Black Packing Light
  • Sections
  • Today’s Features
  • Subscribe
  • Sign In
  • Subscribe
  • Home
  • Email Newsletter
  • Membership Info
  • Articles
    • Recent Features
    • Gear Reviews
    • State of the Market Reports
    • Gear Guides
    • Gear Lists
    • Skills & Techniques
    • MYOG
    • Science, Technology & Testing
    • Stories
    • Calendar
  • Education
    • Podcast
    • Webinars
    • Masterclasses
    • Online Courses
    • Guided Treks
    • Education Portal
  • Forums
    • Forum Index
    • Recent Forum Posts
    • Gear Forums
    • Gear Swap (Buy/Sell)
  • Gear Recommendations
  • Gear Deals

Backpacking Light

Pack less. Be more.

suspicious sign in blockage with request to “click here” to unlock

Home › Forums › Administration & Support › Website: Bug Reports, Feature Requests, Known Issues, and Changelog › suspicious sign in blockage with request to “click here” to unlock

Viewing 14 posts - 1 through 14 (of 14 total)
Forums are supported by our merchant partners (disclosure)
REI (Coupons) • ZPacks • Hyperlite • Patagonia • Arc'teryx • RBTR • Drop • Backcountry • Feathered Friends • CampSaver • Gaia • Mountain Hardwear
Gear Deals • Gear Search
Login to post (Basic Membership required)
  • Author
    Posts
  • Jul 28, 2020 at 7:28 pm #3667116
    jscott
    BPL Member

    @book

    Locale: Northern California

    I’m occasionally unable to sign in and instead get a message from a ‘security’ company telling me that sign in is temporarily blocked. then it tells me to “click here” to unblock my sign in (or something…). I do not click. then, after a few attempts i can sign in with no message appearing. Is this legitimate? should I click? or is it some sort of scam?

    Here’s Ryan’s reply:

    “@jscott can you please move this to the bug report forum with a screenshot of what you are seeing?

    Also FYI this is not the result of a “hack” on BPL or its DNS.”

    I’m a computer klutz so getting a screen shot is beyond me. this tends to happen when I try to log on in the morning. If it happens again I’ll write down the message and the name of the security co. and post it here. I should have done this already! but I’m still drinking my first cup of coffee and a bit slow.

    Jul 28, 2020 at 8:48 pm #3667147
    idester
    BPL Member

    @doug-i

    Locale: The Cascades

    It’s a firewall block (as I recall) so it should be whoever BPL uses for its firewall.

    Yes, mornings. That seems to be when BPL is screwing with the site so it’s also the time that we generally encounter things that are broken. Perhaps we should just assume that mornings will always be hinky here, at least for the next year.

    Jul 28, 2020 at 9:11 pm #3667149
    Pedestrian
    BPL Member

    @pedestrian

    Morning for who? It’s always morning for someone on the planet……

    Something you learn quickly while operating a service with customers across the globe.

    I have no clue what the BPL customer base looks like with respect to geography but speaking more generally of web based services accessed globally.

     

    Jul 29, 2020 at 1:12 am #3667170
    Sam Farrington
    BPL Member

    @scfhome

    Locale: Chocorua NH, USA

    Lately, I’m having all kinds of bizarre things happen when trying to sign in.  The support desk has my emails about that, and has been very helpful.

    But tonight, after numerous attempts to log in I had this one titled above.  Got to it by going to the gear forum, picking a thread, going to the end of it, and clicking on the message advising to sign in, in order to post.  So did click on the unblock message the came up, and clicked on a couple of streetlights to prove I’m human.  After that, was able to sign in on the home page.

    Sorry you are having so many difficulties.  It is a great site, and the only one where I can open a new thread and post a long article with pix about building a new piece of gear.  Very intuitive to use as well.  Really hope BPL can get these attacks under control.  Would definitely miss it, without the threads, but would check occasionally read only info as is done on Roger’s site.  But would hate to see it come to that.  The forums are the lifeblood of the site.

    Jul 29, 2020 at 8:25 am #3667185
    jscott
    BPL Member

    @book

    Locale: Northern California

    I had no issue signing in this morning. So I can’t describe the firewall message (or phishing attempt) that I get at other times. I’ll report when and if it happens again. Again, when it did appear I was eventually able to sign in without clicking anything. Took around three tries.

    Jul 31, 2020 at 10:18 am #3667724
    jscott
    BPL Member

    @book

    Locale: Northern California

    Login Protection

    powered by

    BlogVault Firewall

    Logins to this site are currently blocked.

    above is what appeared on my first attempt to log in this morning. It also told me to “click here” to unblock but I didn’t want to copy and paste that.

    I then opened a new window and was able to log in with no messages or issues. If the above is legitimate I’ll just click the next time it appears. I just wnat to know that it’s legitiamate–or not!

    Aug 1, 2020 at 10:32 am #3667885
    idester
    BPL Member

    @doug-i

    Locale: The Cascades

    Aug 1, 2020 at 10:44 am #3667891
    jscott
    BPL Member

    @book

    Locale: Northern California

    yes that’s what I see: so is it legitimate? (hard to get an answer here),

    Aug 1, 2020 at 10:58 am #3667894
    idester
    BPL Member

    @doug-i

    Locale: The Cascades

    If you click the link (I have), it simply takes you to a page where you have to ‘prove you’re human’ with one of those captcha tile things. After doing so, it completes your sign-in. It also isn’t trying to ‘phone home’ anywhere (I have a program that alerts me to and allows me to block outgoing connection requests thru Safari).  Since it’s not asking for any login info or any other info, I don’t think it’s nefarious (though, unfortunately, I can’t say for certain. But Ryan did say upthread that it wasn’t because of any hacking and such).

