Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: Failed Logins

  1. #21
    Join Date
    Feb 2008
    Location
    Culpeper, VA
    Posts
    6,313
    Feedback Score
    26 (100%)
    Quote Originally Posted by TXBob View Post
    Alright I am threadjacking my thread back to the original intent.

    (1)I attempted to login on Saturday but received a failed login notification that I had exceeded my limit. Since this was in fact my first attempt to login, I was suspicious.
    (2)I received an email from m4carbine.net stating that someone had tried to login as me from an address that wasn't my address.
    (3)Even after waiting the required 15 minutes, than 24, now 72 hours, my original password did not work.
    (4)After changing my password via the forums (using incidentally the password that was not being accepted) I can now login, but still have no explanation from #1,2,3.
    I think you should consider that malicious or otherwise, it often takes a few days if not longer to figure out what has happened after an incident.

    Secondarily, consider that you might not be entitled to a full explanation.

    Third, if you were smart, you would have simply recognized that something bad was going on, either malicious or otherwise, and simply stayed away until it got figured out.

    Bad shit happens on the internet all the time, at a rate that would boggle your mind. Expecting the forum moderators to spend their lives working to figure out a problem for which they get no pay, isn't really reasonable. They aren't cyber security experts, they're mods. I know you might think of them as all knowing gods, but the truth is a bit less grandiose.

    I'm sure that when they know, and they decide it's something they want to disclose (consistent with local laws), they will.
    It is bad policy to fear the resentment of an enemy. -Ethan Allen

  2. #22
    Join Date
    Feb 2011
    Location
    Dallas, TX
    Posts
    467
    Feedback Score
    0
    All right, I dunno what bug flew up your butt, but your post is anything but helpful and downright condescending.

    I originally posted this as I suspected I might not be the only one afflicted by this.

    I have not demanded an full explantion, but it would be nice if a simple "Change your password--phishing scam" confirmation were posted.

    I recognized this right off the bat as a phishing scam and then posted the details of such. Contrary to popular belief not all the unwashed masses are simpletons and some of us do have some experience in this area.

    And then you come in here like a 1000 bull in a china shop swinging your fake balls around to do nothing about the situation but inflame things.

    Well played.

    I simply wanted to get the focus off the "change your password via this IP" which was an obvious scam and get more info on the failed logins and what caused them and if there was anything to do about it or not. Far be it from some of us to be concerned about the site security and pass along helpful details to the user base and staff.

  3. #23
    Join Date
    Feb 2011
    Posts
    19
    Feedback Score
    0

    Tapatalk only

    I can change my password from a computer & tapatalk will let me in for a few minutes then i get the incorrect login thing again but only with tapatalk

  4. #24
    Join Date
    Feb 2008
    Location
    Culpeper, VA
    Posts
    6,313
    Feedback Score
    26 (100%)
    Quote Originally Posted by TXBob View Post
    All right, I dunno what bug flew up your butt, but your post is anything but helpful and downright condescending.
    No bug at all...which one flew up your butt? You know what, I'm tired, I'm sorry your feelings got hurt. It certainly wasn't my intent but it's also been a long weekend and if I was a bit terse it's because your last post was more than a little petulant that you hadn't received immediate notification as to what was occurring, or answers to your question...even though it had been a little more than 48 hours since things started going wonky. Just step away from the computer for a while, it's not the end of the world to go without M4C for a few days.

    I'm always amazed that people when people don't get immediate answers to their questions on demand they feel as though they're being slighted or ignored when it might take a few days to even get any answer, let alone a correct one.

    If you're going to surf the internet, it behooves everyone to learn a few basic tools that allow you to do so securely. It isn't even hard to spoof an official looking email that directs you to "reset" your password.

    If your password isn't being accepted and you're getting a lot of behavior you're not familiar with (i.e. emails telling you someone is trying to log into your account), this would be what you call a clue. Trying to force the issue, by repeatedly re-entering your password or keep trying the same thing and expecting a different result is pointless in the case of something accidental and probably a recipe for disaster in the case of something malicious.
    Last edited by Gutshot John; 10-17-11 at 19:15.
    It is bad policy to fear the resentment of an enemy. -Ethan Allen

