Originally Posted by
Munch
I was unable to login at all during the latter half of the 16th and all day on the 17th. This morning (18th), I was finally able to login using a new PW/reset.
I have attempted at least 4 password resets.
After each reset, I used the M4C email's embedded link to attempt to change the PW. After the initial attempt, I received the multiple login failures warning and 15 minute time out.
I sent an email to M4C staff. The staff provided me with an IP address. A trace early on the 17th indicated a dynamic IP address/computer in Leesville, LA. In the afternoon, a trace indicated a static IP address assigned to the web hosting corporation Lunar Pages in Anaheim,CA.
I wonder if our User IDs have been compromised. The M4C site has been experiencing problems the last few days; site off line and many users unable to login. The type of problem associated with inability of many members to log in during the last 36 hours period would indicate some sort of nefarious activity by unknown person(s) or a problem with M4C host/server. If there were continuous attempts to login using a User ID, I suspect the M4C server was being subject to a Brute Force Attack. Especially if many User IDs were experiencing this problem. And, such could explain why the M4C site was periodically going down since Sunday.
I saw no indication of spoofing.
No doubt, Gunshot and Archer have access to Admin tools provided by the host to analyze server activity. Does the host provide you with tools to analyze potential web site attacks or do you need to contact the provider? Either case, it should be relatively easy to see if the web site has experienced unusual activity.
I have had absolutely no other problems with any other web site requiring a login, email accounts or anything else with my i5 MacBook Pro running behind software/hardware firewalls. Everything is healthy on my end.
In so far as passwords, an 8 character, human generated password using upper and lower case, numbers and One special character can be broken in seconds with internet available software by a person acting unethically and possibly illegally. Best to use a random PW generator; MIT has a good one.