All,

I believe your accounts have, for the most part, been unsuccessfully attacked by a malicious party attempting to brute-force account login credentials.

The board includes several features to prevent these types of attacks, and I have since added additional restrictions to help prevent the attacks. In the interim, it would be helpful if all users would change their password. This can be done via the User Control Panel -> Profile -> Edit Account Settings.

If you believe your account has been compromised, please contact me via email and we will confirm your identity and help you reset your account.

Thanks,

Karl

After more research, it appears the attacks are coming from a russian server, it also appears WoKJ is not alone in being attacked.

If you make me an administrator, I might be able to stop it.

If you have valid suggestions, please feel free to post them.

OK! Who pissed off Mr. R?

Maybe it's the guy at the bottom of this thread

viewtopic.php?f=12&t=61114&p=1662701#p1662701

I don't think so, it doesn't seem to be WoKJ specific, rather phpbb specific.

How can we recognize if our account has been compromised?

If you can still login, it's safe to assume it hasn't been. Still a good idea to make sure your password has at a minimum letters and numbers, and ideally a symbol.

A password with letters, numbers, symbols and no actual words is almost impossible to brute force attack.

I'm scared.

I changed my password just in case,but it still asks me for that CAPTCHA 'enter words' thingy. Is that normal?

It will ask if you've had more than 2 failed attempts recently. A lot of people will experience it because the brute force attack basically means they went through the member list and tried to guess the password. Only on a very small handful of accounts did they try more than 3 times, typically once they hit the captcha they move on to the next account.

It did ask me that with the old password, but it also did ask me with my first attempt with the new password, saying I had tried too many logins, while as I said in reality it was my first try.

Fortunately, my account seems untampered with - - I'm still the same old Bradley Witherberry who thinks that Inception is the finest film ever made (next to TDK, of course).

It doesn't instantly reset, there are a few events that trigger resetting the number of failed logins, but i'm not sure what they are off the top of my head.

Someone please hold me.

It was Loyal.

I've changed my password to studmonkey70-1.

My question: Eagle suggested using a password with no actual words, but would studmonkey be ok? The way I see it, it is two actual words, but when combined together, it makes zero actual words.

Please let me know if this sounds secure enough, if not I'll change it again.

lol...

i dont know what the hell just happen but i believe ive been "attacked", but all is well i guess :/

What?!?!

The Kohl's guy again?

thanks for bringing back traumatizing memories ...