We have been receiving a lot of attention coming our of China lately. It seems that spam bots have been trying to use brute force to try to crack our members passwords. If you have received a "Failed Login Notification email", then they have tried to hack your account. Please so not worry, the software is responding the way it should. If your password id a good password you have nothing to worry about- the vBulletin software and the 15 minute lockout prevents "brute force" attacks from being successful.

They are probably trying the 5 most common password such as:

1) your username
2) password
3) 1234
4) 12345
5) 123456

If you password is any of the above (or close to it) you should change it to a real password ASAP.If you password is any of the above (or close to it) you should change it to a real password ASAP. Also if you receive any PM's that seem out of the ordinary, please do not open any links and report the PM so we can look into the problem. Thanks.

Mine is so vague I doubt they'd ever get to it...

Thanks for the heads up :-) They'll go after anything.... !!!!!!
Plumdragon

I had a PM this morning from a banned member. Don't remember the name.
Had to do with earning quick money. I just threw the PM away instantly.

Bruno

just had a pm from someone called Wildman with the same advert. Deleted it right away

Yes it appears that Wildman's account was hacked. Please disregard any PM from him for now.

Now that you mention it I did get a message about someone failing to log in to my account 5 times about a week ago. They'll never get my password!!!!!!!!!

Hi , I also have received a message this morning from - Wildman - message removed
Henryk.

Sometimes I have trouble thinking up some stronger passwords easy for me to remember. So what I do is use this website to generate several at once so I can either pick the easiest to remember or use one of them as a starting point to change letters, numbers or special characters into a password I can remember.


Security Guide for Windows - Random Password Generator (http://www.pctools.com/guides/%20password/)

Dammit, you guessed both my passwords!
But I was smart...I just combined them to make a super tough password. "password1234567890"

...

LOL seriously...
I have a buddy, who for years, has made up a new random password ,
off the top of his head, for every site he visits and joins.

He has never been able to log back into the same site twice.

...

Sometimes I have trouble thinking up some stronger passwords easy for me to remember. So what I do is use this website to generate several at once so I can either pick the easiest to remember or use one of them as a starting point to change letters, numbers or special characters into a password I can remember.


Security Guide for Windows - Random Password Generator (http://www.pctools.com/guides/%20password/)

I just tried it.
it didn't work for me.
It didn't guess any of my passwords.

I just tried it.
it didn't work for me.
It didn't guess any of my passwords.

You didn't check the box marked "Airdave's Password List"

Cats name + year of birth
A harder password is cats name + year of birth + wallpaper colour/pattern.
tibbles72wonderwoman :)

My email was hacked once from China, perhaps on reflection, because I used unusual words that probably appeared often in my internet exposure. I now use mispelt words, combinations of keystrokes and instead of adding bits together, interlace words like this: 'ltihkies', something that is difficult to predict but easy to remember!

Of course since hackers bots are probably reading this thread, I don't actually do any of these things!

I just signed up for a skype account and immediately got three solicitations! These bots appear to use psychologist's method of interogation, so bewary. I simply ask the bot to type a word backwards, that seems to work.

If you are using a recently purchased LENOVO laptop, you should change the passwords you used on it after removing the embedded spyware.
See this post:
http://www.papermodelers.com/forum/software/32138-lenovo-laptops-pre-installed-spyware-malware.html

I had read your thread concerning the lenovo laptops John, and i have to say, that's one really fishy malware for sure (ha ha)
About password issue, my brother use pattern on the keyboard instead of words, for instance 'zse4rfvcx' made a triangle on the keyboard, though it only works for single type of keyboard (on QWERTZ keyboard that would be 'yse4rfvcx'), or you could use the numpad to create smartphone like codes (which my bro uses)
But again, that's my bro's idea, he's one source of creative but ocasionally impractical idea on my family (but i kinda liked this one!)

No one pm'ed me or gave me any block out messages, but I think I'm going to make a tougher password write away!

Thanks for the heads up,
John.

I just got a suspicious pm from a Dalmi. Heads up guys and girls.

I got one too from the same user! I deleted the PM!

I am #3. "Dalmi" asked me if I would be interested in
"hot sales at government and police auction for Cars, Trucks, SUVs" and tried to lead me to an auction site or something like that. Too bad I got my Hummer last week. With Sean Connery as chauffeur. :)

Anyone more to start a "Dalmi club"? ;)

P.S.: I have deleted the PM and changed my password, too. :cool:

Well, I'll be #4 then that has received attention from Dalmi.
I'm not interested in cars, I'd rather stick to my bike........

I might check out the government auction. I could always use a new tank for heavy traffic days

I also received a message from "Dalmi" about an auction. I assumed it was spam, but I was surprised to see it in the private message section here.

Hello Admins,

Dalmi is "banned", but how he can send with that status private messages?

Yesterday I had one from him, I didn't delete it, so maybe an admin is able to track how he works. I explitzit allow an admin for this purpose to examine my input folder for private messages.

Changeing a password, doesn't help, only prohibit receiving pm's.

Greetings peaceglue

He was banned after the reported private messages....unless you received a private message from him within the last 30 minutes. Then Jason would need to know so he can adjust forum settings, if possible.

I also received a pm from him. a few hours ago, and deleted it.

I too received a PM from him -- it's on its way to the trash.

Got one too. Reported and deleted.

Did anyone receive a message from dalmi ?
It was about government auctions...Also a banned username... Really on a papercraft forum.. They probably work for Alice express....

Also got one. Deleted.

Heh-

I feel like the last kid picked for kickball, I haven't got one yet.

However, I did get an illegal login notice back on February 9, so maybe I should be thankful it's not my account sending messages about surplus tanks and such. :)

Recent research regarding passwords has shown that a phase or sentence is far stonger then one of those upper case lower case letter symbol number mixtures.

Its the length that actually improves the security.....

There is a place in Wales called Llanfairpwllgwyngyllgogerychwyrndrobwllllantysilio gogogoch...

THEY KNOW HOW TO DO IT!!! ;):):cool:

That's perfect!

PS You missed an "l" I think!

I'd hate to sign up for anything being from that town:

City born in: see back of paper

Amazing how quickly this thread has grown. I used to teach a course on Inet practices, and used to suggest that a good way to create a password that you will remember are by using mnemonics or rebus-like effects.

An example (although bad because it is too common and too short) is CUL8R. The phrase ideally doesn't mean anything in particular, such as "One Freighter At Noon" or "1fr8r@12". Add punctuation to break it into logical break points such an old phone number no longer connected to you such as (another bad example) PENN.6.5K. Phone number passwords are good in that you can leave them on your desk in plain sight along with all the other odd phone numbers on a desk. Actually taking advantage of the numeric aspect of the phone keys does allow you to leave passwords in relatively plain sight at least as reminders (just don't make it obvious like writing - my visa - username (914) 555 -3455 on a piece of paper in your wallet)

As far as I know, pretty much all password services accept "." but not all accept #,@,&, or _, but if it's allowed it they can be handy for these cryptic numbers and phrases because of the additional meanings, @ is "at" or "a", or # is pound or number or hash, or expletive and so forth.

On the whole, it doesn't pay to make it so hard you can't remember it. It is mostly a question of size and variability - also importance. Your bank pw should be really hard and different from all the other ones...your forum one...well, what does admin say (I mean if you are on a lot of forums, are you going to come up with a different one for each?)

p.s. FYI, Needless to say, by my very writing of these examples, all of the literal examples given above have been rendered worthless as passwords

I got the notice today from the system here. I logged in just to make sure. Makes me wonder why anyone in china would want to crack this kind of group. Don't they have enough of their own paper models?

There is a place in Wales called Llanfairpwllgwyngyllgogerychwyrndrobwllllantysilio gogogoch...

THEY KNOW HOW TO DO IT!!! ;):):cool:

been there.takes ages to read the sign on railway station as you go through:)

I too received notice today(first time ever) of 5 or more login attempts. I thank our webmasters for providing the information.
I traced the IP given to a datacenter in Provo Utah, contacted them. They replied and gave additional info the IP was used out of a company called VLAN24 in the LosAngeles, CA area. They also mentioned i may get a request for more info from the LA company.

Guess to be on the safe side, will change my password anyway since I can't remember how long it has been in use.
But then again, some computer programs can probably crack one password just as well as the next.

While it might be true that any password can be cracked by brute force, it requires an unlimited number of attempts. In the case of our forum, they have 5 tries before their ip is blocked for 15 minutes. So if you use a decent password you should be safe.

Jason

More notifications of failed attempts. Whomever this is sure is persistent. nThe 5 tries and locked out is a great help to us all. My thanx to PaperModelers for using this method to help keep all of us safe.

