Maximum Logins Exceeded

Important forum announcements.
User avatar
Keith Robinson
Site Administrator
Posts: 723
Joined: 05 Apr 2005, 22:06
Location: Georgia, USA
Contact:

Maximum Logins Exceeded

Post by Keith Robinson »

I understand that a number of users are getting this message lately. Basically, you go to log in and find a message saying that "you've exceeded the maximum number of login attempts," and then you're prompted to go through the visual verification screen.

Why is this happening?

As I saw written somewhere else, "The reason this is happening is that an automated script is being run on infected computers scanning for phpBB forums, and then attempting to log in to them by using brute force dictionary attacks. In other words, the scripts are scanning memberlists for usernames and trying to guess people's passwords by running through huge lists of common words to see which work."

(Don't be too worried about the mention of infected computers. It's more likely that the memberlist has been snatched by a spammer, entered into their auto-spamming program, and run from somewhere on the internet.)

What happens if they get in?

Once the correct username/password is figured out, the spammer might come back another time and start posting spam messages in your name. By spam messages, I mean anything from links to Viagra websites, porn, or just nonsense that seems to serve no purpose.

Should a member be concerned about his or her password?

Make sure your password is strong -- ie, not easily guessable, and not a word you'd find in a dictionary. Imagine if I knew your username. To find your password, I could run a program that enters every word in the dictionary, starting from A, and if there were no limits to the number of times I could try, I would reach Z in fairly short order. If your password is a dictionary word, I'd be in. Make sure to mix it up a little. Even adding a number to the end of the word makes it much more difficult to guess.

What can the administrators do about it?

Not a lot, I'm afraid. The number of login attempts is set to 3. This is plenty for the average user; you have three attempts to get your password right, and after that you have to go through visual verification as well. (Maybe there's a "locked" period? I can't remember.) The thing is, I could easily set the maximum number of login attempts to 10 or 20 or 5000, but the spammer's program will still whip through that number in record time and the result would be the same, only with a much bigger load on the server. So it will remain at 3.

Is there anything that can be done to avoid the problem?

Yes -- stay logged in. You have the option (on login) to be "remembered." There's absolutely no need to log out; your profile is perfectly safe in its "logged in" state even if you don't visit the forums for a month. The ONLY thing you have to worry about is an unauthorized person using your computer. Obviously that person could post on your behalf if you're still logged in. But other than that, there's no danger -- so stay logged in. If you find that you have to log in each time you visit even though you always check the "stay logged in" or "remember me" checkbox, then maybe your browser is deleting cookies when you close it. In which case, change your browser's settings so it doesn't delete cookies.

Yesterday I tried enabling a feature that checks user IP addresses against a blacklist, thinking that maybe spammers' IP addresses would be blocked. But straight away it blocked a genuine Blytonite, just because her IP address had (innocently) been added to a blacklist somewhere. Maybe someone in her IP range is actually a spammer; unfortunately all the others in that range are blacklisted too. So I disabled this feature again.

Well, that's all for now. Spammers, eh? They should be thrown into the coal cellar! :evil:
User avatar
Aurélien
Posts: 3205
Joined: 21 Oct 2008, 22:10
Favourite book/series: Book: The Boy Next Door / Series: Famous Five
Favourite character: Noddy
Location: Auckland, New Zealand

Re: Maximum Logins Exceeded

Post by Aurélien »

:) Thanks, Keith. You do lead an interesting life. :shock:

Cheers,

'Aurélien Arkadiusz' :)
User avatar
Eddie Muir
Posts: 14566
Joined: 13 Oct 2007, 22:28
Favourite book/series: Five Find-Outers and Dog
Favourite character: Fatty
Location: Brighton

Re: Maximum Logins Exceeded

Post by Eddie Muir »

Thanks for this invaluable information, Keith. :)
'Go down to the side-shows by the river this afternoon. I'll meet you somewhere in disguise. Bet you won't know me!' wrote Fatty.

