by Tonkyhonk » Tue Jul 23, 2013 4:03 am Tonky > loftar
Tonky > just in case, would you care to see if this IP matches with one of those you had trouble with?
Tonky > viewtopic.php?f=34&t=31715&start=1170#p430994
loftar > Sorry Tonky, it doesn't seem to match anything.
Tonky >thanks loftar, just in case
loftar > Though, it's doubtful it would be useful even if it did. They're always attacking through some or another proxy.
Tonky > ah right
Tonky > well, at least a try
loftar > These days, since I added a brute-force protection to the homepage, they've even started using botnets. |)
Tonky > maybe deadlift got that from somewhere else anyways and thanks for bothering, loftar
Tonky > whats that?
Tonky > botnets?
loftar > Large collections of cracked computers.
Tonky >
Tonky > is it getting worse?
loftar > The other day, they were attacking with like 2500 different IP addresses. ^^
Tonky > omg, seriously?
loftar > Ya, srsly.
Tonky > how are you dealing with it?
loftar > I almost think I should feel honored. ^^
Tonky > cant believe someone would actually take that much effort
Tonky > lol
loftar > Indeed.
loftar > Well, last time around I simply changed the name of the login script.
Tonky > oh?
loftar > That took care of it for the time being, at least.
Tonky > are they all coming from ru uk region?
loftar > Other than that, though, botnets are kinda hard to counter. The only thing I could think of would be to add a CAPTCHA to the login prompt, but that would be kinda retarded.
loftar > Oh, no, it was computers from all over the world.
Tonky > so you can never track them, i guess?
loftar > Though they were kinda unwise about it. They were even trying to crack accounts that didn't exist, so they wasted lots of effort on that.
loftar > There were only like 150 or so accounts that they tried to crack more actively.
loftar > Including yours.
Tonky > what?
Tonky > jeez
Tonky > which accounts have been targetted?
loftar > I can only guess they were going for top posters on the forum or something like that.
Tonky > ah i see, maybe post counts?
loftar > But there were several accounts among those actively attempted that I didn't recognize at all. I couldn't quite discern what the pattern was.
Tonky > hmm
loftar > My account, burgingham and Potjeh were completely ignored, also.
Tonky >
Tonky > but jorb wasnt?
loftar > Nope
Tonky > wanna reveal about it in public?
Tonky > like give the list of the accounts that got targetted, so someone may find hte pattern?
Tonky > including the non-existent account?
Tonky > could be skype related names
Tonky > and those with weak passwords could change their passwords in case or something
loftar > I dunno. I don't think there's any point to keeping it a secret, but I can't find a reason to go through the effort to announce it, either.
loftar > If you want to talk about it, I don't mind.
Tonky > okay
Tonky > well, you could use that joco's thread
loftar > Well, the complete list is 180000 accounts long.
Tonky > lol
Tonky > any famous names you noticed that didnt get targetted?
loftar > Hmmm, true that, I guess. Someone might recognize a pattern.
Tonky > cept for yours, burgs, and potiehs
loftar > Those that were more actively attempted were the following: Driocku WarpedWiseMan hazzor Samu felixdrunk Jayrays rye130 bmjclark D4rkCraft Mopstar Tiberium AnnaC Faze gdwdalfem jorb jzz123 painhertz TeckXKnight bubba Claeyt Colin500 FearForMeh Jojjkano ListenPal Orteil Patchouli_Knowledge Senses toshirohayate Aldoreon Arcanist Azpire b3nno bitza Broken_Steel calebsnow Cranny dagrimreefah darkulrich DDDsDD999 DragenSoul dragonxkai Dze
loftar > dajus eugeneiskra evilrich FearTheAmish flimcm Garlicman Grandmaster _Gunnar Halfrex HasseKebab Jiochan jonamaster joojoo1975 Kiff LadyGoo Lilliaath MocroGunz MurderAlt mvgulik naosnule Nicstar543543 NOOBY93 nova pietin2 reuel SgtCayir shampizle skippy971282 Snackish Stormfeather SynthAura Tonkyhonk Vootje wickerman_156 Yolan 100652 AAlex ArvinJA Axucs BlackKopcap BloodyGuestUsers Borgaaz borka btaylor burgingham Cerebus987 Chrismas
loftar > crfernald Darwoth Dill Eemerald factnfiction101 Federico Grigorich Jackard jordancoles jsmith11 jtpitner Kaios Konda krikke93 Loey Lorefin LostJustice Mageinta maze MrGemini Nictos Ninijutsu Nummy overtyped Ozzy123 pacotaco PrincessMuggle rawr548 refuge Rejected_Logic richc rickfish RnRa rogoku sabinati sayane Serejai serpentyngallery Shayne Shiro_kun stanley1979 StinkFist talon00302 tothedome Twillight UzU123 Vaku ValerieHallaway Va
loftar > lten21 Vert Volk0n whiskeypete xXGhostxX blackhead dafels SarahJ ramones chris1122 kris_hole Robben_DuMarsch
loftar > Hm, it seems my IRC client split the line into multiple messages. Don't mind that.