I would like to know if our profile page can be seen by non-members. The reseason I ask is because what if the hackers are not after models but member names and cities where they live. It would not be too hard to get phone numbers, and try scamming calls to the members. I am going to remove my name and place where I live. I am not being unfriendly just carefull.

I would like to know if our profile page can be seen by non-members. The reseason I ask is because what if the hackers are not after models but member names and cities where they live. It would not be too hard to get phone numbers, and try scamming calls to the members. I am going to remove my name and place where I live. I am not being unfriendly just carefull.

Didn't think about this myself until I read your post. Quite possible....I'll let Jason know. Thanks!

Yes, if someone can guess your password then they have access to your account. Much like if they guess your password to your banking website or pin number for that matter. The key is to actually have a password that is not easy to guess. Unlike other websites we only keep your name, phone number and email. Scammers do not need your name or number or where you live as that information is free on the internet in most cases.

Jason

Do members who have been posting, and doing build threads have greater download capabilities than someone who just joined and have posted 10 times? I am asking because the staff should or would have unlimited making them prime targets, but because there is always somebody on staff on here at any given time, then the next logical people to hack would be long time members if they have a greater download privileges.

I ask because I received an e-mail saying that someone tried to hack my account. Two days later a person called my home with a Chinese accent at least that is what my wife said. He was demanding remote access to my computer using scare tactics. I ran all numbers that day and some were tele-marketers. None were associated with what the person claimed to be.

Just received another call, but nobody was on the line (607-733-1419 Elmira NY). I checked it out, and an article said “I received a call from this number today claiming to be MS Windows support, calling about a problem with my computer. It's the second call of this type I had in 24 hours, the 3rd in a week. Needless to say, this is a scam; I don't even own a Windows computer. It's just a way to try to get credit card info and/or gain remote access to your PC.”Ten more replies on that website said basically the same thing for the same numbers.

Anyway wasn’t sure if the two things were not related, but I thought I would say something on here in case other members receive similar calls.

You will probably receive that kind of phone call from diferent phone numbers. They spoof the CallerID so it reads whatever they want it to read. I have received phone calls with my name and number showing on the CallerID.

You can register all of your phone numbers with the Do Not Call list, but those scammers ingore that list. You can block the phone number calling you, but they will just change the number.

Another scam making the rounds is for senior citizens to get an alert service and $5000 in free groceries. That is just another phishing scam to get personal and financial information.

Well, the Microsoft scam is the largest scam going in Canada and has been all over the news lately. If you have a phone, they are able to target you. There is no relation to someone failing to guess your password.
As to the downloads there are two groups. Members and people who have only registered. Members are able to download more per day.

I wasn't sure, so I had to say something. Thanks for the information. I am just up set because it was more than just "your computer will crash unless you let me remote access it". I said he demanded access or else. I knew the or else was a lie, but my wife who not in great health didn't know, and it almost put her in the hospital. anyway thanks for talking to me. I am just a little emotional right now, so if this is in the wrong place to say this or I said something wrong over look me please.

Yeah, there are lots of scum out there. It is a scam that has been going around and they seem to be stepping it up. A couple weeks ago, they threatened to kill a guy up in Canada if he did not let them access his computer. No one would have believed him if he had not taped the conversation. Here is the link. 'Microsoft tech support' scammer recorded threatening to kill B.C. man (http://www.cbc.ca/news/canada/british-columbia/microsoft-tech-support-scammer-recorded-threatening-to-kill-b-c-man-1.2980453)

Thanks for the link Jason....heard that recorded call on the news link. Those scammers are bold. Hopefully he gets/got caught.

Blake, there are a couple other threads on the forum on the same scam:
http://www.papermodelers.com/forum/cardboard-lounge/30054-telephone-computer-scam-warning.html

http://www.papermodelers.com/forum/cardboard-lounge/29213-public-service-announcement-all-dont-fall.html

I don't think my account has been hacked, but I changed my password just in case. I wish the people will stop hacking into people's accounts so all of us paper modelers can live without worries.

Thanks 3Turner, Jason, and SECtoAUX for your help and support. Your advice, and those links have helped calm down our nerves.

Having an issue with the website. Started a couple of hours ago.

-------------------------------------

Click on UNREAD POSTS.

The page comes up and shows the first 21, but there is then no way to proceed further.

The NEXT radio button is missing etc.

