bogleheads.org attacked - some accounts hijacked

Discussions about the forum and contents
Topic Author
Alex Frakt
Founder
Posts: 11589
Joined: Fri Feb 23, 2007 12:06 pm
Location: Chicago
Contact:

bogleheads.org attacked - some accounts hijacked

Post by Alex Frakt »

update - the attacker did manage to figure out the passwords on several accounts. All of the accounts used very basic passwords like "stocks" or "bogleheads". Please change your password if it doesn't meet the guidelines below or if you have any concerns. See this response on page 2 of this thread for more details: http://www.bogleheads.org/forum/viewtop ... 0#p1395370

Someone has been attempting a brute force attack run through anonymous proxy servers to try to guess user passwords on our site. They have not been successful and we are actively responding to the attacks to make sure it stays that way. To give a little more detail, someone has written a program that runs through the member list and attempts to login to each users account by entering random passwords. In anticipation of such attacks, our software only allows a small number of missed passwords before taking steps to lock out the attacker. We are now taking additional steps to keep this from interrupting the site, I don't want to go into the specifics of this for obvious reasons.

The question is what should you, our members, do about this. In most cases the answer is nothing. The attacker has not gotten into our database or successfully infiltrated anyone's account. The only effect it will have on you is that, until this is over, you may be asked to answer a simple question along with entering your username and password when logging in. The text of the message you will see if this is the case is "You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below."

Should you change your password? This attack does not create a specific need to change your password. However, if you broke any of the following rules of thumb when initially creating your password, you might want to take this opportunity to create something more secure. Again this is not something tied to the attack, it's just a generally good idea to follow these password guidelines:

These guidelines are based on analyses of lists of passwords posted by hackers who have successfully broken into various commercial web sites.

- Don't use a basic keyboard pattern or alphanumeric like qwerty or 123456 or abc123.
- Don't use common first or last names, the site name, your username or your e-mail address.
- Don't use password (or passw0rd), letmein, iloveyou or common terms of endearment like honey, princess or (for some reason) monkey.

And the most important rule:

- Don't use the same password for general sites (like ours) that you use for sites like banks and brokerages.

If you do want to change your password, click User Control Panel (it's a couple of lines under the Bogleheads logo at top left), then the Profile tab, then Edit Account Settings. Here's a direct link: http://www.bogleheads.org/forum/ucp.php ... eg_details. While you are on that page, please check that the e-mail address we have for you is still valid. If you are locked out or forget your password, that's where the reset message will go.

edit - in addition to the one's mentioned above, here's a list of the passwords that have been hit in similar attacks
000000 abc123 aeiou angel asdf1 asdfg ashley babygirl baseball baseball1 batman blahblah cheese christ computer daniel dragon football freedom fuck fucked fuckyou grace iloveyou iloveyou1 iloveyou2 internet jessica jesus jesus1 jordan killer letmein love master matrix maverick michael michelle monkey mustang nicole nintendo passw0rd Password password1 pepper pokemon princess pussy qazwsx qwerty1 secret shadow single soccer starwards sunshine superman susan swordfish testing tigger trustno1 victory welcome whatever 1234 4321 6969 12345 54321 111111 121212 123123 654321 666666 1111111 7654321 7777777 87654321 123456789
User avatar
Mrs.Feeley
Posts: 830
Joined: Sat Nov 12, 2011 1:52 am

Re: bogleheads.org under attack - may cause login problems

Post by Mrs.Feeley »

Thank you for the update. The obvious question is why would anyone want to attack a message forum such as this one? To use it to send out phishing spam? To learn e-mail addresses and perhaps names of people with Vanguard accounts? Or perhaps they're just misguided about the potential value of such a hacking enterprise.