Society Member
User avatar
Lucky Star
Posts: 11484
Joined: 28 May 2006, 12:59
Favourite book/series: The Valley of Adventure
Favourite character: Mr Goon
Location: Surrey, UK

Re: Maximum Logins Exceeded

Post by Lucky Star »

I am permanently logged in. To the extent that I once forgot my own password when I tried to log in on another set whilst on holiday. :lol: It is indeed much handier. Thanks for all the info and for looking after us so well Keith. :D
"What a lot of trouble one avoids if one refuses to have anything to do with the common herd. To have no job, to devote ones life to literature, is the most wonderful thing in the world. - Cicero

Society Member
User avatar
Keith Robinson
Site Administrator
Posts: 723
Joined: 05 Apr 2005, 22:06
Location: Georgia, USA
Contact:

Re: Maximum Logins Exceeded

Post by Keith Robinson »

Aurélien wrote::) Thanks, Keith. You do lead an interesting life. :shock:
Hehe. The thing is, in my spare time I paraglide, bungee jump, and work on an alligator farm. I just don't want to bore people with those anecdotes...
User avatar
Julie2owlsdene
Posts: 15244
Joined: 24 Jul 2007, 20:15
Favourite book/series: F.F. and Mystery Series - Five get into Trouble
Favourite character: Dick
Location: Cornwall

Re: Maximum Logins Exceeded

Post by Julie2owlsdene »

Thanks for the info Keith. I also tried to stay logged on but when I came out of the site I had to log back in again, so at least now I know what that little problem is and can alter my settings so it doesn't delete the cookies.

8)
Julian gave an exclamation and nudged George.
"See that? It's the black Bentley again. KMF 102!"

Society Member
User avatar
Fiona1986
Posts: 10527
Joined: 01 Dec 2007, 15:35
Favourite book/series: Five Go to Smuggler's Top
Favourite character: Julian Kirrin
Location: Dundee, Scotland
Contact:

Re: Maximum Logins Exceeded

Post by Fiona1986 »

Thanks for the info Kieth! I was wondering what was up. I do stay logged on my laptop at home, and I do the same on my iPhone though still need to log in every few days on my phone (and have gotten that message on my phone a few times in the last week or so). Shall need to check a dictionary to see if my password would be in there now!!
"It's the ash! It's falling!" yelled Julian, almost startling Dick out of his wits...
"Listen to its terrible groans and creaks!" yelled Julian, almost beside himself with impatience.


World of Blyton Blog

Society Member
User avatar
Timmylover2
Posts: 70
Joined: 23 Feb 2012, 08:13
Favourite book/series: Five on Billycock hill, The secret Island, Fami
Favourite character: Julian, Peggy, Jack, Bets

Re: Maximum Logins Exceeded

Post by Timmylover2 »

Keith Robinson wrote:... The ONLY thing you have to worry about is an unauthorized person using your computer. Obviously that person could post on your behalf if you're still logged in.
... ... ...
Spammers, eh? They should be thrown into the coal cellar! :evil:
Well, I visit the forums ONLY on my first-generation iPad (ouch, it's HEAVY!) which goes with me everywhere I go, rather like Timothy with George.
Image
has posted this.
lwindrush
Posts: 191
Joined: 14 May 2012, 23:45
Favourite book/series: Famous five of course!
Favourite character: Dick, he is so me
Location: Teesside

Re: Maximum Logins Exceeded

Post by lwindrush »

I used to work on an IT helpdesk "have you tried turning it off and on again?"
and the number of people who used PASSWORD as there password was unbelievable.
User avatar
MJE
Posts: 2534
Joined: 15 Nov 2006, 12:24
Favourite book/series: Famous Five series
Favourite character: George; Julian; Barney
Location: Victoria, Australia
Contact:

Re: Maximum Logins Exceeded

Post by MJE »

     Some years ago I came across a web page which contained a list of a few hundred words, which claimed that something like 80 percent of passwords consisted of one of the words on the list. I'm pretty sure "password" was one of them.
     Also, very oddly I thought, the composers Beethoven and Rachmaninov were both on the list also - which made me wonder why those composers' names were relatively popular as passwords.
     I once used a composer's name as a password - a far more obscure composer than most people are likely to have heard off, but it wasn't just the surname alone - and I have abandoned it now. I don't think even anyone who knows me very well would guess the one I often use now. (It isn't a composer's name, and also uses non-letter characters - so if anyone wants to crack my account, don't bother trying a music dictionary attack on my password.)

