Web Wiz - Green Windows Web Hosting

  New Posts New Posts RSS Feed - Malicious activity
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Malicious activity

 Post Reply Post Reply
Author
Ancient_one View Drop Down
Newbie
Newbie


Joined: 31 July 2003
Location: United Kingdom
Status: Offline
Points: 27
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ancient_one Quote  Post ReplyReply Direct Link To This Post Topic: Malicious activity
    Posted: 07 May 2011 at 2:58pm
Hello everyone.

I have hosted a registered WebWiz forum on my www.Age-Net.co.uk site for a number of years.  Currently it is V9.54

Following some recent unpleasant behaviour I suspended one of our members.  Since then it seems the site has been targeted by malicious behaviour which involves forum members finding their password no longer works and they then have to apply for a new one which may again fail after a successful login.  I think I can see how it is being done (password flooding?) and it is irritating and time consuming rather than dangerous. 

Is there anything which can be done to stop this happening please?

Kind regards,

Bob
(The Ancient One)
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2011 at 9:36am
There is no 'Password Flooding' as you call it in Web Wiz Forums.

After 3 unsuccessful login attempts the user is required to enter a CAPTCHA security image to login. This prevents autmated bots from brute force hacing accounts, however it does not change the users password.

You can use the forgotten password feature to request a new password be emailed to you if you forget your password. When this is used the password is sent to the members mailbox.

If you are finding passwords are being changed and the member is not receiving a forgotten password email then I would check who has moderator rights in your forums as moderators are able to update user passwords. This is the only way passwords could be being changed.
Back to Top
Ancient_one View Drop Down
Newbie
Newbie


Joined: 31 July 2003
Location: United Kingdom
Status: Offline
Points: 27
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ancient_one Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2011 at 11:21am
Thanks Bruce,

Sorry, I failed to explain the problem clearly enough.  The site is suffering from a malicious attack which targets individual members.  Their login fails and they find that they need to request a new password.  That function works perfectly and the new password is sent to their e-mail address.  This allows them to log in again, but within hours this also fails ("three unsuccessful attempts have been made") and they then have to repeat the process.  This is repeated numerous times - some members more often than others.

I know that members do sometimes lose or forget passwords, but these are all long term members  who have not previously suffered anything like this.  Since it is also happening to my own site access, I do know that the attacks are genuine.

I appreciate that the passwords themselves are not being hacked - not that there would be any advantage in doing that on a community site like ours - but it is hugely time wasting and causing a great deal of aggravation.

The way it is being done seems fairly obvious (I didn't describe it on an open forum) but is there some work-around which could prevent it?

Any suggestions will be appreciated.

Kind regards,

Bob
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2011 at 12:14pm
After 3 unsuccessful login attempts the user is required to enter a CAPTCHA security image to login, however this does NOT change the password and they still use their original password to login, but with the addition of needing to also fill in the CAPTCHA image.

For example:-

1. Malicious user attempts 3 unsuccessful login attempts
2. Real member returns to forum and goes to login
3. They submit their login but due to the 3 unsuccessful logins the form is returned with the additional CAPTCHA image
4. They submit the login again, but this time giving the CAPTCHA security image as well

I think what might be happening is that as the login form is coming back asking for the CAPTCHA to be filled in your members are reading it wrong and thinking their login has failed, when in fact they just need to supply the additional CAPTCHA code to login.

If their passwords are actually changed and they have not received a forgotten password email, you need to look at your permissions as the only way for passwords to be changed, besides the forgotten password tool, is by an admin or moderator.


Edited by WebWiz-Bruce - 09 May 2011 at 12:21pm
Back to Top
Ancient_one View Drop Down
Newbie
Newbie


Joined: 31 July 2003
Location: United Kingdom
Status: Offline
Points: 27
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ancient_one Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2011 at 12:49pm
Thank you Bruce I will post that information on the site. 

I assume that there is no way to prevent the malicious activity other than to wait for the person involved to give up and go elsewhere?

Thanks again - Nobody said life was easy Smile

Bob
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2011 at 12:55pm
Version 10 which will be released in beta this week will have an option to completely turn off CAPTCHA for login or set it much higher. This would limit the problem that you are presently having.

If the person doing it has a static IP which should be seen from their posts from when they were a member you could ask your host if their is a way to block that IP from accessing your website.
Back to Top
Ancient_one View Drop Down
Newbie
Newbie


Joined: 31 July 2003
Location: United Kingdom
Status: Offline
Points: 27
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ancient_one Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2011 at 1:08pm
Thanks Bruce - I will upgrade to V10 when available.  I think simply setting the CAPTCHA image call much higher would be sufficient to deter this person.

Kind regards,

Bob
Back to Top
onlinestudent View Drop Down
Groupie
Groupie
Avatar

Joined: 09 September 2009
Location: India
Status: Offline
Points: 101
Post Options Post Options   Thanks (0) Thanks(0)   Quote onlinestudent Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2011 at 1:04pm
What I hink is some user is doing password request with user name

for password request email (and not user name) should be entered
or a confirmation email is sent before resetting the password....

this should solve this issue
thanks

Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.


Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.