Eccie accounts under attack
Just thought I would share that it seems hackers are brute forcing our accounts. I've had several occasions recently were I was prevented from logging in due to too many failed attempts/wrong password. Just saw another user complaining about the same thing. Also someone else who's account was hacked into and used to try and collect money from people.
We can change our passwords daily. But is there anything Eccie can do on their end?
All users here have at least another option or two. In addition to maintaining a strong password protocol.
Option 1:
Maintain an entirely separate hobby email just for eccie and for eccie access. Give your contacts a very different (or close to the same?) hobby email addy for email correspondence.
Yes, if your profile allows the site to forward member emails to you, if you directly reply, the site mailer will display your profile emailer addy.
Option 2:
Close your eccie email forwarding option, and require all peeps sending you messages to do so via PM. To which you can reply directly and offer your preferred-for-them-to-use email and phone data.
= = = = =
There are further security measures that sites can provide such as "user names" which are separate from "log-in names" but that requires user diligence and persistence, which may not always be common among folks in the hobby.
Also, as many financial (and amazon, etc. type) sites do, direct to cell phone text security codes, etc. These are not easily maintained and can be expensive for the sites, but much cheaper than government fines and cash losses from hacker activity.
And it just happened again...
Is there any way to get IP's from the failed attempts? And the password they made the attempt with?
Definitely something screwy going on. Same thing has been happening to me both yesterday and today.
- HUMP!
- 02-08-2017, 08:59 PM
I experienced a 12 hour period within the past 24. Contacted websupport@eccie.net and they took care of restoring my access.
Happened to me yesterday.
Yep, it happened to me a few days ago, I went to log in and it said too many failed attempts. I then had to wait 15 minutes to log in. Definitely something fishy going on.
- JodoM
- 02-11-2017, 11:19 AM
Likely not hacking, at least not hacking our accounts directly by brute forcing passwords but either bug in the website authentication code or someone trying to hack at the server.
A work around is to log into the mobile site m.eccie.net and then once logged in, change the m to www to get the full site.
I was able to get in simply be going to eccie.net, and logging in from there.
I'm getting slammed on login also
It's definitely annoying, but the problem went away for me after a couple of days. This past week was the first and only time I have experienced any login issues (so far), so hopefully it won't continue to happen. Probably just a temporary thing.
However, while you're having a problem with it, try the workarounds referenced above. See if you can log in on the mobile site and switch to the full site. I think that's been working for most people who experienced this issue lately.
You can also try logging in on the main site instead of going straight to your state or area. Once on the main site, you can navigate to the forum of your choice from there. That didn't work for me, but apparently it's been working for some.
Hopefully the problem can be fixed soon, but it seems strange that it's not happening to everyone at the same time. I've seen references to similar problems in other forums though, so apparently it's happening to a lot of us. Doesn't seem to be any rhyme or reason to it. No telling what the fuck is going on.
I wonder if there is a way to escalate this problem to make sure it's being properly addressed.
When creating a password make sure you make it complex symbols letters and numbers.. I changed mine to this & haven't had any problems