Am sure it is not my machine etc. as I have rebooted and so on and so on, and this makes no difference.

Any changes made to the site?

Working again.

Strange - and I did not make any changes!

Think mine was hacked aswell considering I've had to keep changing passwords courtesy of emails sent to me, if that's the case gonna take my Flickr info down for now on here until all is settled.

Ben, if you have been receiving emails to change your password from Papermodelers forum, do so immediately. Especially if you think someone was able to log into your account without your knowledge.

Everything on the forum is settled as much as it can be. There are security features Jason mentions above to prevent someone from guessing a more difficult password....brute force attacks will be stopped after 5 attempts. By then, you should receive an email notifying of the log in attempts or something similar.

Of course, passwords to any website or account should be difficult to guess. And don't use the same password through all websites you access with an account. I usually use this website to generate some passwords, 12 characters with upper, lower, numbers and special characters mixed in, 50 at a time, and I pick the one that is easiest for me to remember. Sometimes I have to run the generator a few times to get a good password or I combine several lines into one I can remember.

https://identitysafe.norton.com/password-generator/

ok i too have problems only after 2 month as member my google browser turned to Russian. do not know if it had to do with this site but has never happened before! GOOD NEWS it corrected back to English, has anyone out there had this happen to them?

PM wouldn't cause your browser to turn to Russian.

Been a member here since the beginning, and have never had a problem.

Well, except for a server glitch once....

If you use a word as a password, be certain to use both upper- and lower-case letters. Throw in a number and special character or two to make brute-force hacking difficult. Think of the ASCII code and the number of possibilities.

computers will kill us all and the hackers too! I only use cash and it too may be faked!

I chop my passwords from phrases. For example: "Don Bose #1 has the most postings!" becomes DB#1htmp!. I don't know if the hackers have worked this into their systems, but symbol substitutions such as "2" for "to" and "@" for "at" meet the special character requirement.

thanks,but......

Here's a fun comics (https://xkcd.com/936/) regarding passwords :)

Sorry, I wasn't much help on generating phrases. What about a kernel such as North American P-51 Mustang (NAP-51M) or Consolidated B-24 Liberator (CB-24L) with a few lower-case swaps? Just add an introduction or closing for padding or run two together.

I've had serial numbers tucked away in an Important Information File for years. My printer s/n is 15 characters and numbers. MS Office's serial number is 25 characters and numbers long. I save activation-license-keys pages in Goggle Archive. For older veterans, a service number probably doesn't require hard copy.

Use Book Code encryption to reference a start. For example, 4(6) would begin at the fourth character and use the next six characters. As a check on the count, the reference could include the starting point counted from the end--4/15(6) in the printer example The notation would be "Printer 4/15(6)". As an aside, credit-card numbers could be used to generate a bank pin, with the reference kept separately in the wallet.

Check out Zarkov's cartoon link in his last post. How true!

you guys are great, it is ashamed that i cannot use these for stand-up comedy!

computers will kill us all

But at least they look good doing it!

Curt

hi
welcome to this forum site , here you can find lots of things , i suggest you , for your question you have to contact any other expert , right now i have no knowledge about your query sorry for that .

good day my name is charl. i am new here can someone help me
:eek:

good day my name is charl. i am new here can someone help me
:eek:

What do you need help with?

A strong password can quite simply be a slogan, seriously.

The length makes it extremely difficult for an algorithm to solve...

For example... "freshorangejuiceinwintergivesvitC" plus whatever numeric or symbol substitution you use/want.

You don't need to remember complicated passwords. If you don't want your browser to remember them for you then just write them down using pencil and paper.

I have my passwords generated using a phrase as the base then use Keepass to store them all. Keepass also has the key generator.

hi
welcome to this forum site , here you can find lots of things , i suggest you , for your question you have to contact any other expert , right now i have no knowledge about your query sorry for that .


..............................

..............................

What are you trying to say?

What are you trying to say?

LOL shhh maybe its secret.

LOL shhh maybe its secret.

and we haven't released the secret decoder rings yet either

Awe, go on, pleasepleasepleaseplease. I neeeeeeed a secret decoder ring, the one I have cannot strain carrots.

Hello guys!
Im newbie here!)

Why am I being told I'm not logged in after I get the thank you for logging in message?

I don't understand what these people aim at when trying to hack a password on such a forum. Just for fun, as teenagers, or something else I cannot figure out?

