PDA

View Full Version : Forum under attack ?



zikzak
26 September 2013, 0106
Since 10 hours I receive an email about someone trying to guess my password.
Every hour 5 tries are performed and teh IP is banned for 15 minutes.

Do the admins are aware of it ?

I'll change my password to something stronger than the actual as soon as I can find where to do so with the new layout of the settings.

___
26 September 2013, 1528
I've been getting this too. I'd be careful about changing the password through the site, though. There's no https protection on the settings page, which means you're transmitting your password out in the open. There's a greater risk of your new password being intercepted than of brute forcing even a weak password.

EV_Scoot
27 September 2013, 0217
:O

Hugues
27 September 2013, 0349
chill down girls, LOL
if you use a userid and password on elmoto that you don't use anywhere else, then what's the risk if it really gets intercepted ?
they would post things on your behalf ?
majority of users post with nickname and no location anyway,
so what is really the risk LOL

teddillard
27 September 2013, 1138
I can say right now, if there are any posts where I'm being a jackass, or agreeing with Noah about idealogical issues, or both, then I've been hacked. My apologies in advance. :D

podolefsky
27 September 2013, 1621
Ted, I think you mean if you're not being a jackass...otherwise yeah.

teddillard
27 September 2013, 1649
lol!


https://www.youtube.com/watch?v=9CkKuA86Mis

robo
27 September 2013, 2014
I'm looking at the "who's online" and I see at least four new users with pretty unconventional names...viewing all of their profiles shows them in the "registering" state at the moment.

ElMotoMike
27 September 2013, 2126
I've been getting this too. I'd be careful about changing the password through the site, though. There's no https protection on the settings page, which means you're transmitting your password out in the open. There's a greater risk of your new password being intercepted than of brute forcing even a weak password.

Setting up the https (SSL) as we speak. Hopefully it will stop this **** from happening. Goddamn hackers.

EV_Scoot
27 September 2013, 2316
Setting up the https (SSL) as we speak. Hopefully it will stop this **** from happening. Goddamn hackers.

DigiCert perhaps? Apparently they do certificates at fair prices.

http://www.digicert.com/

ElMotoMike
28 September 2013, 0024
DigiCert perhaps? Apparently they do certificates at fair prices.

http://www.digicert.com/

Already done painlessly through ElMoto's hosting provider, thank you though.

EV_Scoot
28 September 2013, 0447
No problem.

Now see what you can do about those banners sitting over the logon section at the top of the page.

teddillard
28 September 2013, 0455
wow. Seriously?

http://www.elmoto.net/showthread.php?3170-THANKS-MIKE!&highlight=mike

EV_Scoot
28 September 2013, 0512
4999

Happens in Chrome and IE, but they don't appear at all in FireFox

teddillard
28 September 2013, 0528
Yeah, I was talking about the attitude. 4 posts, three of which complaining about the forum, and not one "please" or "thank you".

FWIW, Mike does this site work all by himself, and he has what passes as a day job. A little appreciation from a first time poster would be swell.

EV_Scoot
28 September 2013, 0539
How about helping Mike, by reporting the issues that affect users?

I've run a forum too and it's not easy. The forum I was using required lots of modification to get running the way people wanted, then when ever an update came out, you had to re-apply all the modifications. While I was applying these modifications, people would complain about this or that.

Mike is doing a great job. Forum looks neat and tidy and is responsive in FF,IE and Chrome. The only issue is that it makes it hard to logon when there is a massive banner hovering over the logon fields. Makes it hard to contribute when you can't login.

ElMotoMike
28 September 2013, 1322
Ok, so heres the latest. Although an SSL (the "https" thing) has been purchased and applied to the site, it wont be 100% functional yet because of all the links to external images and such. I am looking to see what I can do to embed these images into ElMoto to solve this problem.

UPDATE - Ok, done. Let me know if you all find any problems. I'm gonna go drink now.

EV_Scoot
28 September 2013, 2245
AWESOME Mike!

Working nicely at my end.

That's a massive improvement. You have that well deserved drink.

SplinterOz
29 September 2013, 1530
working great!! thanks for your effort.

EV_Scoot
29 September 2013, 1819
The HTTPS is now gone.

Oh well.

UPDATE: It's back! Woot.

ElMotoMike
01 October 2013, 1507
I was wrong.

I just discovered that, as of now, only part of the site is considered encrypted by the SSL/https. This is mostly due to all the external links. I will keep the encryption on because it is doing SOME good, but I will have to continue searching for a solution to cover the site completely. Just fyi.

SplinterOz
01 October 2013, 1646
It appears like the mobile version of the site does not work under https either.
Thanks for all your effort.

NonPolluter
27 October 2015, 2229
Since early 2000's at the height of the Zappy scooter fad, hackers also wrecked other electric scooter-related forums; or, co-opted them, and the new admins censor all the good info, but let dis-information through.

Stevo
28 October 2015, 0915
These are the ONLY cool hackers on this planet:https://www.google.com/search?q=MX+sidehack+pics&client=browser-ubuntu&hs=4q&sa=G&channel=fe&hl=en&tbm=isch&tbo=u&source=univ&ved=0CB0QsARqFQoTCJ398J3I5cgCFYLKPgodmxsHvw&biw=1301&bih=673