[Art]

Hi, I received this email 4 or 5 times today:

Quote:

Dear Art,

Your account on The Omni Group Forums has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 70.86.138.114

Don't forget that the password is case sensitive. Forgotten your password? Use the link below:
http://forums.omnigroup.com/login.php?do=lostpw

All the best,
The Omni Group Forums

(the IP address was the same every time)

i'm quite fed up with that... i've set my password to something impossible to guess, but if this guy keeps trying, it'll soon be getting on my nerves... could you ban his IP so that he can't try again, or something like that?

Thanks in advance,

Arthur

[haraldmartin]

The same thing happened to me about three times today. My pass is hard to crack but others might not be. The same ip here as well.

Same here, same IP and everything.
When I got the emails I actually bothered to log into the forums (which I apparently hadn't done since last july).

[Art]

I received this mail this morning:

Quote:

Arthur-

I'm sorry for the inconvenience this is causing; it looks like
someone has set up a script to try logging in to any forum account
they can find. They don't actually have any passwords, so they're
just trying random ones. Thus far, they haven't succeeded in doing
anything other than annoying folks such as yourselves. The IP address
in question has been blocked from accessing the forums, and we're
working with the ISP in question to put a stop to this.

If you have any other questions or suggestions, please don't hesitate
to contact me.

Sincerely,

Brian C.
Support & QA Manager
Omni Group

OmniGroup folks take care of us ;-)

This is probably a phisher trying to get onto the forums.

What happens is they get on, edit the profile. If the system allows uploading of avatars, they upload a file called myavatar.jpg (or png) which is actually a unix script.
The script creates a directory under the images, fills it with the phishing site files, changes the permissions so even the system admin can't get in there and mails the phisher with the url, which he then sends out posing as Citibank, Barclays, Halifax or whichever bank he's spoofing.

It's designed for PHPBB, usually, but it will work on any forum that allows uploads.

BAzz
(off to change my password to something long)

[angben]

76.226.201.84 is the latest hacker, at it again. Tried me today, the twit.

[cephalopodcast]

GOt mine today from 74.53.243.34.

[Cortig]

Same thing here, different IP: 74.53.243.34 (though the two notifications I received were from the same IP).

Corentin

I got the same. I forgot I had registered here.

74.53.243.34

These people are scum.

[Brian]

Thanks to everyone that's reporting these. Unfortunately, the folks that do this often just switch off to a new IP address and start over once we ban whatever address their current attempts are coming from.

Keep letting us know and we'll keep banning, though.