    Aug 1, 2020 at 11:52 am #3667900
    Ryan Jordan
    Admin

    @ryan

    Locale: Central Rockies

    OK, thank you VERY much for posting that.

    Now I’m able to provide an explanation.

    Yes, that is our page. We use Blogvault as *one* of a couple of different firewalls.

    Here’s a description of how it works.

    That page is only going to appear for you when “someone” has tried to access your account unsuccessfully three times in a row.

    Maybe it’s you.

    But maybe it’s not…

    If it’s you, that’s fine. You probably forgot your password or whatever.

    But if it’s not, here’s one likely, and very common scenario.

    One or more email address/username/password combinations at some point in your internet career has been compromised and acquired by bad actors (e.g., hacking networks).

    Then, they program bots with these combinations (or iterations) and scour the internet to see what sites they can log in to with your password. Or they “discover” you at a website (like ours) and use a brute-force attack to try to guess your password.

    If you see this screen, and you’re not the one racking up the login attempts, that means the hackers are being blocked/delayed, and the firewall is working.

    Your BEST defense is a VERY strong password…something that’s impossible to guess (or for you to remember). I use LastPass as a password storage vault and password generator, and highly recommend it.

    Aug 1, 2020 at 12:07 pm #3667906
    idester
    BPL Member

    @doug-i

    Locale: The Cascades

    I understand the explanation, but I think there’s something else going on. As Jeff said earlier, I can bypass that page and sign in anyway, so if it’s blocking me due to unsuccessful sign-ins, why can I sign in a few seconds later without going through that firewall page?

    Some additional info: I’ve only gotten this page in the morning (PNW morning) when you’re mucking about the site. I’ve only gotten this page when the home page sign in doesn’t seem to take (excessive time to load), so I go into a forum, into a thread, and sign in at the bottom of that page. That’s generally the only time I ever hit this firewall page.

    I also use a password storage vault/generator, and do not have any duplicate passwords for the sites I visit.

    Aug 1, 2020 at 12:17 pm #3667909
    Ryan Jordan
    Admin

    @ryan

    Locale: Central Rockies

    I can bypass that page and sign in anyway, so if it’s blocking me due to unsuccessful sign-ins, why can I sign in a few seconds later without going through that firewall page?

    Because this is a deterrent against automated brute-force logins. This page acts as a barrier to repeated attacks. Sort of like a speed bump, rather than a wall.

    Mornings make sense. Much of the bot attack traffic we get occurs during our night.

    Yes, aware of the issue that the login form at the bottom of a forum page uniquely triggers it. The way that particular form is implemented is a known target in WordPress, and we’ll be rebuilding that in the new site.

    We’ve only been running this firewall for a few weeks, so if it’s a huge inconvenience for folks, I’m open to turning it off, and just hope you all can protect your account by using strong passwords.

    Aug 4, 2020 at 9:02 am #3668782
    Ryan Jordan
    Admin

    @ryan

    Locale: Central Rockies

    Any other feedback for this? If it’s a non-issue for most users, we’ll leave as is and I’ll close the issue.

    Aug 4, 2020 at 9:16 am #3668785
    jscott
    BPL Member

    @book

    Locale: Northern California

    It’s not an issue with me.

  • Author
    Posts
Viewing 14 posts - 1 through 14 (of 14 total)
  • The topic ‘suspicious sign in blockage with request to “click here” to unlock’ is closed to new replies.

Join our Community Today

A Membership is required to post in the forums.

View Membership Options

Forum Menu

Backpacking Light forums are moderated and here to foster helpful and positive discussions. View the guidelines.
  • Main Forum Index | Recent Topics
  • Gear Swap | Gear Deals | Chaff | BPLTrac
  • Forum Support Docs | Posting Guidelines

Latest Online Course

trek planning masterclass title image Trek Planning Masterclass - now available on-demand.
View all online courses »

Want outdoor gear and skills info you can really trust?

Get our Handbook - the resource you need to make intelligent decisions about gear, safety, comfort, and pack weight.


Gear Recommendations

  • Publisher’s Gear Guide
  • Staff Picks
  • Guide’s Gear Recommendations
  • Our Lightweight Gear Recommendations for REI Members
  • Today’s Gear Deals
  • Search for Gear on Sale

Subscribe Right Now

Receive new Members-only content, gain access to 2,000+ articles in the archives, and become a part of the most passionate community of backpacking experts in the world.
Subscribe Now
  • Backpacking Gear Reviews
  • Backpacking Skills
  • Backpacking Trips
  • Backpacking & Outdoor News
  • Outdoor Recreation Science & Technology
  • Backpacking Courses, Webinars & Other Events

Follow Us

Get outdoor skills and gear info you can trust.

Download the Backpacking Light Handbook to help you make intelligent decisions about gear, skills, ultralight philosophy, and reducing your pack weight.

Join Now: Support fair and objective product reviews.

Something for everyone: Basic, Premium, and Unlimited Membership options available.

View Subscription Options

More @ Backpacking Light

  • About Us
  • Jobs
  • Advertise with Us
  • Write for Us
  • Submit a Product for Review
  • Diversity Grants
  • Help / Support / Contact
  • Terms & Policies

Call Us

Membership Sales & Support: 406-640-HIKE (406-640-4453) | About

© Copyright 2001-2021 BEARTOOTH MEDIA GROUP, INC. | U.S. Library of Congress Serial Registration ISSN 1537-0364
BACKPACKING LIGHT® and the FEATHER/MOUNTAIN icon are registered trademarks granted for exclusive use to Beartooth Media Group, Inc. Subscribe here.

  • Subscribe
  • Log In
  • My Account
  • Forum Profile
  • Private Messages
  • Newsletters
  • My Course Enrollments
  • Unlimited Membership Portal
  • Help / Support / Contact