Unauthorized access attempts

Need the mods or admins to do something for you? Post here. Read the "About" post first.

Moderators: Moderators General, Prelates, Magistrates

User avatar
Belial
A terrible sound heard from a distance
Posts: 30450
Joined: Sat Apr 15, 2006 4:04 am UTC
Contact:

Unauthorized access attempts

Postby Belial » Thu Jul 16, 2009 1:15 pm UTC

It appears that someone has been trying to break into at least one account (and judging by the logs, quite a bit more than one) by trying to brute-force the password. Probably some kind of attack. So I'm taking this opportunity to remind everyone to make sure they have reasonably strong passwords (letters, numbers, and symbols if you can help it, and nothing that can be found in a dictionary) and to keep an eye out.

Also, if this happens to you, let us know here so we can keep an eye on what's happening. You'll know because your account will complain of too many login attempts despite you not trying to log in.

Thanks.
addams wrote:A drunk neighbor is better than a sober Belial.


They/them

User avatar
headprogrammingczar
Posts: 3072
Joined: Mon Oct 22, 2007 5:28 pm UTC
Location: Beaming you up

Re: Unauthorized access attempts

Postby headprogrammingczar » Thu Jul 16, 2009 1:19 pm UTC

Belial wrote:Also, if this happens to you, let us know here so we can keep an eye on what's happening. You'll know because your account will complain of too many login attempts despite you not trying to log in.

Isn't that a bit of a Catch-22? I would suggest having a forum-ite that you can contact outside of forums.xkcd.com.
<quintopia> You're not crazy. you're the goddamn headprogrammingspock!
<Weeks> You're the goddamn headprogrammingspock!
<Cheese> I love you

User avatar
Moo
Oh man! I'm going to be so rebellious! I'm gonna...
Posts: 6432
Joined: Thu Aug 16, 2007 3:15 pm UTC
Location: Beyond the goblin city
Contact:

Re: Unauthorized access attempts

Postby Moo » Thu Jul 16, 2009 1:21 pm UTC

Surely there is a "contact administrator" link on any pages that complain about your login?
Proverbs 9:7-8 wrote:Anyone who rebukes a mocker will get an insult in return. Anyone who corrects the wicked will get hurt. So don't bother correcting mockers; they will only hate you.
Hawknc wrote:FFT: I didn't realise Proverbs 9:7-8 was the first recorded instance of "haters gonna hate"

User avatar
Belial
A terrible sound heard from a distance
Posts: 30450
Joined: Sat Apr 15, 2006 4:04 am UTC
Contact:

Re: Unauthorized access attempts

Postby Belial » Thu Jul 16, 2009 2:08 pm UTC

And, you know, the contact address for the forums. But a lockout due to repeated login attempts eventually wears off.
addams wrote:A drunk neighbor is better than a sober Belial.


They/them

User avatar
apricity
almost grown-up but not quite
Posts: 3983
Joined: Fri Jan 26, 2007 9:28 am UTC

Re: Unauthorized access attempts

Postby apricity » Thu Jul 16, 2009 5:31 pm UTC

Should we make this into a global announcement?
LE4d wrote:have you considered becoming an electron

it takes just a little practice to learn to be
(she/her/hers)

User avatar
Belial
A terrible sound heard from a distance
Posts: 30450
Joined: Sat Apr 15, 2006 4:04 am UTC
Contact:

Re: Unauthorized access attempts

Postby Belial » Thu Jul 16, 2009 6:04 pm UTC

May as well, actually.
addams wrote:A drunk neighbor is better than a sober Belial.


They/them

User avatar
Aluminus
Posts: 1337
Joined: Sun Nov 04, 2007 7:51 pm UTC
Location: View From Space

Re: Unauthorized access attempts

Postby Aluminus » Thu Jul 16, 2009 6:15 pm UTC

This actually happened to me awhile ago. I was reading the forums and found that when I clicked orange "read latest posts" button, it wouldn't take me to where I left off. Then I found that there were people in my foe list whom I had not foed.
I contacted Belial about it, and I changed my password (as well as my passwords to other websites). Later that day. I was met with the "unauthorized access attempts" message, and then I knew that someone had been using my account without my permission.
fyrenwater wrote:Oh dear God, I just imagined this horrible scenario of a psychotic non-people-person running around, trying to steal the people-person section of people-peoples' brains to implant into their own brain.