I got the log-on error message last night.
Renaissance Man
Posts: 51
Joined: Mon Oct 24, 2011 1:30 pm

Re: bogleheads.org under attack - may cause login problems

Post by Renaissance Man »

Man Your Battle Stations!
User avatar
SimpleGift
Posts: 4477
Joined: Tue Feb 08, 2011 2:45 pm

Re: bogleheads.org under attack - may cause login problems

Post by SimpleGift »

Good job, Alex. Thanks for keeping us informed of developments.
Topic Author
Alex Frakt
Founder
Posts: 11589
Joined: Fri Feb 23, 2007 12:06 pm
Location: Chicago
Contact:

Re: bogleheads.org under attack - may cause login problems

Post by Alex Frakt »

Mrs.Feeley wrote:Thank you for the update. The obvious question is why would anyone want to attack a message forum such as this one? To use it to send out phishing spam? To learn e-mail addresses and perhaps names of people with Vanguard accounts? Or perhaps they're just misguided about the potential value of such a hacking enterprise.

I got the log-on error message last night.
I have seen reports of other message boards getting hit with the same thing. Here's the first official report on it from the people who created our forum software - http://www.phpbb.com/community/viewtopi ... &t=1947925

The speculation is that this may be the next step by spammers. We've gotten pretty good at keeping spammers out through techniques like requiring moderator approval of the first post from new members and not allowing images or links in a member's first few posts. But if a spammer can login as an established user, they could flood the forum with spam until the moderators get around to manually cleaning it off. Since they only get a few chances per username, it's unlikely to be very effective, but since it's all automated and, no doubt, run through compromised computers, it costs the spammer very little to try.
Topic Author
Alex Frakt
Founder
Posts: 11589
Joined: Fri Feb 23, 2007 12:06 pm
Location: Chicago
Contact:

Re: bogleheads.org under attack - may cause login problems

Post by Alex Frakt »

More research. Here's a list of the passwords being used during a similar attack on another phpbb board. If any of these are your password, you should probably change it. Note that even if you do use one of these, the attacker was only able to try a handful of times before being locked out, so you are probably still OK.

000000 abc123 aeiou angel asdf1 asdfg ashley babygirl baseball baseball1 batman blahblah cheese christ computer daniel dragon football freedom fuck fucked fuckyou grace iloveyou iloveyou1 iloveyou2 internet jessica jesus jesus1 jordan killer letmein love master matrix maverick michael michelle monkey mustang nicole nintendo passw0rd Password password1 pepper pokemon princess pussy qazwsx qwerty1 secret shadow single soccer starwards sunshine superman susan swordfish testing tigger trustno1 victory welcome whatever 1234 4321 6969 12345 54321 111111 121212 123123 654321 666666 1111111 7654321 7777777 87654321 123456789
xerty24
Posts: 4827
Joined: Tue May 15, 2007 3:43 pm

Re: bogleheads.org under attack - may cause login problems

Post by xerty24 »

Alex Frakt wrote:000000 abc123 aeiou angel asdf1 asdfg ashley babygirl baseball baseball1 batman blahblah cheese christ computer daniel dragon football freedom fuck fucked fuckyou grace iloveyou iloveyou1 iloveyou2 internet jessica jesus jesus1 jordan killer letmein love master matrix maverick michael michelle monkey mustang nicole nintendo passw0rd Password password1 pepper pokemon princess pussy qazwsx qwerty1 secret shadow single soccer starwards sunshine superman susan swordfish testing tigger trustno1 victory welcome whatever 1234 4321 6969 12345 54321 111111 121212 123123 654321 666666 1111111 7654321 7777777 87654321 123456789
And I thought surely no one would guess my long passphrase with 50+ unrelated words and numbers. Guess it's time to go back to Monkey1234 ;).
No excuses, no regrets.
Pacific
Posts: 1609
Joined: Tue Mar 06, 2007 7:19 pm
Location: Lost in the middle of the Pacific

Re: bogleheads.org under attack - may cause login problems

Post by Pacific »

Password
Really??
User avatar
nisiprius
Advisory Board
Posts: 52216
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: bogleheads.org under attack - may cause login problems

Post by nisiprius »

Pacific wrote:
Password
Really??
Really. Probably a common reaction of users to being told "type password." I think it's usually cluelessness plain and simple, not misplaced cleverness.