Tonky > its fine, i can just copypaste these if you want
Tonky > heh, maybe i should make my pass even stronger
loftar > I don't think they actually did manage to crack any of those accounts in the end, though, but I wouldn't know for sure.
Tonky > im almost always logged in, so they cant log in, can they?
loftar > Since all the attempts were from different IP addresses, it's hard to tell if a successful login would have been malicious.
Tonky > right
loftar > Why, yes; one can be logged in at multiple computers at once.
loftar > Or, you mean, ingame? In that case, no.
Tonky > hmm?
Tonky > so i can log in to my forum account at one computer and also from another computer?
loftar > Yes.
Tonky > oh im not always logged ingame
Tonky > maybe i should
loftar > Nah, I don't think there's any particular reason to.
Tonky > but not like i got good char or village in my account anyways
Tonky > is it easy to crack?
loftar > Nah, not particularly. Even among those accounts listed, they only tried some 200-400 different passwords.
loftar > If your password is even moderately secure, that won't cut it.
Tonky > oh okay, not sure how much would be "moderately secure" though
loftar > Well, think of how many password variations you could try with 400 attempts.
loftar > You wouldn't get a lot further than simple variations on the username or a list of really commonly used passwords like 123.
Tonky > ha ha
Tonky > ill copypaste this convo onto that joco's thread, if you dont mind, loftar?
loftar > It would be a different thing, of course, if they really targeted some single account and tried tens of thousands of passwords for that account alone, but they haven't done that thus far, it least.
loftar > I don't mind.
Tonky > right
Tonky > letting this known to public may give them a second thought maybe? or would it make them escalate?
loftar > I'd be very happy if I managed to track down who's doing it. My nuke-finger is very itchy.
Those that were more actively attempted were the following:
Driocku
WarpedWiseMan
hazzor
Samu
felixdrunk
Jayrays
rye130
bmjclark
D4rkCraft
Mopstar
Tiberium
AnnaC
Faze
gdwdalfem
jorb
jzz123
painhertz
TeckXKnight
bubba
Claeyt
Colin500
FearForMeh
Jojjkano
ListenPal
Orteil
Patchouli_Knowledge
Senses
toshirohayate
Aldoreon
Arcanist
Azpire
b3nno
bitza
Broken_Steel
calebsnow
Cranny
dagrimreefah
darkulrich
DDDsDD999
DragenSoul
dragonxkai
Dzedajus
eugeneiskra
evilrich
FearTheAmish
flimcm
Garlicman
Grandmaster
_Gunnar
Halfrex
HasseKebab
Jiochan
jonamaster
joojoo1975
Kiff
LadyGoo
Lilliaath
MocroGunz
MurderAlt
mvgulik
naosnule
Nicstar543543
NOOBY93
nova
pietin2
reuel
SgtCayir
shampizle
skippy971282
Snackish
Stormfeather
SynthAura
Tonkyhonk
Vootje
wickerman_156
Yolan
100652
AAlex
ArvinJA
Axucs
BlackKopcap
BloodyGuestUsers
Borgaaz
borka
btaylor
burgingham
Cerebus987
Chrismas
crfernald
Darwoth
Dill
Eemerald
factnfiction101
Federico
Grigorich
Jackard
jordancoles
jsmith11
jtpitner
Kaios
Konda
krikke93
Loey
Lorefin
LostJustice
Mageinta
maze
MrGemini
Nictos
Ninijutsu
Nummy
overtyped
Ozzy123
pacotaco
PrincessMuggle
rawr548
refuge
Rejected_Logic
richc
rickfish
RnRa
rogoku
sabinati
sayane
Serejai
serpentyngallery
Shayne
Shiro_kun
stanley1979
StinkFist
talon00302
tothedome
Twillight
UzU123
Vaku
ValerieHallaway
Valten21
Vert
Volk0n
whiskeypete
xXGhostxX
blackhead
dafels
SarahJ
ramones
chris1122
kris_hole
Robben_DuMarsch
if any of you can find some patterns from the list above.
*edited for the split name*