User avatar
Seven
Tertiary Adjunct of Unimatrix Zero-One
Posts: 1964
Joined: Wed Oct 31, 2007 3:05 am UTC
Location: Classified

Re: Unauthorized access attempts

Postby Seven » Thu Jul 16, 2009 7:11 pm UTC

Password now changed and account steadily monitored!

User avatar
Wednesday
Posts: 901
Joined: Fri May 22, 2009 6:31 pm UTC
Location: Oakland, CA

Re: Unauthorized access attempts

Postby Wednesday » Thu Jul 16, 2009 9:03 pm UTC

Oh, hey, yeah definitely changing my password now. Thanks for letting us know about this.
Sexts From The Void wrote:i struggle to maneuver on a chessboard of dicks

User avatar
videogamesizzle
Posts: 358
Joined: Sat Oct 25, 2008 3:32 am UTC
Location: Rockford, IL
Contact:

Re: Unauthorized access attempts

Postby videogamesizzle » Thu Jul 16, 2009 10:03 pm UTC

Change'd. It'll probably die down soon. I don't think the fora has something worth putting that much time into breaking in.

Or maybe they're just dicks. That could be it.
Look at me still talking when there's SCIENCE to do!
Silvyr wrote:I fucking love cocaine. I wish I could buy it somewhere...

User avatar
fjafjan
THE fjafjan
Posts: 4766
Joined: Fri Oct 06, 2006 12:22 pm UTC
Location: Down south up north in the west of eastern west.
Contact:

Re: Unauthorized access attempts

Postby fjafjan » Fri Jul 17, 2009 1:08 am UTC

Yeah okey I am totally changing my password now. It'd be ... uhm, pretty bad if someone got my account afterall.
//Yepp, THE fjafjan (who's THE fjafjan?)
Liza wrote:Fjafjan, your hair is so lovely that I want to go to Sweden, collect the bit you cut off in your latest haircut and keep it in my room, and smell it. And eventually use it to complete my shrine dedicated to you.

sje46
Posts: 4730
Joined: Wed May 14, 2008 4:41 am UTC
Location: New Hampshire

Re: Unauthorized access attempts

Postby sje46 » Fri Jul 17, 2009 8:27 am UTC

It'll probably be best if you made a password like this turns out:
http://www.pctools.com/guides/password/
rather than things you think no one will guess.

Any ideas why they might be doing this?
General_Norris: Taking pride in your nation is taking pride in the division of humanity.
Pirate.Bondage: Let's get married. Right now.

User avatar
Belial
A terrible sound heard from a distance
Posts: 30450
Joined: Sat Apr 15, 2006 4:04 am UTC
Contact:

Re: Unauthorized access attempts

Postby Belial » Fri Jul 17, 2009 11:17 am UTC

I dunno. I figured spambots long ago figured out some sort of mystical way to monetize being dicks to people.
addams wrote:A drunk neighbor is better than a sober Belial.


They/them

User avatar
Box Boy
WINNING
Posts: 1356
Joined: Thu Nov 20, 2008 9:33 pm UTC

Re: Unauthorized access attempts

Postby Box Boy » Fri Jul 17, 2009 11:24 am UTC

My account seems fine, then again I use the same password for nearly everything so I should probobly change it.
Has anyone actually been hacked yet besides Aluminius?
Signatures are for chumps.

User avatar
ian
Posts: 706
Joined: Fri Mar 07, 2008 3:55 pm UTC
Location: Sealand

Re: Unauthorized access attempts

Postby ian » Fri Jul 17, 2009 11:33 am UTC

Um...
Spoiler:
Image


Using prosilver fwiw

User avatar
Box Boy
WINNING
Posts: 1356
Joined: Thu Nov 20, 2008 9:33 pm UTC

Re: Unauthorized access attempts

Postby Box Boy » Fri Jul 17, 2009 11:33 am UTC

Could you post what the picture is of?
It's a broken image for me.
Signatures are for chumps.

