If this is true, then a good counter move would be to put the qualifying questions or captcha BEFORE allowing logon. Anybody working on something like this?Pit$Bull wrote:This is not a new occurrence, it may just now happening to you.
It is happening world wide and not just to phpBB, and it's not version specific.
Hackers/spammers are trying to 'brute force' passwords. The protection built into phpBB is only allowing x number of attempts then the CAPTCHA is presented.
Pit$Bull wrote:This is not a new occurrence, it may just now happening to you.
It is happening world wide and not just to phpBB, and it's not version specific.
Hackers/spammers are trying to 'brute force' passwords. The protection built into phpBB is only allowing x number of attempts then the CAPTCHA is presented. ACP->main page->user registration settingsA strong password will also insure the 'brute force' will not succeed.Maximum number of login attempts:
After this number of failed logins the user needs to additionally solve the anti-spambot task.
I believe the outstanding question is why don't these brute force attempts appear in the logs?Pit$Bull wrote:Looks like everyone is just beating a dead horse.
What is so difficult to understand about ->Pit$Bull wrote:This is not a new occurrence, it may just now happening to you.
It is happening world wide and not just to phpBB, and it's not version specific.
Hackers/spammers are trying to 'brute force' passwords. The protection built into phpBB is only allowing x number of attempts then the CAPTCHA is presented. ACP->main page->user registration settingsA strong password will also insure the 'brute force' will not succeed.Maximum number of login attempts:
After this number of failed logins the user needs to additionally solve the anti-spambot task.
Correct, but in my case and many other cases, you can't login because even the CAPTCHA image is broken. I had to use a SQl SCRIPT to create a user with ADM rights. Change the CAPTCHA to a image that works so my others could actually reset their passwords. I've researched this, and it's all over the net even with broken CAPTCHA images. Mine in this case was the 3D image. It also appears spammer are back at the battle. Boards are getting flooded.Pit$Bull wrote:Looks like everyone is just beating a dead horse.
What is so difficult to understand about ->Pit$Bull wrote:This is not a new occurrence, it may just now happening to you.
It is happening world wide and not just to phpBB, and it's not version specific.
Hackers/spammers are trying to 'brute force' passwords. The protection built into phpBB is only allowing x number of attempts then the CAPTCHA is presented. ACP->main page->user registration settingsA strong password will also insure the 'brute force' will not succeed.Maximum number of login attempts:
After this number of failed logins the user needs to additionally solve the anti-spambot task.
Successful and failed admin login attempts are only logged for when an admin has to re-authenticate himself when accessing the ACP.arcticwolf wrote:I believe the outstanding question is why don't these brute force attempts appear in the logs?
Pit$Bull wrote:sigsauerny,
What's wrong with reading the topic, it's all explained above.
includes/functions.php
...Code: Select all
// Username, password, etc...
default:
Code: Select all
case LOGIN_ERROR_PASSWORD:
add_log('user', $user->data['user_id'], 'Password failure', $username);