  5. #25
    Join Date
    Nov 2009
    Location
    VA
    Posts
    561
    Feedback Score
    4 (100%)
    well after 2 days i can now log in but the site is going slow as hell but im happy to be able to log back in. I did use that link that was provided a yesterday but figured not too after i really thought about it. I did receive alot of emails that a certain IP address was trying to log in on my account with the log password. But it was me but the IP address wasnt mine and i wasnt using the link provided before. I have no idea what the hell that was about but any way Staff any news on what the hell was going on. Was the member that provided that link been banned and reported ?
    DEATH SMILES AT US ALL, ALL WE CAN DO IS SMILE BACK

  6. #26
    Join Date
    Jun 2006
    Location
    NoVA
    Posts
    5,963
    Feedback Score
    12 (100%)
    I have no reason to believe that the IP address was provided maliciously. Fact of the matter is, users should be using www.m4carbine.net to get to the site -- unless you personally do the legwork to vet the IP address that you are being instructed, or told, works.

    Sometimes the worst happens when people believe things that are innocently offered. Which is why I stated, no fewer than three times, to only use our url --> www.m4carbine.net

    I couldn't make it any clearer.

    The internet is risky, our site is paying a pretty penny, apparently, to try and make the site more useable, and more secure each day. There is someone, "who" is open to interpretation, who likes to try and impede our operation.

    We will not provide full disclosure of what we're doing, but we are trying to make it better, and always looking for better security.

    When we feel there is a worthwhile update, one will be posted. Otherwise, please use the site if it's available, and enjoy your time here. If you can not navigate here via www.m4carbine.net, we apologize in advance.

    Thanks.
    "I'm not saying I invented the turtleneck. But I was the first person to realize its potential as a tactical garment. The tactical turtleneck! The... tactleneck! - Sterling Archer"
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    "Courage is not the absence of fear, but rather the judgment that something else is more important
    than one's fear. The timid presume it is lack of fear that allows the brave to act when the timid do not."

  7. #27
    Join Date
    Jul 2008
    Posts
    55
    Feedback Score
    0
    I was unable to login at all during the latter half of the 16th and all day on the 17th. This morning (18th), I was finally able to login using a new PW/reset.

    I have attempted at least 4 password resets.

    After each reset, I used the M4C email's embedded link to attempt to change the PW. After the initial attempt, I received the multiple login failures warning and 15 minute time out.

    I sent an email to M4C staff. The staff provided me with an IP address. A trace early on the 17th indicated a dynamic IP address/computer in Leesville, LA. In the afternoon, a trace indicated a static IP address assigned to the web hosting corporation Lunar Pages in Anaheim,CA.

    I wonder if our User IDs have been compromised. The M4C site has been experiencing problems the last few days; site off line and many users unable to login. The type of problem associated with inability of many members to log in during the last 36 hours period would indicate some sort of nefarious activity by unknown person(s) or a problem with M4C host/server. If there were continuous attempts to login using a User ID, I suspect the M4C server was being subject to a Brute Force Attack. Especially if many User IDs were experiencing this problem. And, such could explain why the M4C site was periodically going down since Sunday.

    I saw no indication of spoofing.

    No doubt, Gunshot and Archer have access to Admin tools provided by the host to analyze server activity. Does the host provide you with tools to analyze potential web site attacks or do you need to contact the provider? Either case, it should be relatively easy to see if the web site has experienced unusual activity.

    I have had absolutely no other problems with any other web site requiring a login, email accounts or anything else with my i5 MacBook Pro running behind software/hardware firewalls. Everything is healthy on my end.

    In so far as passwords, an 8 character, human generated password using upper and lower case, numbers and One special character can be broken in seconds with internet available software by a person acting unethically and possibly illegally. Best to use a random PW generator; MIT has a good one.
    Last edited by Munch; 10-18-11 at 07:24.

  8. #28
    Join Date
    Feb 2009
    Location
    KCMH
    Posts
    2,796
    Feedback Score
    0
    Quote Originally Posted by Munch View Post
    I was unable to login at all during the latter half of the 16th and all day on the 17th. This morning (18th), I was finally able to login using a new PW/reset.

    I have attempted at least 4 password resets.

    After each reset, I used the M4C email's embedded link to attempt to change the PW. After the initial attempt, I received the multiple login failures warning and 15 minute time out.

    I sent an email to M4C staff. The staff provided me with an IP address. A trace early on the 17th indicated a dynamic IP address/computer in Leesville, LA. In the afternoon, a trace indicated a static IP address assigned to the web hosting corporation Lunar Pages in Anaheim,CA.

