It has recently been brought to the attention of the team that there is a sudden increase of "login verification" codes having to be entered to be able to sign in to the forum.
After some investigation it appears this is occurring on many high profile/high traffic phpBB forum powered websites, so it is not unique to our forum.
The reason this is happening is that an automated script is being run on infected computers scanning for phpBB forums, and then attempting to log in to them by using brute force dictionary attacks. In other words, the scripts are scanning memberlists for usernames and trying to guess people's passwords by running through huge lists of common words to see which work.
Any accounts that do have such insecure passwords and could be successfully logged in to will be noted by the crackers, and probably used to spam the forum later.
We highly recommend changing, or even making your password more secure than before, to prevent anyone from accessing your account. Click here to change your password in your profile now.
Unfortunately we can't stop the forum from asking for verification codes to sign in, as this is the forum doing its job to try and combat the cracking attempt.
We'd also like to make it clear that no passwords or user data has been exposed by us, and that the only way any personal data could be accessed is if your account has an insecure password.
Here's some tips for your account passwords and what you should choose:
- Avoid single word passwords that use a word found in a dictionary. These are extremely easy to crack by these automated attempts.
- Avoid using common names or phrases, because they are easy for people visiting or some unscrupulous friend to guess.
- Do use a number, or even better, a number and a symbol in your password - e.g. bett#69.
- Try and mix the cAsE of your PaSswOrd to make it harder to guess - e.g. Dur@c3LL.
- Change your password regularly if you share or use multiple computers to sign in.
If you have any problems trying to sign in, please feel free to reply to email me at stoepsel101 (at) yahoo [dot] com.
STF Forum Administrator