there seems to be robots trying to login to accounts, guessing passwords.

anyone with a reasonable password will be unaffected.

.


"We urge all users to change their passwords periodically, but it is particularly important that you do so now."

Password cracking attack in progress.

http://forumserver.twoplustwo.com/55...cement214.html

It was certainly written to look exactly like a phishing attack Every other place that has stored passwords always send emails of this sort with a disclaimer along the lines of "do not ever click on links contained in an email from us, we would never include such".

I've tried to guess all the admins' passwords. None of them use "password" "poker" or "pokerpassword".

Just fyi.

This is actually a good piece of advice for future emails like that.

Good ways to make a really strong password:

1) Use a sentence. It should be memorable and sort of detailed and not something ridic obvious like "iloveyou", which is a really common password. For example, just looking at my computer screen to think of something, "I usually use Chrome to browse the internet." comes to mind. Something like that's going to be very secure against dictionary attacks and really easy to remember.

2) If you suffer from typos, you can do something similar with an acronym, but you'll rpobably want to include a number somewhere in the middle. For example "I was in second grade when I was eight" Iwi2gwiw8. Again, easy to remember, very unlikely to be in a dictionary, and fairly easy to type.

Idea roughly stolen from xckd:

OMG A HACKING SCAM? PLEASE SEND $30 TO SHADYRUSSIANGUY ON POKERSTARS AND I WILL INVESTIGATE WHETHER YOUR ACCOUNT HAS BEEN HACKED

that sounds exactly like something a mat sklansky imposter would say.

Is the email being sent to:

1) everyone
2) just people who are thought to have easy passwords
3) people whose account has been targeted

Everyone.

everyone. we don't have access to passwords. we can change them, however.

Excellent. I'll pay gobbo to perform if necessary.

This is what had me wondering if it was legit or not.

lol passwords without english words

I don't really understand why 2p2 can't just block an IP address once it becomes clear that different passwords are being tried over and over again in a brute force attack?

Wouldn't that make sense and be very easy to implement?

My password is a lot safer now... thanks for the alert, Mat Sklansky.

very good example on how to make a very good password

So Robot Mods are good, but Robot Hackers bad?

Yeah. I came directly here because it seemed very sketchy. Very poorly conceived and executed Public Service Announcement. Pretty much SOP to never ask for/provide a direct link to a page that will ask for a PW.

But no harm, no foul.

I tihnk hey already do this, but it's very easy to constantly change IP addresses. I made some suggestions in the mod forum for ways to prevent this attack in the future, and I'm told that they're looking into them.

your account may be cracked, its problem?

Also, because sometimes an IP ban would impact other accounts that aren't guilty of anything. I don't really get how that works, but once when I requested an IP ban of a troll, I was told it couldn't be done because other accounts would be banned as well.

An IP ban won't slow down anyone who is really determined. We've IP banned trolls in the past who just keep right on coming back on new IPs.

Did you try their names as their passwords?

tough to crack
FB5GO91&ZQ8W1IP10TO9UGK3#8B87RNDX8