User avatar
ian
Posts: 706
Joined: Fri Mar 07, 2008 3:55 pm UTC
Location: Sealand

Re: Unauthorized access attempts

Postby ian » Fri Jul 17, 2009 11:37 am UTC

well that doesn't work

http://img208.imageshack.us/img208/807/huht.jpg

can't edit posts either

User avatar
headprogrammingczar
Posts: 3072
Joined: Mon Oct 22, 2007 5:28 pm UTC
Location: Beaming you up

Re: Unauthorized access attempts

Postby headprogrammingczar » Fri Jul 17, 2009 11:43 am UTC

Anywhere, or just in this thread?
Edit: never mind, forgot you could edit announcement posts
<quintopia> You're not crazy. you're the goddamn headprogrammingspock!
<Weeks> You're the goddamn headprogrammingspock!
<Cheese> I love you

User avatar
ian
Posts: 706
Joined: Fri Mar 07, 2008 3:55 pm UTC
Location: Sealand

Re: Unauthorized access attempts

Postby ian » Fri Jul 17, 2009 11:45 am UTC

It's gone back to normal now. How odd.

User avatar
Will
There are about a million things I can do from behind
Posts: 2256
Joined: Mon Sep 10, 2007 11:12 pm UTC
Location: St. Heraldwulf's Stone
Contact:

Re: Unauthorized access attempts

Postby Will » Fri Jul 17, 2009 2:28 pm UTC

Belial wrote:I dunno. I figured spambots long ago figured out some sort of mystical way to monetize being dicks to people.

Man, I got to find a way to get in on this shit.
Meaux_Pas: Is it fucking Taint Sunday or something?
liza: Screw y'all, I'm going to the moon

User avatar
SecondTalon
SexyTalon
Posts: 26508
Joined: Sat May 05, 2007 2:10 pm UTC
Location: Louisville, Kentucky, USA, Mars. HA!
Contact:

Re: Unauthorized access attempts

Postby SecondTalon » Fri Jul 17, 2009 3:22 pm UTC

I think it'd be pretty nifty if we kept this limited to conversations regarding whether or not a particular user is noticing the reported activity and so forth, what with it being a global sticky and all....

So, yeah.. Can the chatter, Red 5.
heuristically_alone wrote:I want to write a DnD campaign and play it by myself and DM it myself.
heuristically_alone wrote:I have been informed that this is called writing a book.

User avatar
scrovak
Posts: 784
Joined: Wed Jul 23, 2008 6:54 pm UTC
Location: Harford County, MD [USA]
Contact:

Re: Unauthorized access attempts

Postby scrovak » Sat Jul 18, 2009 10:41 am UTC

Sexy, I apologize if this is superfluous chatter but I feel it's appropriate advice... Delete if you wish.

The US DoD recomends a certain password strength for all employees that I find so effective, I use it on all my accounts. A minimum of 10 characters, with at least 2 uppercase letters, 2 lower case letters, 2 numbers, and 2 'special characters' for example @$&, etc.

Also, keep them guessing. Rotate; change your password every 90 days to 3 months...

For those whose password was aardvark, sucks to be you.
MrGee wrote:I would never eat a person. Have you seen the conditions they're raised in?
kapojinha wrote:You're amazing, which is why I'm going to marry you.

Angua wrote:coordinated baby attacks

User avatar
'; DROP DATABASE;--
Posts: 3284
Joined: Thu Nov 22, 2007 9:38 am UTC
Location: Midwest Alberta, where it's STILL snowy
Contact:

Re: Unauthorized access attempts

Postby '; DROP DATABASE;-- » Mon Jul 20, 2009 6:21 am UTC

I recommend KeePassX (I think the Windows version is just KeePass). Brute-force a 25-character random string, I dare you. :mrgreen:
Alternatively, just use passsentences instead of passwords. hey, triple s!
poxic wrote:You suck. And simultaneously rock. I think you've invented a new state of being.

User avatar
Gojoe
Posts: 3218
Joined: Wed Apr 30, 2008 12:45 pm UTC
Location: New Zealand!!!

Re: Unauthorized access attempts

Postby Gojoe » Mon Jul 20, 2009 6:25 am UTC

'; DROP DATABASE;-- wrote:I recommend KeePassX (I think the Windows version is just KeePass). Brute-force a 25-character random string, I dare you. :mrgreen:
Alternatively, just use passsentences instead of passwords. hey, triple s!
I agree with keepass, it is pretty badass. This however would not solve the problem with people unable to log in, due to people locking out their account. Yes they will not get access (hooray!) but it still causes annoyances to the user trying to login.
michaelandjimi wrote:Oh Mr Gojoe
I won't make fun of your mojo.
Though in this fora I serenade you
I really only do it to aid you.
*Various positive comments on your masculinity
That continue on into infinity*

Feeble accompanying guitar.

User avatar
dedalus
Posts: 1169
Joined: Fri Apr 24, 2009 12:16 pm UTC
Location: Dark Side of the Moon.

Re: Unauthorized access attempts

Postby dedalus » Mon Jul 20, 2009 7:53 am UTC

Bit of a risky solution, but if we could edit the forums so the lockout feature is ip-specific then that might help.
doogly wrote:Oh yea, obviously they wouldn't know Griffiths from Sakurai if I were throwing them at them.

User avatar
Moo
Oh man! I'm going to be so rebellious! I'm gonna...
Posts: 6432
Joined: Thu Aug 16, 2007 3:15 pm UTC
Location: Beyond the goblin city
Contact:

Re: Unauthorized access attempts

Postby Moo » Mon Jul 20, 2009 8:10 am UTC

I couldn't log in yesterday but my experience was different from those described thus far so I don't know if it's got anything to do with the access attempts (probably not). After hitting "log in" I'd get the screen that has a link to any new PMs, "view your posts" and redirects to the board index after x seconds. Using both links and leaving it to redirect all took me back to the login screen, every time.

I've logged in fine this morning and had no messages about too many login attempts but I'll put it down for the record just in case any of it is pertinent.
Proverbs 9:7-8 wrote:Anyone who rebukes a mocker will get an insult in return. Anyone who corrects the wicked will get hurt. So don't bother correcting mockers; they will only hate you.
Hawknc wrote:FFT: I didn't realise Proverbs 9:7-8 was the first recorded instance of "haters gonna hate"

Numzane
Posts: 447
Joined: Thu Mar 20, 2008 1:25 pm UTC
Location: South Africa

Re: Unauthorized access attempts

Postby Numzane » Mon Jul 20, 2009 11:40 am UTC

I've had that or a similar problem since forever, so it probably isn't related. If it is the same problem as I get, ticking the 'remember me' box gets around it.
*Often edits posts as soon as they're posted*

James while John had had had had had had had had had had had a better effect on the teacher.

User avatar
Wednesday
Posts: 901
Joined: Fri May 22, 2009 6:31 pm UTC
Location: Oakland, CA

Re: Unauthorized access attempts

Postby Wednesday » Mon Jul 20, 2009 3:42 pm UTC

Try deleting your cookies for forums.xkcd.com. I've found that happens in FireFox sometimes, and deleting the cookies always fixes it.
Sexts From The Void wrote:i struggle to maneuver on a chessboard of dicks

User avatar
InfamousAnarchist
Posts: 115
Joined: Wed Apr 01, 2009 8:25 pm UTC
Location: Yes and no.
Contact:

Re: Unauthorized access attempts

Postby InfamousAnarchist » Wed Jul 22, 2009 11:41 pm UTC

I think it happened to me today.

I usually always have the "remember me" box checked and Chrome has my password, but
[The following can be read to the tune of Amanda Palmer's "Oasis"]
Spoiler:
When I got to the forum,
they gave me a nice screen,
and I must not have been logged in
'cause I couldn't get my PMs. [or actually anything else. I wasn't logged in.]

When I got to the "login" page,
a Captcha (or sim'lar) was waiting
and it isn't my fault that
I had to reset my password. [because my old password wasn't working]

I've seen better days, but I don't care.
I got a shiny password in the mail!

When I put in my new password
after I entered the captcha, [and cleared my cookies/cache]
everything was all fine and dandy.
So I set a new password! I think it is different enough that

I won't have my account stolen by trolls
or spambots, zombie or who knows...

When the crisis was over
One thought was all over
I should tell the fora
in case that I broke
Except I hope that I didn't
And I think I'm still going

I've seen better days, but I don't care
I got a shiny password in the mail
Echochamber sent an email
It's timestamped and everything
Belial's gonna wet himself I swear...
sever every leg
amanda palmer please come home please

User avatar
Anubis
Posts: 222
Joined: Sun Mar 01, 2009 7:59 am UTC

Re: Unauthorized access attempts

Postby Anubis » Mon Jul 27, 2009 3:50 am UTC


User avatar
videogamesizzle
Posts: 358
Joined: Sat Oct 25, 2008 3:32 am UTC
Location: Rockford, IL
Contact:

Re: Unauthorized access attempts

Postby videogamesizzle » Tue Jul 28, 2009 4:53 pm UTC

I think it just happened to me. I tried to log in, and after typing everything correctly, it directed me to the "too many attempts" page.
Look at me still talking when there's SCIENCE to do!
Silvyr wrote:I fucking love cocaine. I wish I could buy it somewhere...

User avatar
Sruixan
Posts: 89
Joined: Sat Jan 10, 2009 5:40 pm UTC
Location: seaside or spires

Re: Unauthorized access attempts

Postby Sruixan » Thu Jul 30, 2009 5:57 pm UTC

I've just suffered an similar problem as InfamousAnarchist, except I needed two new passwords to get it to work properly. I'm now a little concerned as to my old password, which would've required a bit more than a dictionary search to crack, so it appears I need to run around changing all my passwords again...
This is, er, no offense but you are a robot, aren't you?
That's just, um, beautiful, beautiful beautiful... just beautiful.
One hot summer's night Lorraine said: "It's time for you to see the lighthouse"
Dr. Ivanovich, was it really necessary?

User avatar
Chfan
Posts: 2141
Joined: Sun Oct 19, 2008 10:26 pm UTC
Location: American East Coast

Re: Unauthorized access attempts

Postby Chfan » Sat Aug 01, 2009 1:25 pm UTC

I signed on yesterday and I was logged out for some reason. it might just have been Firefox being buggy, but I don't know.
Just FYI, the guy isn't avatar isn't me. But he seems pretty cool.

User avatar
Internetmeme
Posts: 1405
Joined: Fri Jul 25, 2008 3:16 pm UTC
Location: South Carolina, USA

Re: Unauthorized access attempts

Postby Internetmeme » Sat Aug 01, 2009 3:30 pm UTC

Doesn't sound like anything to worry about. It happens to me all the time in Firefox. Same thing happens if you click a link on the fora going to forums.xkcd.com in place of www.forums.xkcd.com. Same for www.forums.xkcd.com and forums.xkcd.com. I think it's something to do with a cookie being registered with only one address.
Spoiler:

apeman5291
Posts: 634
Joined: Sun Jun 17, 2007 12:19 am UTC
Location: Columbia, SC, USA
Contact:

Re: Unauthorized access attempts

Postby apeman5291 » Sat Aug 01, 2009 4:54 pm UTC

This hasn't happened to me, but a little while ago I coded a random string generator for the purpose of making pretty strong passwords. You can tell it what types of characters you want and how long you want the password, and it makes up stuff that's worked for me.

Also, I find that it's easier to have say 3 different strength passwords, and to categorize every site you have an account on onto a password. That way you memorize 3 random strings and then you can have an excel file that says "Facebook: level 1, paypal: level 3" etc, to keep track of which is which.

