bambooweb.info

I am getting regular "too many bad log in attempts" screens come up when I try to log in. I have to enter additional information. I am guessing that either this is a new security modification... or someone is trying to hack into my account. Suggestions?

Hello Allen and All

Several of us are having the same problem. Someone is trying to hack the site by guessing someone's/anyone's password. So far as I know they have not been successful. Make sure your password is strong and just validate when asked. Maybe this guy will get tired of trying. He's not much of a hacker if this is his only strategy.

We have had several new members sign up and post a few times, then change their signature line to a sales web site link. I have banned and deleted all of these spammers as they are discovered, and have started banning the source IP. Maybe it's a disgruntled banned or deleted member, but it seems like a lot of trouble just to get back at us.

The only way to look at login attempts is to look at the database and I do not have the skills necessary to do that. Bill is looking into that situation, and maybe he will have something to report later. He also mentioned installing an update so I'm sure he will get things worked out.

If anyone notices signature lines with sales web site links (member bamboo nurseries or bamboo sales sites are OK) be sure to let Bill, Brad or myself know and we will zap them.

Regards to all, and Happy New Year!

David

My work email shows the IP Address of where I last logged in from, maybe something similar could be done showing the IP Address of where the last login attempt came from.

Poor Bill! It never ends! He is lucky to have the group of you helping out!

I finally got the update working on the test site.
I will update this site on Sunday and hopefully it will be down for less than an hour.

Bill

I had a wild thought. Have the failed logins look like they are successful and take them to a fake site that looks just like the real site to see what they do to it.

Of course you woud have to give some visual indication that the login had actually failed, like a warning printed in an image file so that an automated scan of the page wouldn't see it.

I finished updating the site software and I lowered the Maximum login attempts to 1. It does not look like they are trying to log in after the captcha shows up so hopefully they notice that they only get one chance and move on.

In the mean time it looks like we will have to enter the captcha code. I will see if I can add code to get their IP and ban it.

Bill