I recognize the "swordfish" reference but I have to wonder how common it really is. (Bad movie with hackers-as-heroes).
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: bogleheads.org under attack - may cause login problems

Post by VictoriaF »

Alex Frakt wrote:More research. Here's a list of the passwords being used during a similar attack on another phpbb board. If any of these are your password, you should probably change it. Note that even if you do use one of these, the attacker was only able to try a handful of times before being locked out, so you are probably still OK.

victory
Close call ;-)

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
sscritic
Posts: 21853
Joined: Thu Sep 06, 2007 8:36 am

Re: bogleheads.org under attack - may cause login problems

Post by sscritic »

VictoriaF wrote:
Alex Frakt wrote: victory
Close call ;-)

Victoria
Victor Victoria eh? Now which is the password?
User avatar
Toons
Posts: 14467
Joined: Fri Nov 21, 2008 9:20 am
Location: Hills of Tennessee

Re: bogleheads.org under attack - may cause login problems

Post by Toons »

Thanks for the update :happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: bogleheads.org under attack - may cause login problems

Post by VictoriaF »

sscritic wrote:
VictoriaF wrote:
Alex Frakt wrote: victory
Close call ;-)

Victoria
Victor Victoria eh? Now which is the password?
You can try all three. :wink: On the second thought, please don't. Otherwise, I will be asked solving CAPTCHA for the rest of my life.

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
FabLab
Posts: 1127
Joined: Mon Oct 18, 2010 12:15 pm

Re: bogleheads.org under attack - may cause login problems

Post by FabLab »

Thanks, Alex, for the update. Please let us know if there's any way we can help out.

Cheers
The fundamental things apply as time goes by -- Herman Hupfeld
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: bogleheads.org under attack - may cause login problems

Post by VictoriaF »

FabLab wrote:Thanks, Alex, for the update. Please let us know if there's any way we can help out.
We can guess Alex' password and do his job while he sleeps.

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
SSSS
Posts: 1914
Joined: Fri Jun 18, 2010 11:50 am

Re: bogleheads.org under attack - may cause login problems

Post by SSSS »

Alex Frakt wrote:pepper pokemon princess pussy
How did they know the name of my cat??
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: bogleheads.org under attack - may cause login problems

Post by VictoriaF »

SSSS wrote:
Alex Frakt wrote:pepper pokemon princess pussy
How did they know the name of my cat??
Wikipedia about Pokémon wrote:The concept of the Pokémon universe, in both the video games and the general fictional world of Pokémon, stems from the hobby of insect collecting, a popular pastime which Pokémon executive director Satoshi Tajiri-Oniwa enjoyed as a child.
Is your cat fond of collecting insects, or is your hobby collecting insects from your cat?

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
FabLab
Posts: 1127
Joined: Mon Oct 18, 2010 12:15 pm

Re: bogleheads.org under attack - may cause login problems

Post by FabLab »

SSSS wrote:
Alex Frakt wrote:pepper pokemon princess pussy
How did they know the name of my cat??
Easy. Alliteration was the next thing to expect after a repetitively lettered user name :D
The fundamental things apply as time goes by -- Herman Hupfeld
User avatar
prudent
Moderator
Posts: 9085
Joined: Fri May 20, 2011 2:50 pm

Re: bogleheads.org under attack - may cause login problems

Post by prudent »

nisiprius wrote:I recognize the "swordfish" reference but I have to wonder how common it really is. (Bad movie with hackers-as-heroes).
The use of "swordfish" as a password started in the Marx Brothers movie Horse Feathers, way back in 1932! :)
User avatar
retiredjg
Posts: 54082
Joined: Thu Jan 10, 2008 11:56 am

Re: bogleheads.org under attack - may cause login problems

Post by retiredjg »

Thanks Alex. We can always depend on you!
User avatar
Taylor Larimore
Posts: 32842
Joined: Tue Feb 27, 2007 7:09 pm
Location: Miami FL

CAPTCHA ?

