Results 1 to 12 of 12

Thread: Notice re Failed Login Attempts

  1. #1
    Groundskeeping Dept. SWCAdmin's Avatar
    Join Date
    Sep 2005
    Location
    DC area pogue.
    Posts
    1,841

    Default Notice re Failed Login Attempts

    Some Council members are contacting us because they received a notification from the board as follows....
    Subj: Failed Login Notification on Small Wars Council

    Someone has tried to log into your account on Small Wars Council with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

    The person trying to log into your account had the following IP address:
    We have looked into this issue and are continuing to try to get in front of it. It's a filthy e-world we live in.

    Enough users were getting these nuisance notifications that I have made a global change. It used to be that an unregistered user could see most things but had to register to post. Now you need to be logged in to see anything. That should prevent bots from trolling for usernames. We'll see if this is a temporary or permanent change.

    There is clearly some funny business going on with a fairly unsophisticated attack. Basically, a web crawler or human is knocking on the front door of your account to see if it is unlocked. We have not seen any evidence that anyone's account has been been breached. You are right to take notice and be a little concerned. However, these system-generated notifications are sort of a backwards reminder that security measures are in place and are working -- the door was locked.

    If you have a strong password on your account, we believe you are secure. If you want to tighten that up a bit, you can change your password in the Edit Your Details section of the User Control Panel.

    FYI, we already have commercial IP blacklist security implemented, but that is centered on new account registration and posting, i.e. once they open the door. We are adding the offending IP addresses to an additional manual blacklist as they are identified, to try to stop the board software from even serving the front door up to be knocked on. Unfortunately, there are lots of different IP addresses involved. It's what those internet pests do.

    We continue to consult with better-at-this-than-me folks to review what has been going on and vet our security protocols. We're up to date on security patches, etc. Bottom line:


    Last edited by SWCAdmin; 03-03-2015 at 02:03 PM. Reason: Updated for what we know now.

  2. #2
    Groundskeeping Dept. SWCAdmin's Avatar
    Join Date
    Sep 2005
    Location
    DC area pogue.
    Posts
    1,841

    Default

    We're continuing to get a trickle of these front door probes from various IP addresses. Our forum software is up to date with its security patches. We are manually blocking bot IP addresses as they present themselves, but that's a reactive measure. We already blacklist IPs, but the package for doing that is oriented to new account registrations, not existing account entries.

    All the resources we've consulted suggest this is just something that happens in the e-world, and that as long as you have a decent password your account is fine there is no cause for concern. We're working with some technical folks to see how to be more proactive. We still have no indication that any account has been accessed. The alerts members are receiving are indications that the basic security measures are working.

  3. #3
    Groundskeeping Dept. SWCAdmin's Avatar
    Join Date
    Sep 2005
    Location
    DC area pogue.
    Posts
    1,841

    Default

    We have received about two dozen of these multiple failed login attempts over the last two weeks or so.

    We have added all the offending IP addresses to our list of IPs that are banned from viewing the board at all. Almost all of them were unique and originating in various Asian countries. We have a much larger commercial blacklist of IPs, but that doesn't kick in until the login or registration attempt is successful at first.

    We have consulted with several security folks who kicked our tires and confirmed that our appropriate controls are in place, up to date, and working. This is just something that happens in this pesky e-world.

    Again, sorry for the nuisance to those who are being pinged. The advice in the first post here about having a good password and marching on continues to be the most sound and actionable intel we have found.

  4. #4
    Groundskeeping Dept. SWCAdmin's Avatar
    Join Date
    Sep 2005
    Location
    DC area pogue.
    Posts
    1,841

    Default

    I updated the first post with new info.

  5. #5
    Registered User
    Join Date
    May 2010
    Posts
    5

    Default Technical Q

    Has anyone else here recently had their account temporarily frozen by someone, not themselves, submitting incorrect password guesses?

  6. #6
    Registered User
    Join Date
    May 2010
    Posts
    5

    Default

    Quote Originally Posted by email to me
    Dear Invictus_88,

    Someone has tried to log into your account on Small Wars Council with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

    The person trying to log into your account had the following IP address: 91.213.8.235

    All the best,
    Small Wars Council
    Quote Originally Posted by search on iplocation.net
    91.213.8.235 :: Ukraine :: Luhans'ka Oblast :: Luhans'k
    Which is interesting because Luhansk is one of the territories held by pro-Russian forces. Anyone else had this problem? If so, the site managers should probably flag it up.

  7. #7
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    13,366

    Default SWC is aware

    Invictus_88,

    This issue was flagged up a few months ago and widely read. Please view this thread:http://council.smallwarsjournal.com/...ad.php?t=21736

    I know via PM(s) that this problem continues, although minus knowledge of where the IP address is shown as located.
    davidbfpo

  8. #8
    Registered User
    Join Date
    May 2010
    Posts
    5

    Default

    I did have a quick look around but didn't find the thread you refer to and so I posted my own here. Thank you for linking me in though.

    Interesting that they're from all over rather than just Luhansk.

  9. #9
    Registered User
    Join Date
    Nov 2010
    Location
    Sydney, NSW, Australia
    Posts
    2

    Default Alleged false log in attempts

    On 11 July 2015 I too received the following message purporting to be from the Small Wars Council:

    Dear Tasmanian Devil,

    Someone has tried to log into your account on Small Wars Council with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

    The person trying to log into your account had the following IP address: 178.175.131.194

    All the best,
    Small Wars Council

    A check with iplocation.net idicates the ip address given is allegedly Trabia-network Data Center, Chisnau, Moldova Republic.

    Regards.

    Tasmanian Devil.

  10. #10
    Registered User
    Join Date
    Sep 2010
    Posts
    1

    Default

    Quote Originally Posted by Invictus_88 View Post
    I did have a quick look around but didn't find the thread you refer to and so I posted my own here. Thank you for linking me in though.

    Interesting that they're from all over rather than just Luhansk.
    I received a notice as well, and my IP (94.23.6.131) was located to OVH in France, which is a popular hosting company to use for nefarious actions. They do very little to verify identity.

    Also, they're from all over because that's how a distributed cyber attack works.

  11. #11
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    13,366

    Default

    Another member reports activity with an IP address that is ostensibly in Sweden, but has several anti-spam website alerts: 178.16.208.56
    davidbfpo

  12. #12
    Council Member davidbfpo's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    13,366

    Default Wider context?

    For those interested in the possible conext for such attempts please view the main Ukraine military thread, where Outlaw 09 has posted three posts on the issues:http://council.smallwarsjournal.com/...=22315&page=54

    I have accordingly deleted the three posts here.
    davidbfpo

Similar Threads

  1. Contractors Doing Combat Service Support is a Bad, Bad Idea
    By SWJED in forum PMCs and Entrepreneurs
    Replies: 104
    Last Post: 07-26-2010, 08:19 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •