Security announcement/poll

I’ve just come out of my weekly briefing with the head of cyber security.

Apparently is now so popular that someone has been persistently trying to log into people’s accounts using a fancy technique called “brute force”. Particularly keen on Stewie’s account, apparently. Wonder why?!

There are a few things that can be done:

  1. Nothing (easy)
  2. require accounts to have “strong” passwords (easy but annoying)
  3. add a ‘capcha’type thing to the login (medium difficulty & $$)
  4. less forgiving lockout settings (eg get password wrong twice = lock out for 10 hours) (easy, potentially exploitble, deliberately locking out users)

the poll is below – please vote with a “+” for your favoured option.

0 0 votes
Article Rating
Newest Most Voted
Inline Feedbacks
View all comments
Last of the Moorookans

+1,000,000 (see how much MB influence very nice writing style?)

Biggest culprits probably redditors from /r/Brisbane or /r/AusProperty or /r/AusFinance who don’t want people discussin anything but “MORE IMMERGROIDS BECAUSE ME HOUSE PROICES”

Last of the Moorookans

I give myself +1 for comment

See how reddit influence very nice writing style?


Strong passwords are no issue when using something like Lastpass.

Funny someone is already trying to get into peoples accounts and cause trouble! They must not want people saying what they have to say here. I think Stewie had an enemy follow him here on a thread he posted?

Agent 47

Plot twist: it’s Chris Becker.


Now Chris has been sacked from MB maybe we should get him to post here? It could be like one of those British tabloids where he dishes all the goss on Macrobusiness writers.


+1 LastPass

The Traveling Wilbur

Gotta protect the sheeple against themselves. For their own sake as well as yours.

Other options can be added too, but *strong* pwd first.

A fly in your ointment

Firefox generates 16 characters long passwords and remembers them for you.
If someone can brute force 16 char password he should be granted access and all hail the God allmighty


How much $$ ?


Only if the lockout is IP address-based.


Login LockDown – WordPress plugin |

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. 

This one more popular
Limit Login Attempts Reloaded – WordPress plugin |

Last edited 3 years ago by Freddy
The Traveling Wilbur

Only if you setup your site’s sessions management to Black Helicopter paranoia level. So no… most sites that allow persistent logins will not clear existing sessions if an additional login attempt for the same account fails. Not even more than once. Even hotmail doesn’t do that. 😇

But if you literally mean “we have suspended your account until” kind of lockout, then yes, that would normally also trigger the end of any existing session. Black helicopter stuff if you ask me. That hotmail does do if you do enough bad things in a row to an email address name that does exist (don’t know what it does to any existing session that may have been still active when it applied the suspension).

Last edited 3 years ago by The Traveling Wilbur

That would work. I recall I had to validate the email address upon registration.

A fly in your ointment

To get fake disposable email used to be easy.
Now is even more easier.There must be quadripllion disposable email providers now.

A fly in your ointment

Maybe I’m dense, not sure how that makes a difference unless you think of phishing other users logins.
Check how works. Email galore and does not even need pre-seting. Spammers will have 100s of registered user names/email-logins within one hour.

Last edited 3 years ago by A fly in your ointment
The Traveling Wilbur

The ginger ones are the tastiest.


I think this is a good idea. I got a bunch of emails (2) like someone was resetting my password on ezfka too. It was not me obviously.

Very wierd.


Well… what can I say – you can tell the quality of a man by the enemies he makes?

Either Migwig or Maggot or parties unknown. Migwig would certainly have the technical skills to do it, although I will give him enough credit to come at me front on rather than surreptitiously via a hacking attempt… I doubt he actually holds me in high enough regard to waste his time, but the fella is increasingly unhinged.

Maggot is a possibility- the guy has a diamond strength boner for me that he’d use to cut through bullet proof glass if he could get at me. No idea on his technical abilities but I could only wish for a chick to be as infatuated with me as him… then again she’d only end up as a bunny boiler.

Third parties, for some time now I’ve been aware of unknown parties trying to track me down – I don’t know why, I’m such a charming, harmless type. Thought it was maggot because of his enormous erection that he spends an inordinate amount of time stroking over me, but frankly it could be anyone I’ve offended over the years… not a short list to work through.

For the moment I’ve upgraded my password and just contacted my internet provider requesting a new IP address. I’d request a catchpa in terms of security upgrade, although I do like Freddy’s suggestion, with the login lockdown capturing the IP address.