Post by Taylor Larimore »

What does "CAPTCHA" mean (to lazy to go to google) ?

Thank you and best wishes.
Taylor
"Simplicity is the master key to financial success." -- Jack Bogle
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: CAPTCHA ?

Post by VictoriaF »

Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?

Thank you and best wishes.
Taylor
Hi Taylor,

CAPTCHA is some text written in a jagged way, or partly shaded, or using different fonts and sizes, or some combination of these -- so that a human can read it but text-recognition software would get confused. The human then types what he has read into a box to prove that he is a human.

Victoria
Last edited by VictoriaF on Tue May 08, 2012 9:18 am, edited 1 time in total.
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
Peculiar_Investor
Site Admin
Posts: 2445
Joined: Thu Oct 20, 2011 12:23 am
Location: Calgary, AB 🇨🇦
Contact:

Re: CAPTCHA ?

Post by Peculiar_Investor »

Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?

Thank you and best wishes.
Taylor
"Completely Automated Public Turing test to tell Computers and Humans Apart" per CAPTCHA - Wikipedia.

Also see Luis von Ahn: Massive-scale online collaboration | Video on TED.com, for an interesting talk from the inventor.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
User avatar
baw703916
Posts: 6681
Joined: Sun Apr 01, 2007 1:10 pm
Location: Seattle

Re: bogleheads.org under attack - may cause login problems

Post by baw703916 »

CAPTCHA refers to a random word or phrase (typically written in some nonstandard, not easily machine-readable script--although that isn't the case in this site's impementation). The person trying to log in is asked to type in the word displayed--so a bot trying to enter the site would have to not only know the password, but be able to respond in real time to what the page displays.

Thanks to the previous poster for explaining how the term originated.
Most of my posts assume no behavioral errors.
User avatar
Taylor Larimore
Posts: 32842
Joined: Tue Feb 27, 2007 7:09 pm
Location: Miami FL

Quick replies !

Post by Taylor Larimore »

Bogleheads:

Thank you for quick answer to my question.

Best wishes.
Taylor
"Simplicity is the master key to financial success." -- Jack Bogle
porcupine
Posts: 1267
Joined: Thu Nov 04, 2010 11:05 am

Re: bogleheads.org under attack - may cause login problems

Post by porcupine »

VictoriaF wrote:
sscritic wrote:
VictoriaF wrote:
Alex Frakt wrote: victory
Close call ;-)

Victoria
Victor Victoria eh? Now which is the password?
You can try all three. :wink: On the second thought, please don't. Otherwise, I will be asked solving CAPTCHA for the rest of my life.

Victoria
Wisecrack #1: Well, will help keep your math skills up-to-date.
Wisecrack #2: At least it is just a CAPTCHA not a Sudoku!! :wnik:

- Porcupine
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: bogleheads.org under attack - may cause login problems

Post by VictoriaF »

porcupine wrote:
VictoriaF wrote:
sscritic wrote:
VictoriaF wrote:
Alex Frakt wrote: victory
Close call ;-)

Victoria
Victor Victoria eh? Now which is the password?
You can try all three. :wink: On the second thought, please don't. Otherwise, I will be asked solving CAPTCHA for the rest of my life.

Victoria
Wisecrack #1: Well, will help keep your math skills up-to-date.
Wisecrack #2: At least it is just a CAPTCHA not a Sudoku!! :wink:

- Porcupine
I prefer SET to Sudoku.

"Alzheimer's" would make a good password. By typing it often enough one may avoid the disease itself.