    I wonder if our User IDs have been compromised. The M4C site has been experiencing problems the last few days. Our inability to log in during a 36 hours period would indicate some sort of nefarious activity by unknown person(s) or a problem with M4C host/server. If there was continuous attempts to login using a User ID, I suspect the M4C was being subject to a Brute Force Attack. Especially if many User IDs were experiencing this problem. And, such could explain why the M4C site was periodically going down since Sunday.

    I saw no indication of spoofing.

    No doubt, Gunshot and Archer have access to Admin tools provided by the host to analyze server activity. Does the host provide you with tools to analyze potential web site attacks or do you need to contact the provider? Either case, it should be relatively easy to see if the web site has experienced unusual activity.

    I have had absolutely no other problems with any other web site requiring a login, email accounts or anything else with my i5 MacBook Pro running behind software/hardware firewalls. Everything is healthy on my end.
    This. I am going to take a vacation from M4c until this thing gets sorted out. I love this website, but until everything gets back to normal and I can login in using what I used last week with no problems, I am staying away................
    Also, those that are still logining in via the unknown IP, this could be causing more problems. Adios and until next time.

  9. #29
    Join Date
    Feb 2011
    Location
    Dallas, TX
    Posts
    467
    Feedback Score
    0
    Quote Originally Posted by Munch View Post
    I was unable to login at all during the latter half of the 16th and all day on the 17th. This morning (18th), I was finally able to login using a new PW/reset.

    I have attempted at least 4 password resets.

    After each reset, I used the M4C email's embedded link to attempt to change the PW. After the initial attempt, I received the multiple login failures warning and 15 minute time out.

    I sent an email to M4C staff. The staff provided me with an IP address. A trace early on the 17th indicated a dynamic IP address/computer in Leesville, LA. In the afternoon, a trace indicated a static IP address assigned to the web hosting corporation Lunar Pages in Anaheim,CA.

    I wonder if our User IDs have been compromised. The M4C site has been experiencing problems the last few days; site off line and many users unable to login. The type of problem associated with inability of many members to log in during the last 36 hours period would indicate some sort of nefarious activity by unknown person(s) or a problem with M4C host/server. If there were continuous attempts to login using a User ID, I suspect the M4C server was being subject to a Brute Force Attack. Especially if many User IDs were experiencing this problem. And, such could explain why the M4C site was periodically going down since Sunday.

    I saw no indication of spoofing.

    No doubt, Gunshot and Archer have access to Admin tools provided by the host to analyze server activity. Does the host provide you with tools to analyze potential web site attacks or do you need to contact the provider? Either case, it should be relatively easy to see if the web site has experienced unusual activity.

    I have had absolutely no other problems with any other web site requiring a login, email accounts or anything else with my i5 MacBook Pro running behind software/hardware firewalls. Everything is healthy on my end.

    In so far as passwords, an 8 character, human generated password using upper and lower case, numbers and One special character can be broken in seconds with internet available software by a person acting unethically and possibly illegally. Best to use a random PW generator; MIT has a good one.
    This. Also if any assistance is needed there are those of us with computer security/webhosting security expertise available to assist if needed.
    Last edited by TXBob; 10-18-11 at 09:24.

  10. #30
    Join Date
    Jun 2006
    Location
    NoVA
    Posts
    5,963
    Feedback Score
    12 (100%)
    Alright, enough.

    Firstly, we're not going to discuss M4C site security in an open forum.

    Secondly, the reason some people are getting failures, and not others, is because you may be unlucky enough to share an IP address, or range, that is attempting to slow the site through DDos, etc.

    Thirdly, the internet is a risky place. A password can almost always be compromised quickly, assuming you have unlimited access to continue trying. More characters, and more symbols makes it much, much harder especially when the crack only gets three shots at it, then a 15+ minute timeout. Not foolproof, but then again it adds to the levels of security.

    Lastly, using unknown IP addresses, and then entering data in those addresses can take an MIT generated, 100 character password and give it away. Worrying about what security we have in place for M4C when you are willing to navigate unknown IP addresses and enter usernames and passwords there is ironic, to be completely frank.

    So for now, this thread is done. If our staff has any salient updates, we will post them. Otherwise we will continue to ferret out the issues, and sources, of the cyber attacks.
    "I'm not saying I invented the turtleneck. But I was the first person to realize its potential as a tactical garment. The tactical turtleneck! The... tactleneck! - Sterling Archer"
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    "Courage is not the absence of fear, but rather the judgment that something else is more important
    than one's fear. The timid presume it is lack of fear that allows the brave to act when the timid do not."

Page 3 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •