Many of you have been getting failed login notifications from our system recently. This is caused by one or more people, most recently from China, trying to guess passwords in order to gain access to accounts so they can spam our forum members. At least, that's what we believe their intentions are. All of these attempts from overseas are quickly blocked by our server's firewall after a few failed login attempts, but not before a message goes out alerting you to the login attempt.
This login attempt poses no security risk to your account or to the server. It's more of a nuisance than anything. We have gone to extreme lengths before to combat this, such as, blocking all the IP addresses for entire countries where this spam originates, but there are tradeoffs to this. The more IP addresses we add to the firewall's block list, the greater the drain on the system and the slower the server becomes. So, we have to find a good balance.
Brian and Peter review EVERY new user registration and remove all those that look suspicious. And it's fairly easy to tell who the spammers are just by looking at their originating IP address and their email address. Occasionally, we have a new user registration that looks legit, and may even come from a local Shaw or Telus IP address, but then we find them spamming, so we punt them immediately. Again, these clowns are more annoying than they are a threat.
All we can do at this point is ensure that we don't use passwords that can be easily guessed, like those in this list of worst passwords of 2014 or something like "fish123" (don't laugh, it happens). To change your password, click on "Settings" at the top right of the page (you have to be logged in). That will take you to your profile page, where you'll see a link "Edit Email & Password" under the "My Settings" section.
Cheers,
chrisp
This login attempt poses no security risk to your account or to the server. It's more of a nuisance than anything. We have gone to extreme lengths before to combat this, such as, blocking all the IP addresses for entire countries where this spam originates, but there are tradeoffs to this. The more IP addresses we add to the firewall's block list, the greater the drain on the system and the slower the server becomes. So, we have to find a good balance.
Brian and Peter review EVERY new user registration and remove all those that look suspicious. And it's fairly easy to tell who the spammers are just by looking at their originating IP address and their email address. Occasionally, we have a new user registration that looks legit, and may even come from a local Shaw or Telus IP address, but then we find them spamming, so we punt them immediately. Again, these clowns are more annoying than they are a threat.
All we can do at this point is ensure that we don't use passwords that can be easily guessed, like those in this list of worst passwords of 2014 or something like "fish123" (don't laugh, it happens). To change your password, click on "Settings" at the top right of the page (you have to be logged in). That will take you to your profile page, where you'll see a link "Edit Email & Password" under the "My Settings" section.
Cheers,
chrisp