Someone Used My Account
-
-
Yoko
Someone Used My Account
It was quite obvious. When I got onto the site I noticed my name at the bottom of the screen. I thought nothing of it at first until I scrolled up and saw I wasn't logged into mafiascum. I refreshed then looked again my account name was still listed along with 2 guests.
I quickly logged on and made a thread about it. Then immediatly logged off. I was still showing as if I was logged on but the mafiascum screen on my computer asked for a user name and pw. I posted as a guest then checked again my name was still down there. I tryed to get anyone that was on the site to see it but doubt anyone noticed. I refreshed and refreshed until around 3-5 min later when I was no longer logged on but there was an additional guest.
I theorized that my account may have been slow but I soon found out that the instant I logged off every time after that I was no longer shown below. The only possible way was someone was on my account.- jeep
-
jeep Cappo Bastone
- jeep
- Cappo Bastone
- Cappo Bastone
- Posts: 747
- Joined: April 21, 2002
- Location: Portland, OR
- d8P
-
d8P The "I told you so" guy
- d8P
- The "I told you so" guy
- The "I told you so" guy
- Posts: 833
- Joined: February 16, 2003
- Location: Galway, Ireland
- Contact:
This happens a to me a lot. I've wandered off to other sites, closing the window, come back after an hour or more, and clicked the "find posts since my last visit" button, to find the newer posts just added onto the list I'd seen more than an hour previously, not a new list as you'd expect. When this happens it means scum hasn't registered the visits separately, i.e. that it hadn't logged me off.
[edit to try and make sense. I give up now ~shrug~]Last edited by d8P on Thu Mar 18, 2004 6:29 am, edited 1 time in total.[size=75]-POST NO BULLS-[/size]-
-
sk
-
-
YK
-
-
YK
-
-
YK
- jeep
-
jeep Cappo Bastone
- jeep
- Cappo Bastone
- Cappo Bastone
- Posts: 747
- Joined: April 21, 2002
- Location: Portland, OR
How long have you been logged off? Did you clear your cookies? Did you change your password? Do you auto-login?
In order to use your account, the person would have to know your password and even I can't do that. Passwords are stored as a MD5 hash. MD5 is a one way algorithm that, as far as I know, hasn't been cracked yet.
We do have the latest patch applied to phpBB, and no new security warnings have been issued.
Search for your posts and see if there are any that you didn't make...
-JEEP-
-
YK
- jeep
-
jeep Cappo Bastone
- jeep
- Cappo Bastone
- Cappo Bastone
- Posts: 747
- Joined: April 21, 2002
- Location: Portland, OR
My mistake, there was a security warning posted 2 hours before my last post that could be related to this:
Code: Select all
We've been notified of a flaw in search.php. This, under the right circumstances with certain server versions be exploited to obtain password hashes.
Even assuming we've been hacked, once the person gets the hash, unless you use a dictionary word, it still takes a lot of work to determine what your password it.
I will apply the security patch this weekend and will recommend that everyone change their password in a global announcement.
-JEEPCopyright © MafiaScum. All rights reserved.
- jeep
- jeep
- d8P
- jeep