[StarSlayer]

Just got dumped out a sec ago when going from the home page to GD.

[Nohiki]

I'm getting dumped all day, when i restart the browser, which could be cookie-related. Didn't somebody set the session/cookie time to 0 by any chance?

[newman]

Yep, happened again several times. But you get the picture by now

[Fury]

I think I know why this is happening. There is already almost 400 counts of incorrect login passwords in the forum error log in the last six hours. SMF logs out the user if someone enters wrong password three times. Looks like someone has launched different kind of spam attack upon HLP, trying to log in as already registered users to post spam.

This certainly would explain why this is do bloody random. Not sure what can be done about it though.

[Shade]

That actually makes sense. If whatever bots are trying it manage to find even one weak password and successfully log in, the spam would be a much greater chore to get rid of as simply deleting the user wouldn't be an option. Too bad there's not much to be done about them trying.

Guess it's time to stop using '12345' as my password.

PS. Had to log in again to post this. Figures

[Snail]

I have no idea why, but that just gave me goosebumps. Seriously, I'm freaked out man. How can we know who is and who isn't one of them?

[Shade]

Yes, there could be hordes of bots hiding among us, making perfectly rational posts and releasing new models and campaigns to hide their identity!

[Spicious]

SMF logs out the user if someone enters wrong password three times.

That seems exactly backwards.

[General Battuta]

Dear Friend,

Compliments of the day to you. By way of introduction,I am Saskia Opel,
a staff of Private Banking Services at the CIMB Bank (Malaysia).
I would respectfully request that you keep the contents of this mail
confidential and respect the integrity of the information you come by as a
result of this mail.

I have a business proposal which I believe would be of interest to you. It
concerns a deceased client who deposited The sum of US$ 8,370,000.00,
without naming a beneficiary to The funds, I alone have the
deposit details and they will release the deposit to no one unless I
instruct them to do so. I alone know of the existence of this deposit for
as far as CIMB is concerned, the transaction with our deceased customer
concluded when I sent the funds to the firm, all outstanding interactions
in relation to the file are just customer services and due process. They
are simply awaiting instructions to release the deposit to any party
that comes forward. This is the situation. This bank has spent great
amounts of money trying to track this man's family; they have
investigated for months and have found no family. The investigation has
come to an end.

My proposal; I am prepared to place you in a position to
give instruction for the release of the deposit to you as the closest
Surviving relation. Upon receipt of the deposit, I am prepared to share
the money with you in half. That is: I will simply nominate you as the
next of kin and have them release the deposit to you. We share the proceeds
50/50..

I have all document and existence of funds.

If its in your interest to proceed with the transaction,
please respond to this email account "( [email protected] ) I will
give you a detailed account of the source and origin of the estate as well
as the transaction proper.I anticipate your cooperation.

Regards,

Saskia Opel.

[Rodo]

Dear Friend,

*sip*

what he it said x2.

[Starman01]

It happens to me now again quite often (today and yesterday). But regarding the wrong passwords, couldn't it just be, that this logging out is happening to much more people than the few posting here. Everyone is used to stay login "forever" (like me), and now they suddenly have to reenter password again, that they haven't used in months and maybe have forgotten them

[newman]

I suppose the bots trying to log in as some of us makes some sense as an explanation, but why is it happening now after the upgrade? It literally never happened to me before and now it happens quite frequently on a daily basis.
Also, if it is the bots, there has to be some way to defend against this?

[Rodo]

Well, they could register a new user before, maybe our accounts are getting attacked because the can't breach the new anti spambot registration quizzzzz.

[newman]

If that's the case.. it was infinitely better just permabanning a spambot when it posted it's rubbish than have bots constantly attack user's accounts. Just sayin'...
Also, murdering people who do this sort of thing should be legal and encouraged with all sorts of incentives.

[Starman01]

Also, murdering people who do this sort of thing should be legal and encouraged with all sorts of incentives.

I definitly support this !!!! 

[Droid803]

So that is why I've been kicked out so many times. :/

[Fury]

I will be installing a modification later today that changes login procedure to use email address instead of username. Since email addresses are not viewable to anyone except admins, bots can't guess it and cause valid session to be terminated with its failed login attempts.

[FUBAR-BDHR]

Unless they are getting usernames and other info from another site. 

Oh and email addresses are visible just by clicking on send email from the member list. 

[Fury]

Oh and email addresses are visible just by clicking on send email from the member list. 

Huh? Profile information is not shown to guests, at all. And you should not be seeing email addresses of other users regardless of whether they've enabled the option to allow emails to be sent. You should be only seeing recipient's name, but not his email address.

[Goober5000]

I'm not a fan of disabling username login altogether.  It would be worth thinking about this a bit more.