Hack attempts / Spam PM's: MAKE SURE your password is STRONG

[MetroMPG]

Today several members reported receiving spam PM's sent by another member who hasn't been active in the forum for a long time:

Someone may have hijacked this guy's profile. Looks like he hasn't really been active for 3 years otherwise.

This is exactly what happened.

How? Because he used a weak password on his account and a "hacker" guessed it, and then used the hacked account to send out spam PM's.

In the last week or so, the forum has been under a pretty steady "brute force attack", where someone (or some bot) was going through usernames and trying to access the account by guessing the passwords.

This is actually a common occurance on forums, and it's the reason the forum software locks your account for 15 minutes if you enter the wrong password 5 times in a row. (We've also had members contacting us this week saying they were notified in an automated forum email about the 5 times/lock event affecting their account, even though they hadn't done anything. This is because the bot/person was trying to access their account... and failed.)

We can't block this kind of thing via IP address, because they are coming from multiple addresses which are regularly changing.

THE SIMPLE WAY TO DEAL WITH THIS is to make sure your account has a strong password:

EG:

>>> How to Create a Strong Password (and Remember It) <<<

• Has 12 Characters, Minimum A longer password would be even better.
• Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters
• Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
• Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

More tips for creating an even stronger password that's easy to remember: How to Create a Strong Password (and Remember It)

Don't get caught using one of the most common weak passwords:

SplashData has announced its annual list of the 25 most common passwords found on the Internet – thus making them the "Worst Passwords" that will expose anybody to being hacked or having their identities stolen.

1. 123456
2. password
3. 12345
4. 12345678
5. qwerty
6. 12345678
7. 1234
8. baseball
9. dragon
10. football
11. 1234567
12. monkey
13. letmein
14. abc123
15. 111111
16. mustang
17. access
18. shadow
19. master
20. michael
21. superman
22. 696969
23. 123123
24. batman
25. trustno1

More: "123456" Maintains the Top Spot on SplashData's Annual "Worst Passwords" List

Strengthen your password:

If you want, update your password with a better one via the user control panel: http://www.aveoforum.com/forum/profi...o=editpassword

[2010AveoLT]

there's a scene in the Sci-Fi Spoof movie Spaceballs that conveys this PERFECTLY:

[MetroMPG]

Ha! Nice.

[petrified.rabbit]

I'm still using the password you sent out when you overtook the forums.

[MetroMPG]

Haha. I forgot about that. Is it any good?

Unfortunately I can't tell whether the hacked account was using one of those.

[xintersecty]

there's a scene in the Sci-Fi Spoof movie Spaceballs that conveys this PERFECTLY:

Just think, then became now and Mel Brooks figure out the internet. Thanks for posting the obvious! Walk this way! No this way!

[MetroMPG]

FYI, the hackers were at it again this weekend. We got multiple reports of "failed login notifications" from members.

Make sure your password is good!

/Public_Service_Announcement

[MetroMPG]

Bump!

Another member's account was compromised in the last couple of days and used to spam other members via private messaging.

Use a strong password!