I don't understand what these people aim at when trying to hack a password on such a forum. Just for fun, as teenagers, or something else I cannot figure out?


A lot of it is automated. The idea is that if somebody lazy has used the same password on lots of sites then having it might potentially grant access to somewhere that the hacker can make some kind of financial gain. As well as that, the bot likely doesn't care what the site is; if it has a login it's worth trying to crack in.



Most personal information also has a value in the present day, and can be sold for various nefarious purposes ranging for targeted ads to wholesale identity theft.


If this all seems scattergun remember it's the same thinking as putting lots of guns in an aircraft and hoping that if enough rounds are shot in roughly the right direction they might hit something.

We have been receiving a lot of attention coming our of China lately. It seems that spam bots have been trying to use brute force to try to crack our members passwords. If you have received a "Failed Login Notification email", then they have tried to hack your account. Please so not worry, the software is responding the way it should. If your password id a good password you have nothing to worry about- the vBulletin software and the 15 minute lockout prevents "brute force" attacks from being successful.

They are probably trying the 5 most common password such as:

1) your username
2) password
3) 1234
4) 12345
5) 123456

If you password is any of the above (or close to it) you should change it to a real password ASAP.If you password is any of the above (or close to it) you should change it to a real password ASAP. Also if you receive any PM's that seem out of the ordinary, please do not open any links and report the PM so we can look into the problem. Thanks.
i have been away for awhile (health reasons concerning my lower back and a few other things that HE put in for fun). I'm back, hello everyone! I do have a question: does anyone have the template or the link for the Warehouse 13 Farnsworth device? the model was dedicated to me, because my father had just died. i've been searching everywhere with no luck. please help me. thank you for reading this.



















he

i have been away for awhile (health reasons concerning my lower back and a few other things that HE put in for fun). I'm back, hello everyone! I do have a question: does anyone have the template or the link for the Warehouse 13 Farnsworth device? the model was dedicated to me, because my father had just died. i've been searching everywhere with no luck. please help me. thank you for reading this.



















he
i forgot: you can email me at "[email protected]"

Otaku Crafts: Warehouse 13 Farnsworth Ornament (http://otakucrafts.blogspot.com/2013/12/warehouse-13-farnsworth-ornament.html)


Good luck with the health issues

Awful reading through this thread seeing the number of deceased members who engaged here.
I know their names pop up in other threads, but to see one after another like this is chilling.

Anyway...back on topic....

Passwords...to make it easier today, many of us use random password generators.
There are apps you can buy that allow you to generate a random password and keep track of it.

But there are also free online services (which is what I use) to create the password.
Just do a Google (or whatever) search for "random password generator".
Like this one: Random Password Generator | Create Strong Passwords | Avast (https://www.avast.com/en-ca/random-password-generator#pc)

All you do is enter the length of characters needed (the more the better)
and select the combination of characters required.
Then hit generate.

I suggest you write down the password to remember it, or if you use a password manager like BitWarden, it will allow you to record the password for the site.

...
Web attacks.
Just recently I've noticed an increase in attempts to get into my Microsoft account.
(I get emails with my "one time passcode", stating that if I didn't request one, to just ignore it. Obviously someone else tried to log into my MS account and a passcode was automatically sent out)

You can check your MS account online and see activity, such as failed log in attempts.
I see half a dozen attempts every week, often from Chinese and Russian sources (but now many other places).
Mostly automated I think.
But the passcode generation means someone requested it (to get in).

I've also noticed in the past few weeks, an increase in rejected registrants trying to sign up at my paper model forum.
Since I manually vet every sign up, I check IPs and Emails against various blacklists and reject/ban them if they show up on any of those lists.

I'm also tough on suspicious User Names...things like "ImAHacker", so be warned. lol.

...
I changed my MS acct password today, because my standing one didn't seem to work.
Just in case, I changed it.
You can view your log in activity here: Check the recent sign-in activity for your Microsoft account - Microsoft Support (https://support.microsoft.com/en-us/account-billing/check-the-recent-sign-in-activity-for-your-microsoft-account-5b3cfb8e-70b3-2bd6-9a56-a50177863357)
You just have to sign into your MS acct.

Take a look at the number of attempted log ins to my acct in the past couple of weeks.
You'd think I was someone important!

I can click on any of the entries to see more details about exactly where (IP and location) the attempt came from and why it failed (eg incorrect password).