Guest
 87.236.194.191   
  Today at 05:46:20 AM
 c6a8b09e9bd61eb8cb4501a7de34ec1d
 Type of error: User

The IP keeps changing and it keeps cutting off my session, aka every fail they get i have to relogin.

It's annoying.

Offline willemjan

  • Full Member
  • ***
  • Posts: 671
  • Gender: Male
  • Dutch and proud
Re: Help~ Error Log - multiple attempts to access?
« Reply #10 on: January 05, 2011, 08:26:31 AM »
Please don't spam the forum with all those posts. I think this is indeed serious, and gave a hint to the support crew.

kat

  • Guest
Re: Help~ Error Log - multiple attempts to access?
« Reply #11 on: January 05, 2011, 08:39:37 AM »
Could just be script-kiddies trying to hack in.

They're obviously failing, so why worry?

Anyone can see your member's usernames.

That's step one they have sorted.

All they need, is their password. That's why it's good to have a fairly complicated password.

So, they try a load and, when they've exhausted that, they try someone else.

I guess it would help, a bit, if members have different display names to their actual usernames.

Not sure about that, though.

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Help~ Error Log - multiple attempts to access?
« Reply #12 on: January 05, 2011, 08:48:20 AM »
It's not the hacking its the constant logging out of a member who is legitimately online that is the issue. Each time they fail, the member gets logged out - not a great user experience.

Apologies for the previous posts, just needed some sort of response that this was on the radar
What type of washing machine is September?

An autumnatic. :)

kat

  • Guest
Re: Help~ Error Log - multiple attempts to access?
« Reply #13 on: January 05, 2011, 09:03:43 AM »
You might solve that, by getting him to change his display name.

Offline IchBin™

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,115
  • Gender: Male
  • I don't speak German.
Re: Help~ Error Log - multiple attempts to access?
« Reply #14 on: January 05, 2011, 10:00:53 AM »
This really is nothing to worry about. The logout problem might be able to be dealt with, but there's no need to panic about a bot trying to login. These types of things literally happen thousands of times on my server and forum every day. As long as you have strong passwords you shouldn't have to worry about them getting in.
IchBin™        TinyPortal
Coding Guidelines       


Offline Remorker

  • Jr. Member
  • **
  • Posts: 178
Re: Help~ Error Log - multiple attempts to access?
« Reply #16 on: January 05, 2011, 01:51:42 PM »
1st Maybe he has a dynamic IP address, and accidentally logged every eight minutes.

2nd Maybe it comes to malicious bot?

-Remorker
« Last Edit: January 05, 2011, 03:04:43 PM by Remorker »

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Help~ Error Log - multiple attempts to access?
« Reply #17 on: January 05, 2011, 04:19:32 PM »
Not sure if this is helpful, but after 24 hrs I seem to have stemmed the flow of log-out problems by banning each IP address as it appears. They appear to be limited in number and randomly used with some much more prevalent than others

For the benefit of others, they are:

 81.218.219.122
 199.48.147.35
 208.66.135.190
 109.169.29.56
 82.228.252.20
 213.112.111.205
 199.48.147.45
 199.48.147.41
 192.251.226.206
 80.62.217.18
 213.239.192.229
 174.36.199.202
 95.143.193.145
 83.226.245.207
 92.9.221.213
 192.251.226.205
 199.48.147.42
 174.36.199.200
 195.71.226.87
 74.106.17.110
 173.193.221.28
 155.239.155.200
 92.241.184.106
 68.71.46.138
 199.48.147.39
 174.138.169.218
 178.63.246.164
 178.78.255.254
 199.48.147.43
 83.170.92.9
 174.36.199.201
 94.75.253.73
 89.208.237.70
 89.253.105.39
 204.8.156.142
 83.142.228.14
 78.42.9.166
 71.244.55.170
 62.141.53.224
 199.48.147.36
 199.48.147.38
 209.159.142.164
 188.40.51.2
 199.48.147.40
 91.213.50.235
 83.220.133.86
 24.247.220.16
 193.198.207.8
 79.136.50.205
 87.126.133.230
 217.19.50.77
 83.168.210.55
 71.198.26.88

At this point, the automated log-ins are no longer getting through despite repeated attempts. Hope this helps others facing this problem.

W
What type of washing machine is September?

An autumnatic. :)

kat

  • Guest
Re: Help~ Error Log - multiple attempts to access?
« Reply #18 on: January 05, 2011, 04:25:54 PM »
I just checked-out ten, or so, of those IPs, at http://www.projecthoneypot.org.

Every one is a confirmed Spamtard.

For what it's worth, I've found this to be useful in the fight against bots.

http://english-72682862726.spampoison.com/

Offline Dermot

  • Semi-Newbie
  • *
  • Posts: 37
  • Gender: Male
    • @irishgaming2k on Twitter
    • Irish Gamers Community
Re: Help~ Error Log - multiple attempts to access?
« Reply #19 on: January 05, 2011, 08:35:04 PM »

Well yeah i noticed it's not a bad issue if you have a decent strength password

However having a lot of users who play arcade which need sessions to stay before they finish game to score right, it's annoying.

you spend 15 mins playing a game to find some bot killed your session and you lose that big score, not good.

I've implemented some suggestions, we'll see how they go.

Recaptcha support
Spam poison hook
Safehop support
httpBL

Thanks folks :)