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
SSSS
Posts: 1914
Joined: Fri Jun 18, 2010 11:50 am

Re: CAPTCHA ?

Post by SSSS »

Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?
Basically it works like this:

Image
User avatar
Lbill
Posts: 4997
Joined: Thu Mar 13, 2008 11:25 pm
Location: Somewhere between Up and Down

Re: bogleheads.org under attack - may cause login problems

Post by Lbill »

Is HACKER an acceptable password? :happy
"Life can only be understood backward; but it must be lived forward." ~ Søren Kierkegaard | | "You can't connect the dots looking forward; but only by looking backwards." ~ Steve Jobs
User avatar
Remy Winchester
Posts: 49
Joined: Sat Jun 04, 2011 2:31 pm
Location: Carolina

Re: bogleheads.org under attack - may cause login problems

Post by Remy Winchester »

LMAO @ the "F" Series of password attempts, 8-)
mind_boggled
Posts: 56
Joined: Sat Jul 16, 2011 4:39 pm

Re: bogleheads.org under attack - may cause login problems

Post by mind_boggled »

This is what we get for talking bad about high frequency trading. We have angered the machines.
User avatar
goggles
Posts: 744
Joined: Tue Feb 20, 2007 7:38 am

Re: bogleheads.org under attack - may cause login problems

Post by goggles »

Alex, thanks for dealing with this stuff.

I hope you liked the Turing test joke!
User avatar
tludwig23
Posts: 1665
Joined: Thu Dec 30, 2010 2:27 pm
Location: 48deg46"23"N 122deg28'21"W

Re: bogleheads.org under attack - may cause login problems

Post by tludwig23 »

Arg, had to solve the CAPTCHA to login. Hopefully won't have to do this every time.

Thanks for the warning and explanations, Alex.
That's what I do: I drink, and I know things. --Tyrion Lannister
User avatar
rob
Posts: 5247
Joined: Mon Feb 19, 2007 5:49 pm
Location: Here

Re: CAPTCHA ?

Post by rob »

VictoriaF wrote:
Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?

Thank you and best wishes.
Taylor
Hi Taylor,

CAPTCHA is some text written in a jagged way, or partly shaded, or using different fonts and sizes, or some combination of these -- so that a human can read it but text-recognition software would get confused. The human then types what he has read into a box to prove that he is a human.

Victoria
Except I am always getting the damn things wrong...... and no colour blindness or anything else.... I far prefer the maths based ones that require an answer :-/
| Rob | Its a dangerous business going out your front door. - J.R.R.Tolkien
User avatar
speedbump101
Posts: 999
Joined: Thu Oct 18, 2007 10:54 pm
Location: Alberta Canada

Re: bogleheads.org under attack - may cause login problems

Post by speedbump101 »

VictoriaF wrote:
FabLab wrote:Thanks, Alex, for the update. Please let us know if there's any way we can help out.
We can guess Alex' password and do his job while he sleeps.

Victoria
'sleepdeprived' :-)

SB...
"Man is not a rational animal, he is a rationalizing animal" -Robert A. Heinlein
User avatar
JPH
Posts: 1427
Joined: Mon Jun 27, 2011 8:56 pm

Re: bogleheads.org under attack - may cause login problems

Post by JPH »

When I click on the Bogleheads link in my Favorites menu, I'm logged in automatically. I don't type in my user name and password every time. Is there any increased risk associated with this practice?
While the moments do summersaults into eternity | Cling to their coattails and beg them to stay - Townes Van Zandt
User avatar
nisiprius
Advisory Board
Posts: 52216
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: CAPTCHA ?

Post by nisiprius »

rob wrote:Except I am always getting the damn things wrong...
Indeed. In my case, I believe it to be partly age-related cognitive deterioration. I sometimes have to request three CAPTCHAs before I get one I can perceive correctly. The method used here at the Bogleheads site is merciful.

