AGF attempted hacking

Methos1979 · #1 06-09-2021, 10:15 AM

I have now received two emails from AGF admin that there were failed attempts to log into my account. Each time someone attempted to login 5 times which apparently triggers the alert email. I went into Google passwords and the AGF password came up as compromised. I changed it immediate.

Just wondering if anyone else has had this happen recently.

Kerbie · #2 06-09-2021, 10:28 AM

I'll let our admin know, but it's always a good idea to keep passwords fresh. I have not had that happen, but bad guys are on the web 24/7. There are usually almost ten times the number of people looking at the forum as there are AGF members online here.

Jeremy · #3 06-09-2021, 10:42 AM

The AGF itself hasn't been compromised to my knowledge. If you've used the same password elsewhere on the web it's possible the compromise happened there.

Dirk Hofman · #4 06-09-2021, 10:48 AM

The issue doesn't sounds like the password is compromised, rather that there are bots making multiple attempts at breaking passwords. Not sure there's anything to be done about it, but maybe there are some admin tools which can help.

Kerbie · #5 06-09-2021, 10:58 AM

Quote:

Originally Posted by Dirk Hofman

The issue doesn't sounds like the password is compromised, rather that there are bots making multiple attempts at breaking passwords.

Certainly possible. Bots view us all the time.

rllink · #6 06-09-2021, 03:35 PM

I'm not saying we shouldn't be aware and take steps, but what the heck would someone want to accomplish by trying to log in as one of us?

Kerbie · #7 06-09-2021, 03:37 PM

Quote:

Originally Posted by rllink

I'm not saying we shouldn't be aware and take steps, but what the heck would someone want to accomplish by trying to log in as one of us?

Either to use the PM system trying to scam guitars or to post scammy sale ads in the Classifieds.

Mod warning...

steelvibe · #8 06-09-2021, 04:36 PM

Up to 8.4 Billion passwords hacked just today. If you bank online you should change them asap. That’s a LOT of passwords

https://www.msn.com/en-us/news/techn...BingNewsSearch

rllink · #9 06-09-2021, 04:49 PM

Quote:

Originally Posted by Kerbie

Either to use the PM system trying to scam guitars or to post scammy sale ads in the Classifieds.

Mod warning...

I guess that makes sense.

Jim Owen · #10 06-09-2021, 06:16 PM

If someone uses my user name to make fun of Gibson pickguards or to root for the Yankees, there’s been a hack.

Kerbie · #11 06-09-2021, 06:17 PM

Quote:

Originally Posted by Jim Owen

If someone uses my user name to make fun of Gibson pickguards or to root for the Yankees, there’s been a hack.

That would be a dead giveaway. We'll file that away for future reference, Jim!

Methos1979 · #12 06-09-2021, 07:30 PM

Quote:

Originally Posted by Kerbie

Either to use the PM system trying to scam guitars or to post scammy sale ads in the Classifieds.

Mod warning...

This is what I was thinking about. For the record, I got a third notice today.

rsay777 · #13 06-10-2021, 05:31 AM

I've considered using PW managing software to keep PW's encrypted when logging into sites. Until I do I keep banking PW's complicated and only used for the Credit Union. I like the idea that the financial institutions use a 2 step login like send a code via text to my phone.

Currently about like twice a week I get an email stating that someone has attempted to login to my Facebook account and to please click "here" to correct this issue. Funny thing......I DON'T HAVE A FACEBOOK ACCOUNT.

Methos1979 · #14 06-10-2021, 05:47 AM

I have started using the Google 'suggested password' function. It's always some hugely complicated and long password and they remember it for you. So as long as you're synced across your devices you don't have to remember them. I also much prefer websites that use the two-step process. I got into a bad habit of using the same password across multiple sites. I've got like 53 passwords in Google and it just became too hard to remember. But then when one is compromised then it puts many at risk. Hence moving to just the Google function.

Jeremy · #15 06-10-2021, 08:17 AM

Quote:

Originally Posted by Methos1979

I have started using the Google 'suggested password' function. It's always some hugely complicated and long password and they remember it for you. So as long as you're synced across your devices you don't have to remember them. I also much prefer websites that use the two-step process. I got into a bad habit of using the same password across multiple sites. I've got like 53 passwords in Google and it just became too hard to remember. But then when one is compromised then it puts many at risk. Hence moving to just the Google function.

There is a two-factor authentication plugin for this software that I recently tested with the site. Unfortunately, the plugin caused some major problems and I was unable to implement it here.

In lieu of that I suggest to all to use a complicated not easily guessed password that isn't used anywhere else and to change it often.