Author Topic: Bad password entered  (Read 1610 times)

lynda.kane

  • Posts: 49
    • View Profile
    • http://www.realhealth-online.com
Bad password entered
« on: August 27, 2007, 06:10:51 am »
Hi,

I've just had six emails from Listmail saying someone (not me this time! :) has entered a bad password in the login page. Some of the various passwords are the first name and last name of a recent purchaser of products from our website (brenda@farm; pasternaks@rogers.com; brenda) . Others ('chester' "") are random. they are all from IP Address: 99.245.156.44 (CPE005004228139-CM001404598226.cpe.net.cable.rogers.com) It's still happening as I type.

Is this a hacker and how do I find out where they are getting our login from?

Thanks,

Lynda
Comments from the Energy Awareness Training

"A truly transformational weekend."
"the most EMPOWERING of anything I've done before."
"I didn't realise it was going to change my life!"

www.EAT.energyawareness.org
www.EnergyEgg.com
Tel :  +44 (0)207 617 7521

DW

  • Administrator
  • Posts: 3787
    • View Profile
    • https://legacy.listmailpro.com
Bad password entered
« Reply #1 on: August 27, 2007, 11:44:13 am »
Hi Lynda,

It sounds like you have a suspicious client.  I recommend asking your payment processor to investigate possible fraud to try to avoid a potentially costly chargeback.

I recommend changing your administrator password to something longer (ie. 10 characters) and unguessable (containing a number or a capital or two).

To ban the client from ListMailPRO by IP you'll have to manually modify the admin.php file.  Add this line on a blank line after the opening <?php tag.
Code: [Select]
if($_SERVER['REMOTE_ADDR']=='99.245.156.44') exit('Please stop hacking.');
To ban them just from login, do the same but in the login.php file.

A ban feature is coming in a near future update :D

Regards
Dean Wiebe
ListMailPRO Author & Developer - Help | Support | Hosting