Spurious password change request emails

[Mar044]

ya I got a notice also, traced the IP, comes from southern area of china, its seems like a dictionary attack, the forum locks them out after 5 tries, as long as your not dumb and don't use basic passwords you should be fine, always use upper lower and numbers, its not fool proof but Dictory attacks don't work with DCS so you should be safe, plus they forum accounts are not the same as license accounts so even if they got it your account info is isolated.

[Low Blow]

Ban this person please

 

Hi ED,

 

I received this email from you not long ago:

 

Dear

 

Someone has tried to log into your account on ED Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

 

The person trying to log into your account had the following IP address: 111.207.203.195

 

All the best,

ED Forums

 

This was not me trying to log in. Can you please ban this IP.

 

IP Tracker shows:

 

IP Locator & IP Lookup Basic Tracking Info

IP Address: 111.207.203.195

Reverse DNS: ** server can't find 195.203.207.111.in-addr.arpa: SERVFAIL

Hostname: 111.207.203.195

IP Blacklist Check: Suspicious, Comment Spammer

Level: 23

Activity: 2 days ago

[ Blacklist Check]

IP Lookup Location For IP Address: 111.207.203.195

Continent: Asia (AS)

Country: China (CN)

Capital: Beijing

State: Beijing

City Location: Beijing

ISP: China Unicom Beijing

Organization: China Unicom Beijing

AS Number: AS4808 CNCGROUP IP network China169 Beijing Province Network

 

IP Weather Station: Beijing

Sky: few clouds

Temp: 24.4 ºC (max 24.4 ºC / min 24.4 ºC)

Wind Speed: 1.7 m/s

Wind Direction: 137.5°

Humidity: 53%

Cloudiness: 20%

Atmospheric pressure: 993.7 kPa

Time Zone: Asia/Shanghai

Local Time: 10:53:50

Timezone GMT offset: 28800

Sunrise / Sunset: 05:19 / 19:04

 

At least we know the weather conditions there so after virtually bombing him we can RTB and land. Don't even require an instrument approach...

 

Regards,

 

Low Blow

Edited April 30, 2015 by Low Blow

[dooom]

Here too... Czech Republic attempt

[GeorgeLKMT]

Here too... Czech Republic attempt

 

Not me, I swear to Jagr.

 

I don't think they (ED) can do anything about password guessing attacks from random IPs so just make your passwords safe (not 123) and you're good to go.

[TimeKilla]

Possible hack

 

My dads credit card was hacked from person(s) unknown strangely I had just used to to buy a WW2 aircraft from this site I know for a fact this site is fine and nothing to do with it they tried to take £500 worth of clothes from NEXT.

 

The credit company was on its toes and stopped it but now I cant login to eagle.ru to check my modules to see if they have been stolen aswell my steam seems ok. I Cant change password just go around and around never allowing me tho saying its changed.

 

Can't wait for help guys already good to rebuy an X52 Pro, TrackiR 5

 

 

Thanks for your time.

[Devrim]

How can CC hackers access your accounts on ED sites? That's not make sense.

 

There must be anothoer issue with it...

[dooom]

sounds like a keylogger is on your machine. i wouldnt use that machine to log into anything until you are sure its clean

[_Dredd]

Check your PC for sure. Grab Malware Bytes, run a scan.

 

*off topic, Seems DCS site doesnt use https login etc, by default. https is enabled; but http:// doesn't default to https://

[sobek]

doesn't default to https://

 

You're right, i'll talk to the admin.

[TimeKilla]

I reinstalled windows everything seems to be working now is there any idea what the issue was, was this a hack was anything compromised or just a server mishap.

[shyjonathan1588]

HACKING ATTACKS

 

I got an email someone (not me) tried to log on with my username from a foreign IP address last night. I searched the forums and I am seeing several others complain of this in the past few days.

 

What's going on?

[fixen]

I got it aswell.

 

IP Adress: 89.105.194.72

Location Doetichem, the Netherlands

 

But it is probably a proxy IP adress

 

Edit: I am sure it is a proxy. Host is TOR network.

Edited July 24, 2015 by fixen

[BitMaster]

confirmed.... someone was knocking on my digital door :(

 

:::::::::::

Dear BitMaster,

 

Someone has tried to log into your account on ED Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

 

The person trying to log into your account had the following IP address: 185.14.29.221

:::::::::::

 

 

We better all check and redo the pwd's once again, aint the 1st time this year I had to redo most of them.

[BitMaster]

Forum Hacking Threat: 2-Factor Auth needed

 

Hi Forum,

 

I post this in World Forum, the admins may move it, as I think it is of general interest.

 

 

Looking at my Inbox and the recent hacking attack makes me wanna have 2-Factor-Auth for

 

ED and Forum if possible.

 

 

Google Auth was fine, what do you think ?

 

 

...........here's what i had in my mail tonight, and knowing this user/pwd also protects all of my ED lics makes me a bit nervous.... ::

 

_________________________________________________________________________

Dear BitMaster,

 

Someone has tried to log into your account on ED Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

 

The person trying to log into your account had the following IP address: 185.14.29.221

 

__________________________________________________________________________

 

 

...I was not the only one as you can see from other posts of today, something is going on !!!

 

 

 

Bit

[Rangi]

I'm not sure what you are worried about? They got your password wrong and ED blocked them, how does that make your account less safe?

[StandingCow]

Good password habits are important, never have the same PW for two sites, and change them often.

 

I, for one, use lastpass and have it behind 2 factor authentication.

[_Dredd]

And I thought I was concerned that https is not used by default when you login to the forums, or your DCS profile account...

 

:cry:

[Drona]

I got the exact same mail from ED a couple of days back. The IP location shows its from Switzerland. I'm glad that ED blocked it.

_________________________________________________________________

Dear Kunz,

 

Someone has tried to log into your account on ED Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

 

The person trying to log into your account had the following IP address: 77.109.141.138

 

All the best,

ED Forums

_________________________________________________________________

[SkateZilla]

this isnt limited to ED forums at all, there are script people thay do this regularly to millions of sites a day, basically brute force attacking random sites.

[BitMaster]

I'm not sure what you are worried about? They got your password wrong and ED blocked them, how does that make your account less safe?

 

It doesnt make it less safe, what I would welcome is a 2-factor auth option just as LastPass or many other sites that I use, in combination with my iphone App from Google.

 

 

An option would be cool with the next website update or such.

[cichlidfan]

Two factor authorization for a game forum? No thank you.

[BitMaster]

sure, we know this, I watch Threat Management Systems for a living.... just that if THAT would happen every day at ED we would most likely see more of those posts such as mine and others,

and not all that got that email respond via forum.

 

I think, someone is trying to get a foot into the database with lic keys, the Apple doesnt fall far from the tree and cui bono answers most questions of why what and when.

[kobac]

I got the same message today. Only the IP address is different 5.9.36.66

Who and what these people want to do with our accounts? Do we need to change our passwords?

[PiedDroit]

I got the same message today. Only the IP address is different 5.9.36.66

Who and what these people want to do with our accounts? Do we need to change our passwords?

 

Random chinese hacker... No need to change password if it's good enough, as they only have 5 tries before the website blocks them.

The intent is to get personal info from your account, and your password might be valuable (they try the same login/password pair on other websites).

[CHola]

Illegal account access attempt

 

20 Aug 2015,

someone from 185.65.135.226 tried to illegally access my account.

 

Mods, feel free to permaban the IP.