All night and morning, someone has been guessing usernames/passwords to try and break into our member's area. This happens once in a while. What's up with that crap? Why would someone be so persistent after failing 200 or 300 times?!

they're probably not guessing - they have a program doing the guessing. chances are they do that with a lot of sites. is it all from 1 ip?

Every attempt is from a different IP or else Strongbox would just block the IP, I think. Each attempt is a different IP and different username. I just wonder how much this attack is slowing down the server. :no:

Ah wait, I'm wrong. Strongbox will no automatically block a troublesome IP. Stongbox suggests that you add the IP to your htaccess. Anyways, htaccess wouldn't work in this instance since every attempt is from a different IP.

What happens is hackers decide to target your site and they run an automated program that cycles through IP addresses (proxies) and also cycles through their known good password lists, which are list of u/p that have worked in the past for other sites. This is the exact reason why we moved to forced random u/p, to stop members from joining with the same u/p that they use for every other site. And don't underestimate the laziness of people, given the chance most will use the same u/p for all their memberships and we already know that people who join sites have likely joined other sites in the past as well.

What happens is hackers decide to target your site and they run an automated program that cycles through IP addresses (proxies) and also cycles through their known good password lists, which are list of u/p that have worked in the past for other sites. This is the exact reason why we moved to forced random u/p, to stop members from joining with the same u/p that they use for every other site. And don't underestimate the laziness of people, given the chance most will use the same u/p for all their memberships and we already know that people who join sites have likely joined other sites in the past as well.


Ah but we had such a negative reaction to forced random usernames. I don't think I'd ever do that again. It seems so many members never get their email confirmations from CCbill. They must go straight to bulk/spam. We had non-stop complaints.

We have been doing it for years and in that time I only ever got one complaint.

We have been doing it for years and in that time I only ever got one complaint.


Isn't that funny? We had just a terrible time with it. lol

Isn't that funny? We had just a terrible time with it. lol

Maybe Luke's customers are more computer literate... or don't have spam filtering :)

Maybe Luke's customers are more computer literate... or don't have spam filtering :)

Every single member of UKNM is a certifiable genius! It must be the spam filter then. ;)

I just wonder how much this attack is slowing down the server. :no:

It's slowing it down for sure as strong box is a script.

Why not try Proxy Pass? I love that system. As a compiled apache mod it stops attacks earlier in the apache cycle.

It's slowing it down for sure as strong box is a script.

Why not try Proxy Pass?


Because I love Ray! Strongbox has served us well... no complaints. And the attack has finally stopped. Lol, maybe they finally just got into the site.

Well. I love you to! But I am not a member of UKNakedMen!

The most proxy attacks I've seen proxypass stop is 11,000-ish within a 24 hour period. You could lay awake worrying about it...

We had a "lovely" 3 days of the same - up to 150 ish per day and now not one !