Regards, Michael.
Society Member
User avatar
Moonraker
Posts: 22387
Joined: 31 Jan 2005, 19:15
Location: Wiltshire, England
Contact:

Re: Maximum Logins Exceeded

Post by Moonraker »

I never understand why people use a word as a password. It only (usually) has to be a combination of characters. For example, you could use IWILIB as a password - it is an acronym for I Wish I Lived In Bangladesh. I use this as an example, it isn't one of my passwords! You can also use other characters, for example: @unCLeqUenTIn@ . It'd be difficult to crack that one!
Society Member
User avatar
MJE
Posts: 2534
Joined: 15 Nov 2006, 12:24
Favourite book/series: Famous Five series
Favourite character: George; Julian; Barney
Location: Victoria, Australia
Contact:

Trouble keeping track of passwords.

Post by MJE »

Moonraker wrote:I never understand why people use a word as a password.
     I assume it's because most people find a word easier to remember.
Moonraker wrote:It only (usually) has to be a combination of characters. For example, you could use IWILIB as a password - it is an acronym for I Wish I Lived In Bangladesh.
     Yes, but you might then remember it wrongly as "I wish I could visit Bangladesh" (IWICVB) (or was it "I would like to visit Bangladesh" (IWLTVB)?), or "I wish I lived in Pakistan" (IWILIP) - and so on. And thus it might be difficult to remember accurately.
     I have used the same password for different things only too often, as probably most people do, even though experts advise that not only should you use a totally different password for everything, but you should also change each one every few weeks or months. Believe me, it is difficult to keep track of them all even if you don't change them very often. Aware of this, I tried adopting a system of varying them, and it is very difficult to remember especially the ones you use less often - I can quite understand why some people get lazy about this.
Moonraker wrote:I use this as an example, it isn't one of my passwords! You can also use other characters, for example: @unCLeqUenTIn@ . It'd be difficult to crack that one!
     That example follows advice often given to mix cases of letters and to introduce non-letter and non-number characters. But that makes passwords far harder and slower to type, especially for non-touch-typists. I am a touch typist, but I would find a password like that a thorough nuisance if I had to use it several times a day.
     I don't know what the ideal answer is, though. A properly secure system would be quite unworkable in practice for many people.

Regards, Michael.
Society Member
User avatar
Moonraker
Posts: 22387
Joined: 31 Jan 2005, 19:15
Location: Wiltshire, England
Contact:

Re: Maximum Logins Exceeded

Post by Moonraker »

Soon a finger print will suffice, making passwords obsolete.
Society Member
User avatar
MJE
Posts: 2534
Joined: 15 Nov 2006, 12:24
Favourite book/series: Famous Five series
Favourite character: George; Julian; Barney
Location: Victoria, Australia
Contact:

Re: Maximum Logins Exceeded

Post by MJE »

     Then we'll have crooks bailing people up and using a butcher's knife or machete to hack their hands or fingers off to use to get through fingerprint-controlled doors or computer accounts. There could be a down-side to the use of fingerprints as a password substitute.

Regards, Michael.
Society Member
User avatar
Daisy
Posts: 16632
Joined: 28 Oct 2006, 22:49
Favourite book/series: Find-Outers, Adventure series.
Location: Stoke-On-Trent, England

Re: Maximum Logins Exceeded

Post by Daisy »

What a cheerful thought! :roll:
'Tis loving and giving that makes life worth living.

Society Member
Post Reply