Cycling UK Forum

For a few days now, I've needed to use the horrible gotcha whenever I've logged in. Then I ticked the box saying "log me in whenever I'm here" or something.

I can't see why anyone would want to steal someone's identity on this forum. But it could be an automated robot hacker -- I've had problems with those elsewhere.

If a robot manages to log in with someone else's account, the robot can then post spam messages as much as they like. The CTC Forum is well-liked by Google, so it's quite a good place to try to get spam links added.

I suspect that there are robots that try to login using people's usernames and common passwords: on a large forum they might expect to find someone who has used their username (or "password") as their password.

There isn't any obvious way we can avoid this, unless we can spot a pattern in the failed login attempts. I'll see what I can see...

.

gaz wrote:The forum started running slow whilst I was logged in earlier this evening so I logged off and closed the browser.

When I logged back on I had the failed log in prompt again. The forum remains slow running for me. Probably just a coincidence but are there a higher than usual number of attempted log-ins at the moment?

Not that I can see, no. The server has been lightly loaded since the Forum moved to it a couple of weeks ago. Certainly much less loaded than the old server.

gaz wrote:The forum started running slow whilst I was logged in earlier this evening . . .

I don't know if it's relevant, but I read somewhere (only a few days ago, but I can't remember where) that "Sunday evening" is the very worst time for congestion dragging the internet's performance to its knees (sorry, a horrible metaphor, but I'm sure you get the point). Which rather suggests your experience may not have been just the forum, @gaz, but the whole damn web creaking.

I've no idea why this is so, and hadn't noticed it myself particularly until recently, but certainly have noticed it the last few weeks. And when I was trying to look up stuff and check my e-mails this (well yesterday now!) afternoon, it was the worst yet - the whole shebang ground down so slow I eventually gave up, after trying to re-configure the relevant software as best I could, to little avail. Didn't hang about to see how much worse it would get in the actual "evening", as opposed to the afternoon, as I had arranged to spend the evening with friends in the pub, which seemed a vastly preferable way to waste my time. (I don't anticipate being deafened by the opposition to that! ).

Have returned to the fray in the wee small hours, and am now finding everything back to normal, and performance as acceptable as I ever get via Mr Vodafone's 'Mobile Connect' dongle on the laptop. (Which, admittedly, is nothing to write home about, but it does have the one big benefit of being usable almost anywhere and everywhere; but of course if, on top of its normal limitations, the Interweb traffic snarls up really badly, it then becomes damn near unusable. )

Doesn't help with the login probs, but FWIW might at least partly explain the Sunday slow-running.

Mick F wrote:If you're reading this, please go away.

I think he has, because it's not happened to me since Saturday.

@admin,

I said, "I don't know if it's relevant . . ", and, "Doesn't help with the login probs . . ", but with it still in my thoughts as I went to sleep a few mins later it occurred to me to wonder:
Is it poss that the forum's engine might "time out" on a login, because of it's (the login's) data getting interrupted (perhaps more than once) in transmission by the web congestion? So that the engine gives up on it and defaults to the fault message?
We haven't actually ascertained yet if this problem is only particularly troublesome at times when the web is very busy, but if so then some such explanation as the above might be the answer.

Still doesn't help much tho - if it means the only solution is to persuade someone (many someones!) to go out and spend trillions(?) worldwide to triple(?) the capacity of the internet!

Dunno if you're right Greendragon, but I first found this on Tuesday last week. It happened a few times again to me - and others - and as far as I know, that's it.

Maybe if "congestion" is correct, we may see another spate next weekend?

Mick F wrote: . . .
Maybe if "congestion" is correct, we may see another spate next weekend?

I think our best hope is that the last couple of weekends, being Christmas and New Year, were very exceptional, so that it won't be as bad again, at least for a while. If not I may be be closing the Vodafone account - yesterday afternoon the mobile dongle was absolutely hopeless. Still, it's never been that bad before, so I'm hoping that was just a one-off.

It's happened to me too. How many failed logins would be too many? It wouldn't be a difficult "bot" thing to look at pages and guess which bits are userids (anything that follows the word "by" for starters) and then throw a few passwords at it until you get a jackpot. I've got a list of "the most commonly used passwords"" somewhere - published in a proper newspaper IIRC. Sounds a bit too much hands-on work for a disgruntled exile IMO.

Three failed login attempts is enough to require you (or the robot) to decode the CAPTCHA image - which is designed to separate humans from robots.

The internet doesn't usually suffer from congestion that you'd notice unless a large node fails (e.g. a heavily-used network building or cable in London's Docklands) for some reason. The whole point of the internet, and the reason it was invented by the US military, is that connections can, and do, get routed by the most congestion-free route available. For a home ADSL broadband connection the bottleneck is between you and the telephone exchange: the rest of the net has much faster connections.

Most home ADSL lines have a "contention ratio" of about 50:1 - which means that your normal broadband speed is shared with fifty other people. If all fifty decide to watch BBC iPlayer, or download a large file, at the same time everyone will see their speeds drop by a factor of 50. So if your broadband seems very slow, it's most likely that someone else using your local telephone exchange is using their broadband connection heavily at the same time.

Wireless broadband via a dongle relies on mobile phone connections being available. Those connections are shared with other people making mobile phone calls, and I think voice calls take precedence over data connections. So slow mobile broadband at weekends is probably down to people phoning their friends with their free minutes.

admin wrote: . . .
The internet doesn't usually suffer from congestion that you'd notice . . .

Sorry, @admin, but I have a prob with that statement. The IT comics have been getting quite twitchy over the last couple of years over the growing problem of just that. It has, of course, been heavily aggravated by the worrying growth of . .
a) the dreadful "cloud computing" - online applications taking the place of installed software, requiring a hugely increased amount of online resource use;
b) the number of folk doing what you mentioned: watching video online (BBC iPlayer, or whatever); and
c) online multiplayer gaming;
. . and it's obvious that at least two of these may well have 'ballooned" over the "festive season".

While, at the same time:-

admin wrote: . . . unless a large node fails (e.g. a heavily-used network building or cable in London's Docklands) for some reason.

But, surely, over a major holiday period like Christmas/New Year is exactly when the major nodes can, with minimal adverse impact on the military-industrial complex that owns them, be shut down for annual maintenance/overhaul/upgrading/whatever. So that may well have happened over the last couple of weeks. (Not that they'd tell us, of course!) Would also go far towards explaining the lesser go-slow on a 'normal Sunday', of course.

So, although not an ITC professional, I'm afraid I must have the temerity to query what appears (to one such) your rather too ready dismissal of this possibility. Sorry.

That said, I appreciate your reply, and the rest of what you said, including re. the limitations of the mobile dongle. I wasn't, in my earlier posts, trying to blame the forum for my connection difficulties, so I hope I didn't give that impression. I was simply (I'm good at 'simply'@ ) bemoaning the fact that, on top of its obvious limitations, something else had ground the mobile connection to a complete halt. And, as that something was clearly more than the 'normal' weekend traffic on the mobile network, the internet as a whole was probably struggling.

Now we are back to a more-or-less normal working day, and I have been doing one thing and another online for most of the afternoon and evening . . . in the course of which the mobile connection has been positively 'flying' the whole time, with no delays at all. I don't remember it ever being better in fact. Could that possibly be because I am right, and all those major servers are back up and performing at full strength?

greendragon wrote:But, surely, over a major holiday period like Christmas/New Year is exactly when the major nodes can, with minimal adverse impact on the military-industrial complex that owns them, be shut down for annual maintenance/overhaul/upgrading/whatever. So that may well have happened over the last couple of weeks. (Not that they'd tell us, of course!) Would also go far towards explaining the lesser go-slow on a 'normal Sunday', of course.

If Docklands shut down in any way that affected the internet, you'd certainly hear about it from all those businesses that rely on the internet, including mine!

There's a difference between moaning that the internet's backbone is becoming more and more busy, which is clearly the case, and it actually starting to slow communications noticeably. My point was that most people's connections have the bottleneck between them and the local telephone exchange: the internet itself is orders of magnitude faster.

greendragon wrote:So, although not an ITC professional, I'm afraid I must have the temerity to query what appears (to one such) your rather too ready dismissal of this possibility. Sorry.

I wasn't trying to dismiss the possibility, but I'd be very surprised if a general slow-down on the internet was only noticed by one or two people. Certainly http://www.theregister.co.uk/ would have had a story about it, as it did when someone dug up a cable in Docklands last year.

greendragon wrote:Now we are back to a more-or-less normal working day, and I have been doing one thing and another online for most of the afternoon and evening . . . in the course of which the mobile connection has been positively 'flying' the whole time, with no delays at all. I don't remember it ever being better in fact. Could that possibly be because I am right, and all those major servers are back up and performing at full strength?

No, I don't think so. I have a fast internet connection, and spend most of my working time using the internet both via my ADSL and my web servers that have very fast connections to the internet. I haven't seen any sign of slowness from either.

Your mobile connection would almost certainly have been affected by people making mobile phone calls over the Christmas break.

trying to reply to a post this morning have logged on 8 times and still not got through whats going on ,,grrrrrrrrr

loafer wrote:trying to reply to a post this morning have logged on 8 times and still not got through whats going on ,,grrrrrrrrr

Briefly, the CTC Forum appears to be attacked ( as are many other forums ) by a log-in-robot.

This appears to be taking random usernames and trying to login with trial passwords.

Upon the third failed attempt any subsequent login attempt will be confronted by the Image verification test ( or CAPCHA code ).
. . . at which point the robot presumably gives up and tries another Username.

Why is this happening ??
Theory 1 :
A valid Username and password would be of value to spammers - offering a route to posting directly into public view ( without the staff checks on the early posts of new Usernames ).

Theory 2 :
The robot spammer attack has been initiated by a disgruntled former forum member in order to cause nuisance to forum staff and members.

There is no evidence (yet) to indicate either of the above. But we have recently been visited by a disgruntled former member of the forum who seemed eager to relaunch his deranged campaign against other forum members and "staff".