But I think it is also because the CAPTCHA developers are losing the arms race against the automated CAPTCHA and the CAPTCHAs are getting harder and harder. And I've heard that there is now a cheap-labor market for CAPTCHA solvers, much as there is for "gold mining" (acquiring resources in on-line multiplayer games and selling them for real money to other players).

I don't think the bad guys are clever enough to do site-specific password guessing, but I would suggest that people avoid passwords that have any relationship to the name of our mentor.
Last edited by nisiprius on Tue May 08, 2012 2:26 pm, edited 1 time in total.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
Topic Author
Alex Frakt
Founder
Posts: 11589
Joined: Fri Feb 23, 2007 12:06 pm
Location: Chicago
Contact:

Re: bogleheads.org under attack - may cause login problems

Post by Alex Frakt »

JPH wrote:When I click on the Bogleheads link in my Favorites menu, I'm logged in automatically. I don't type in my user name and password every time. Is there any increased risk associated with this practice?
Not from this. If you choose to autologin, we store a cookie on your computer that tells us your username and that you want to skip the login process, we do not store your actual password on your computer. The only potential security problem is that someone who has direct access to your computer could post under your username or edit your existing posts. They could also see your profile information, but that only gives them your e-mail address which they would presumably be able to get anyway since they are in physical possession of your computer. If they wanted to change your password or e-mail address, they would need to enter your current password regardless of the login setting.
LynnC
Posts: 800
Joined: Thu Mar 01, 2007 6:01 pm
Location: California

Re: bogleheads.org under attack - may cause login problems

Post by LynnC »

I have auto log in, also!

Thanks for keeping us posted, Alex. I suddenly realized my passwords aren't very creative! I got a chuckle out of a few of them..

LynnC
User avatar
baw703916
Posts: 6681
Joined: Sun Apr 01, 2007 1:10 pm
Location: Seattle

Re: bogleheads.org under attack - may cause login problems

Post by baw703916 »

nisiprius wrote:
Pacific wrote:
Password
Really??
Really. Probably a common reaction of users to being told "type password." I think it's usually cluelessness plain and simple, not misplaced cleverness.
Must be akin to "Speak friend and enter" from Tolkien.
Most of my posts assume no behavioral errors.
Topic Author
Alex Frakt
Founder
Posts: 11589
Joined: Fri Feb 23, 2007 12:06 pm
Location: Chicago
Contact:

Re: CAPTCHA ?

Post by Alex Frakt »

VictoriaF wrote:
Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?
CAPTCHA is some text written in a jagged way, or partly shaded, or using different fonts and sizes, or some combination of these -- so that a human can read it but text-recognition software would get confused. The human then types what he has read into a box to prove that he is a human.
The most common CAPTCHA tests are the irregular text ones, but they can be anything that tries to distinguish humans from robots (software). I don't like the text CAPTCHAs, so we don't use them on this forum. Instead we ask a simple question and the respondent has to fill in the answer. The bot that is attacking us is pretty unsophisticated, it doesn't even try to answer the question.
Topic Author
Alex Frakt
Founder
Posts: 11589
Joined: Fri Feb 23, 2007 12:06 pm
Location: Chicago
Contact:

Re: bogleheads.org under attack - may cause login problems

Post by Alex Frakt »

retiredjg wrote:Thanks Alex. We can always depend on you!
Thanks, but the credit should go to Ladygeek and Mel for outlining the problem and Larry for coming up with the filtering solutions. My only job was to report what's going on to everyone.
User avatar
Random Musings
Posts: 6772
Joined: Thu Feb 22, 2007 3:24 pm
Location: Pennsylvania

Re: bogleheads.org under attack - may cause login problems

Post by Random Musings »

Alex Frakt wrote:
retiredjg wrote:Thanks Alex. We can always depend on you!
Thanks, but the credit should go to Ladygeek and Mel for outlining the problem and Larry for coming up with the filtering solutions. My only job was to report what's going on to everyone.
Like we used to say at our research facility -

