Originally Posted by doreen T
Thank you Mr. Thud
For the record, our Webmaster (tamarian) has made some changes very recently to greatly reduced search engine activity on our forum.
Yeah, that's kind of how they do it. The basically scour site like a search engine (crawls all links from forever) grabs all the usernames that can be grabbed from the pages (need a little knowhow to write that script) then plugs those usernames into brute force app that tries each username as many times as it can till time out.
The smart ones then keep a list per user of common passwords that have already been tried for a particular user so they 're not covering the same ground twice.
A better, and more sophisticated, method for getting email/password combos is to actually hack the site where this info is stored, most of it in clear text but a lot of times the passwords on not strongly encrypted or poor ones can be reversed by using rainbow tables https://en.wikipedia.org/wiki/Rainbow_table
I've even had my special emails that I create for sites show up as emails back to me saying they have my password for the site, They do have it but it's basically useless for anything but that particular site. This method is very good for creating "skareware" as I call it - sending you an email usually from your own address saying that they have hacked you and have been watching you surf the internet and then demanding bitcoin payment for not spreading the news of your lurid browsing habits. It's a really effective social engineering piece. NEVER PAY RANSOM WARE. this will only be the tip of the iceberg if you do.
here's a good site to see if you email has been compromised on various websites - if yours shows up, don't worry too much but be aware that some script someone might have your email address and password combo that you used on the site you signed up for.
Also some pertty good steps to help protect keep you safer signing up for stuff, and stuff...
This alone makes it a good idea to change your master/safe/important passwords periodically - sucks but that's the way it is for now till we get past the need for password - this exists but not the norm for now
Be safe, don't trust strangers on the internets. I'm one of them