Dear members of TFSA,
I advise that there is currently a distributed brute force attack trying to gain access to member profiles on TFSA.
It is a particularly clever attack that has attempted to be stealthy in that it is not triggering the user profile lockout limit (which is triggered when there are 5 unsuccessful log-in attempts from the same IP address). It is doing so by using a very wide range of IP addresses and appears to be deliberately stopping short of making too many attempts from the same IP address.
So far I have identified 7 hacked profiles - all of which fall in the category of dormant (generally never posted or not logged into for over a year). However, other than seeing a steady stream of failed login attempts at a rate of 3 to 5 per minute in the activity log, I can't see which user profiles are being attacked.
I am working on a way to blunt this form of brute force attack without triggering a flood of warning emails to legitimate users of the site. In the interim I ask that regular users in particular ensure that they have strong passwords that would make their profile difficult to hack.
Did you like this article? Share it with your favourite social network.