Until resolved I suppose I’ll have to access EZFKA through Tor.

Last edited 3 years ago by Stewie
Miguel de Sousa

Pffffft Iike I’d do brute force!

If I had to guess it’s Haruldos trying to comment without having to admit it. Anyway, what would I do with your account? Make posts about how IQ might not actually be the only reason we’re all idiots? 🤷‍♂️


No, as much as I despise your chronic nihilism and toxic views that are sourced from the Juicy handbook of “How to raise good Goy”, I will give you enough credit to come at me front on.

Last edited 3 years ago by Stewie
The Traveling Wilbur

To be fair, there are plenty of groups that borrowed heavily from that handbook.

Every good goy deserves fruit.

Last edited 3 years ago by The Traveling Wilbur

I think it is more than that – I’ve been having someone or some people trying to identify who I am in the real world for some time. I won’t give any further details, least it assist them, but I’ve good reason to believe that this is the case…. or it could simply be that Maggot’s boner for me, especially after I edited his cucking my wife or his pedo fantasies, simply tripped him over into a deranged psychoses, and he wanted to get in to edit my posts and do some raw vandalism as pay back…. but again, he could simply post some more comments without violating those two criteria, which I’d leave up without issue. FFS I haven’t even banned his accounts. It is a bit weird.

Last edited 3 years ago by Stewie
Stewie da limp dick bean counter

Why would I waste my time hacking into your account u silly old cuck? If I was that keen I’d rather meet u in person and see how much of a limp dick you really are….always talking tough yet you’re just a pencil neck accountant! aaaaaaaahahahahahahahahaha

Cheers – thanks for confirming. Judging from your lame insults I would have been surprised if it was you. You could be lying, but the opportunity to show your contempt for me as being beneath your effort is so transparent I’m now fairly certain you didn’t.

Still it would have been reassuring to know that it was you, better to have a known deadshit to contend with than an unknown party. On the other hand I would have actually been a little disappointed if it was you – if I’m going to have a nemesis I’d rather it be someone a little more challenging than a queef like yourself.

BTW why do you bother with me so much though? Honestly your hard on for me is amazing. If I dislike someone I can’t be bothered reading them – it is a pointless energy sink. Yet you’re constantly seeking out my lame musings and commenting on them…. you’re actually taking the time to read them!?! Every interaction is a win, I’m living rent free in your head!! LMFAO.

Anyhow feel free to keep commenting, I seem to remember that you’d occasionally post comments on DLS or Leiths articles that had some insights.

Last edited 3 years ago by Stewie

Just tried to log in from my phone and it redirects to
I hope my login was not snatched

My commnet disappeared

I tried to log in from the phone and it redirects to
Typed in wrong pw by mistake

A fly in your ointment

Well, that one single pw error made my phone blocked. Cannot log in from my phone at all.
I will try via VPN to see if that makes ad ifference. I can also spoof MAC and device signature… then I’ll report (if needed).

Last edited 3 years ago by A fly in your ointment

I lean heavily towards either do nothing or require an email address rather than user name.
Also advise strong passwords be used as this already does.
In terms of cost/benefit what is the real harm if someone actually gets into someones account?

Last edited 3 years ago by bjw678
A fly in your ointment

Firefox offers some complex pw auto generation and saves it as a login. Although a very complex pw is no less “crack prone” than say 343234323432, I can’t be bothered inventing new passwords each time then trying to remember it. If FF gets to be Swiss cheese, we’ll, I’m flucked.

Last edited 3 years ago by A fly in your ointment

indeed, you can generate very strong passwords uniquely for each site. but that requires me to have access to the password store on any machine I want access from.
Paypal, banking etc I think should have a unique and strong password.
A free blog with some articles and comments doesn’t really need the same security.
It’s like securing your garden shed the same as a bank, doable but not worth the effort

A fly in your ointment

FF can sync pw, history and favs across devices. I’d never use another comp for banking other than my phone or my comp. But for those, I chose a pw that I can remember because it has a meaning to a human but it is deeply personal.

Look up Ubuntu stick: a USB that comp can boot from and makes that computer run OS from it with 0 impact on local non removable drives. I still keep one in my car (.flac music usb).


Fair enough, but if someone hacks into my MB/ezfka/random forum account do i really care that much?
It’s a cost benefit thingy.
Chrome will do the same as well, but then everything is just tied to that one password anyway, if that gets hacked then everything gets hacked.