"Praise and Honor for the non-participants". :wink:

RM
I figure the odds be fifty-fifty I just might have something to say. FZ
bourg
Posts: 63
Joined: Fri Mar 16, 2012 9:26 am
Location: Indianapolis, IN

Re: bogleheads.org under attack - may cause login problems

Post by bourg »

Whew - they didn't try correcthorsebatterystaple.

http://xkcd.com/936/
User avatar
retiredjg
Posts: 54082
Joined: Thu Jan 10, 2008 11:56 am

Re: bogleheads.org under attack - may cause login problems

Post by retiredjg »

Alex Frakt wrote:
retiredjg wrote:Thanks Alex. We can always depend on you!
Thanks, but the credit should go to Ladygeek and Mel for outlining the problem and Larry for coming up with the filtering solutions. My only job was to report what's going on to everyone.
Ok. Thanks to them too!
User avatar
archbish99
Posts: 1649
Joined: Fri Jun 10, 2011 6:02 pm

Re: CAPTCHA ?

Post by archbish99 »

Alex Frakt wrote:
VictoriaF wrote:
Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?
CAPTCHA is some text written in a jagged way, or partly shaded, or using different fonts and sizes, or some combination of these -- so that a human can read it but text-recognition software would get confused. The human then types what he has read into a box to prove that he is a human.
The most common CAPTCHA tests are the irregular text ones, but they can be anything that tries to distinguish humans from robots (software). I don't like the text CAPTCHAs, so we don't use them on this forum. Instead we ask a simple question and the respondent has to fill in the answer. The bot that is attacking us is pretty unsophisticated, it doesn't even try to answer the question.
Saw a neat one recently that displayed five symbols and a giant circle, and directed the user to "drag the ____ onto the circle." Completely not compliant with accessibility requirements, but for those who are mouse-capable, a nice differentiator.

I also saw one a few years ago based on the fact that we're biologically wired to identify different species, so it pulled pictures from PetFinder and asked you to sort dogs vs. cats. :happy
I'm not a financial advisor, I just play one on the Internet.
User avatar
roymeo
Posts: 1278
Joined: Sat Apr 28, 2007 7:19 pm
Location: Oakland, CA
Contact:

Re: bogleheads.org under attack - may cause login problems

Post by roymeo »

bourg wrote:Whew - they didn't try correcthorsebatterystaple.

http://xkcd.com/936/
This was recently referenced in the Economist and someone wrote a letter in later to give xkcd credit for correct horse battery staple.
The sewer system is a form of welfare state. | -- "Libra", Don DeLillo
User avatar
LonePrairie
Posts: 282
Joined: Sun Mar 04, 2007 7:20 pm
Location: North Dakota

Re: bogleheads.org under attack - may cause login problems

Post by LonePrairie »

Thank you for the update, Alex.
User avatar
JPH
Posts: 1427
Joined: Mon Jun 27, 2011 8:56 pm

Re: CAPTCHA ?

Post by JPH »

nisiprius wrote:I don't think the bad guys are clever enough to do site-specific password guessing, but I would suggest that people avoid passwords that have any relationship to the name of our mentor.
nisiprius, I made this mistake, and my account was hijacked.
While the moments do summersaults into eternity | Cling to their coattails and beg them to stay - Townes Van Zandt
sscritic
Posts: 21853
Joined: Thu Sep 06, 2007 8:36 am

Re: CAPTCHA ?

Post by sscritic »

JPH wrote:
nisiprius wrote:I don't think the bad guys are clever enough to do site-specific password guessing, but I would suggest that people avoid passwords that have any relationship to the name of our mentor.
nisiprius, I made this mistake, and my account was hijacked.
Wow! Who would have guessed that the bad guys would try nisiprius as a common password. That is the mentor of whom you speak, right?
Post Reply