Anyway, here's my string generator:
Attachments
password_generator.zip
(21.65 KiB) Downloaded 134 times
What you don't understand, you can make mean anything.

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26726
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: Unauthorized access attempts

Postby gmalivuk » Wed Aug 05, 2009 11:40 pm UTC

A truly random string generator is not that great, because you either have to memorize a whole bunch of really difficult passwords or write them down or store them somewhere, which greatly reduces the security.

What I just discovered and have used to change some of my more important passwords (for my bank and sites that have my credit card information stored, for instance) is this password hasher (there's also a Firefox extension).

This allows you to use a master key along with site-specific strings to generate a strong password with specified characteristics. Then you can use that same html file with the same key and string and it'll give you the same password again. If you need to change, you can bump or just manually change the site-specific part, and it'll generate a new one for you.

For instance, using the very easy-to-remember xkcd as your site tag and masterkey as your master key, with the default options selected, you get the rather more difficult to guess UoS+V+5J as a result. Of course, I suggest using something that is also difficult to guess as your master key, else another person could assume you used xkcd and guess simple master keys, and then try each result as a login.

(Perhaps use a random string generator to make a difficult master key, and then work hard to memorize that, so you never have to write it down or store it anywhere or even transmit it online. Then use that one to generate all your others, and just hope that people trying to hack your account don't get ahold of you yourself and use enhanced interrogation techniques.)
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

User avatar
sparkyb
Posts: 1091
Joined: Thu Sep 06, 2007 7:30 pm UTC
Location: Camberville proper!
Contact:

Re: Unauthorized access attempts

Postby sparkyb » Thu Aug 06, 2009 12:29 am UTC

I have a pretty handy trick. I use nice and simple easy to remember passwords, but I move my hands up a row on the keyboard before I type them. That way they come out all random. I know how to type my password, but I couldn't actually even tell you what it is without looking at a keyboard. For instance, if I chose "landslide" (as just some random, easy to remember string) my password comes out to be "oqhewo8e3". If you throw in some capitalization then it gets even better (especially if you capitalize anything that is on the top row and becomes symbols instead of numbers). I guess it becomes slightly less secure as soon as anyone knows that's what you do. oops.

User avatar
cmd
Posts: 136
Joined: Thu Nov 20, 2008 5:05 pm UTC

Re: Unauthorized access attempts

Postby cmd » Thu Aug 06, 2009 3:23 am UTC

sparkyb wrote:I have a pretty handy trick. I use nice and simple easy to remember passwords, but I move my hands up a row on the keyboard before I type them. That way they come out all random. I know how to type my password, but I couldn't actually even tell you what it is without looking at a keyboard. For instance, if I chose "landslide" (as just some random, easy to remember string) my password comes out to be "oqhewo8e3". If you throw in some capitalization then it gets even better (especially if you capitalize anything that is on the top row and becomes symbols instead of numbers). I guess it becomes slightly less secure as soon as anyone knows that's what you do. oops.


I do this same thing :\

User avatar
netcrusher88
Posts: 2166
Joined: Mon Mar 26, 2007 4:35 pm UTC
Location: Seattle

Re: Unauthorized access attempts

Postby netcrusher88 » Fri Aug 07, 2009 3:19 pm UTC

There is a method of generating pronounceable password, basically by limiting the letters that can be used in a random string. I don't really understand how it works but Google knows a lot of pronounceable password generators. They're easier to remember if you can say them.
Sexothermic
I have only ever made one prayer to God, a very short one: "O Lord, make my enemies ridiculous." And God granted it. -Voltaire
They said we would never have a black president until Swine Flu. -Gears

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26726
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: Unauthorized access attempts

Postby gmalivuk » Fri Aug 07, 2009 3:22 pm UTC

Meh, certain random strings are easy enough to remember by their rhythm, even if it's not really a word you could ever pronounce normally.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)


Return to “Site/Forum issues”

Who is online

Users browsing this forum: No registered users and 5 guests