Announcement

**Jazz P Bass** · 02-20-2015, 04:09 PM

Spammer.
https://cleantalk.org/blacklists/183.222.159.228

**David King** · 02-20-2015, 05:48 PM

Are you saying I should change my password to something other than "password"?

**eschertron** · 02-20-2015, 05:58 PM

Originally posted by David King View Post

Are you saying I should change my password to something other than "password"?

Mine's "12345". Easy to remember. I also have that on my luggage

**big_teee** · 02-20-2015, 07:13 PM

I got that same thing last month.
http://music-electronics-forum.com/t38648/

**salvarsan** · 02-20-2015, 07:19 PM

I got some MEF failed login notices, too. Tboy steers a good ship, I'd say.

Used to have a Microsoft account, password was "FOADBill"

In other news, Steve Ballmer's departure from Microsoft was
broadly viewed as an instance of non-surgical penis reduction.

**DialtonePickups** · 02-21-2015, 12:53 AM

Originally posted by 12xu View Post

I got an email notification that someone tried to use my password incorrectly 5 times.

I did a trace route....somewhere along the way 183.222.159.228 goes through China Mobile.

Probably bots looking to spam the forum.

Really? That's so random. Why this forum?

**Jazz P Bass** · 02-21-2015, 01:27 AM

"That's so random"?
Exactly.
It's a random spambot attack.

Check out this 'Blacklist' of Spambots.
Web-sites spam activity database

**Audiotexan** · 02-21-2015, 01:32 AM

Originally posted by DialtonePickups View Post

Really? That's so random. Why this forum?

Some bots are "indiscriminate". That is, they literally hit everything in sight, and if the correct protocol is encountered, and they get a reply, then it cues up an 'auto-password attack'. At least that's my understanding.

**Jazz P Bass** · 02-21-2015, 01:16 PM

Banned Bad Bots at last count:Bad Bots user-agent / bot

**Joe Gwinn** · 02-21-2015, 01:34 PM

Spambots and the like basically rattle doorknobs until they find an unlocked door.

A typical mechanism is to pair a common name with a commonly used password, and just keep trying.

Now we have the names we have, so the best defense is a reasonably good password, reasonably good meaning not in any password list, or in the dictionary.

An effective pattern is worda-number-wordb, where worda and wordb are common but different words, and number is two decimal digits. Worda and wordb need not be in the same language.

Because we are trying to keep a bot out, the choice of words does not need to be particularly clever, and probably should not be. For instance, "magnet77thrill" would be essentially bot-proof.

**big_teee** · 02-21-2015, 02:26 PM

There are password generators.
I have one built into my linux OS.
Here's one on line.
Strong Random Password Generator

**Joe Gwinn** · 02-21-2015, 03:09 PM

Originally posted by big_teee View Post

There are password generators.
I have one built into my linux OS.
Here's one on line.
Strong Random Password Generator

Here is an example: "Mm@Tnv&)MNn2W[,". You must have far better memory than I.

**big_teee** · 02-21-2015, 03:31 PM

I only do the random passwords for financial sites, then I write them down.
For Here I use words and numbers with some Upper and lower case.
Good Enough.

**Joe Gwinn** · 02-21-2015, 08:55 PM

Originally posted by big_teee View Post

I only do the random passwords for financial sites, then I write them down.
For Here I use words and numbers with some Upper and lower case.
Good Enough.

I don't access financial sites by computer, as it's pretty easy to get hacked. (I do use credit cards over the internet, but I'm protected by US Federal Law here.)

The big danger is mostly that one will click on the wrong URL and get infected with malware like a credential collector. When this happens, it does not matter how good the password is, it will be compromised.

Announcement

Attempted login...from china?

Attempted login...from china?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment