9 Mar
2014
9 Mar
'14
5:19 p.m.
Over the past few weeks, the portal has been subject to several brute force attacks on
random usernames. In the past few days some accounts have been compromised because they
used weak passwords. The attackers didn't do anything with any of the compromised
accounts, it was most likely a script collecting valid usernames & passwords for later
use.
As a result I have tightened up security and some accounts will tell you that you need to
verify your email address when you try to login. Please follow the link to have the
verification email sent to you, then follow the instructions in the email when you receive
it.
Due to the enhanced security you will notice a CAPTCHA appears if you get your password
wrong a few times, if you continually get your password wrong, the response time for the
login process will get longer - this is intentional.
It would help greatly if you could use a strong password, one that is at least 12
characters in length and contains a mixture of letters, numbers and punctuation
characters, no "real" words and no "numbers instead of letters", e.g.
"numb3r".
Thanks,
Chris
9 Mar
9 Mar
6:40 p.m.
On Sun, 2014-03-09 at 22:19 +0000, Chris scripted:
(Please trim inclusions from previous messages)
_______________________________________________
Over the past few weeks, the portal has been subject to several brute force attacks on
random usernames. In the past few days some accounts have been compromised because they
used weak passwords. The attackers didn't do anything with any of the compromised
accounts, it was most likely a script collecting valid usernames & passwords for later
use.
This has been occurring across certain subnets of 44/8 for at least 8-10
months that I know of. Recently it's been so horrible I almost was
tempted to shut down. 100,000+ frames/min brute force attacks on spoofed
IPs were too much to handle. Most of it was udp 53 and tcp 80, with an
occasional icmp frame tossed in for good luck along with a few on 443.
Local iptables rules weren't enough because the frames were still
getting to the main server here. Installing rules at the router was the
only help. They're too fast and furious.
From what I can tell they've moved onto 44.154/16
at this moment.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
8:43 p.m.
Another option would be to add 2-factor authentication using TOTP.
(Time based One Time Passwords).
Users could use either Google Authenticator or Micorsoft's
Here is a link to some php code to implement it.
http://pablophg.net/2013/06/11/google-authenticator/
On Sun, Mar 9, 2014 at 5:19 PM, Chris <chris(a)g1fef.co.uk> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Over the past few weeks, the portal has been subject to several brute force attacks on
random usernames. In the past few days some accounts have been compromised because they
used weak passwords. The attackers didn't do anything with any of the compromised
accounts, it was most likely a script collecting valid usernames & passwords for later
use.
As a result I have tightened up security and some accounts will tell you that you need to
verify your email address when you try to login. Please follow the link to have the
verification email sent to you, then follow the instructions in the email when you receive
it.
Due to the enhanced security you will notice a CAPTCHA appears if you get your password
wrong a few times, if you continually get your password wrong, the response time for the
login process will get longer - this is intentional.
It would help greatly if you could use a strong password, one that is at least 12
characters in length and contains a mixture of letters, numbers and punctuation
characters, no "real" words and no "numbers instead of letters", e.g.
"numb3r".
Thanks,
Chris
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
--
Neil Johnson
http://erudicon.com
10 Mar
10 Mar
4 a.m.
Another option would be to add 2-factor authentication
using TOTP.
(Time based One Time Passwords).
Indeed, but the RSAsecure fobs are quite expensive and other methods, such as sending
OTP’s via SMS have their own issues, i.e. everyone would have to have a mobile phone /
cellphone. You can get software to run on PC’s to generate the TOTP’s but that just means
everyone would have to install software on their desktop, etc.
In a commercial organisation that has a 24hr helpdesk and money to pay for these things,
OTP or TOTP are great security tools and I have used several of them on past projects, but
I get enough emails requesting help on a simple username/password login system and I’m not
getting paid ;-)
Users could use either Google Authenticator or
Micorsoft’s
No thanks, it’s not good practice to rely on third party services, especially free ones.
They have a habit of changing / disappearing and any network issue between our server and
theirs stops anyone from logging in. You also have the issues I mentioned above, i.e. for
Google every user would need a smartphone with the Google app, not everyone has a
smartphone!
Thanks for the suggestions though :)
Chris
Here is a link to some php code to implement it.
http://pablophg.net/2013/06/11/google-authenticator/
On Sun, Mar 9, 2014 at 5:19 PM, Chris <chris(a)g1fef.co.uk> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Over the past few weeks, the portal has been subject to several brute force attacks on
random usernames. In the past few days some accounts have been compromised because they
used weak passwords. The attackers didn't do anything with any of the compromised
accounts, it was most likely a script collecting valid usernames & passwords for later
use.
As a result I have tightened up security and some accounts will tell you that you need to
verify your email address when you try to login. Please follow the link to have the
verification email sent to you, then follow the instructions in the email when you receive
it.
Due to the enhanced security you will notice a CAPTCHA appears if you get your password
wrong a few times, if you continually get your password wrong, the response time for the
login process will get longer - this is intentional.
It would help greatly if you could use a strong password, one that is at least 12
characters in length and contains a mixture of letters, numbers and punctuation
characters, no "real" words and no "numbers instead of letters", e.g.
"numb3r".
Thanks,
Chris
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
--
Neil Johnson
http://erudicon.com
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
3912
days inactive
3913
days old
3 comments
3 participants
participants (3)
-
Brian -
Chris -
Neil Johnson