Malicious activity
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=29306
Printed Date: 01 April 2026 at 12:20pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Malicious activity
Posted By: Ancient_one
Subject: Malicious activity
Date Posted: 07 May 2011 at 2:58pm
|
Hello everyone. I have hosted a registered WebWiz forum on my www.Age-Net.co.uk site for a number of years. Currently it is V9.54 Following some recent unpleasant behaviour I suspended one of our members. Since then it seems the site has been targeted by malicious behaviour which involves forum members finding their password no longer works and they then have to apply for a new one which may again fail after a successful login. I think I can see how it is being done (password flooding?) and it is irritating and time consuming rather than dangerous. Is there anything which can be done to stop this happening please? Kind regards, Bob (The Ancient One) |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 09 May 2011 at 9:36am
|
There is no 'Password Flooding' as you call it in Web Wiz Forums. After 3 unsuccessful login attempts the user is required to enter a CAPTCHA security image to login. This prevents autmated bots from brute force hacing accounts, however it does not change the users password. You can use the forgotten password feature to request a new password be emailed to you if you forget your password. When this is used the password is sent to the members mailbox. If you are finding passwords are being changed and the member is not receiving a forgotten password email then I would check who has moderator rights in your forums as moderators are able to update user passwords. This is the only way passwords could be being changed. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Ancient_one
Date Posted: 09 May 2011 at 11:21am
|
Thanks Bruce, Sorry, I failed to explain the problem clearly enough. The site is suffering from a malicious attack which targets individual members. Their login fails and they find that they need to request a new password. That function works perfectly and the new password is sent to their e-mail address. This allows them to log in again, but within hours this also fails ("three unsuccessful attempts have been made") and they then have to repeat the process. This is repeated numerous times - some members more often than others. I know that members do sometimes lose or forget passwords, but these are all long term members who have not previously suffered anything like this. Since it is also happening to my own site access, I do know that the attacks are genuine. I appreciate that the passwords themselves are not being hacked - not that there would be any advantage in doing that on a community site like ours - but it is hugely time wasting and causing a great deal of aggravation. The way it is being done seems fairly obvious (I didn't describe it on an open forum) but is there some work-around which could prevent it? Any suggestions will be appreciated. Kind regards, Bob |
Posted By: WebWiz-Bruce
Date Posted: 09 May 2011 at 12:14pm
|
After 3 unsuccessful login attempts the user is required to enter a CAPTCHA security image to login, however this does NOT change the password and they still use their original password to login, but with the addition of needing to also fill in the CAPTCHA image. For example:- 1. Malicious user attempts 3 unsuccessful login attempts 2. Real member returns to forum and goes to login 3. They submit their login but due to the 3 unsuccessful logins the form is returned with the additional CAPTCHA image 4. They submit the login again, but this time giving the CAPTCHA security image as well I think what might be happening is that as the login form is coming back asking for the CAPTCHA to be filled in your members are reading it wrong and thinking their login has failed, when in fact they just need to supply the additional CAPTCHA code to login. If their passwords are actually changed and they have not received a forgotten password email, you need to look at your permissions as the only way for passwords to be changed, besides the forgotten password tool, is by an admin or moderator. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Ancient_one
Date Posted: 09 May 2011 at 12:49pm
|
Thank you Bruce I will post that information on the site. I assume that there is no way to prevent the malicious activity other than to wait for the person involved to give up and go elsewhere? Thanks again - Nobody said life was easy  Bob |
Posted By: WebWiz-Bruce
Date Posted: 09 May 2011 at 12:55pm
|
Version 10 which will be released in beta this week will have an option to completely turn off CAPTCHA for login or set it much higher. This would limit the problem that you are presently having. If the person doing it has a static IP which should be seen from their posts from when they were a member you could ask your host if their is a way to block that IP from accessing your website. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Ancient_one
Date Posted: 09 May 2011 at 1:08pm
|
Thanks Bruce - I will upgrade to V10 when available. I think simply setting the CAPTCHA image call much higher would be sufficient to deter this person. Kind regards, Bob |
Posted By: onlinestudent
Date Posted: 10 May 2011 at 1:04pm
|
What I hink is some user is doing password request with user name for password request email (and not user name) should be entered or a confirmation email is sent before resetting the password.... this should solve this issue thanks |