| Main > Main Forum |
| ---WARNING--- - password hacking attempt on many accounts -- UPDATE -- |
| << < (13/22) > >> |
| missioncontrol:
Jokes on him, not only did I change my password, I then changed it back just to mess with him :duckhunt |
| saint:
--- Quote from: SavannahLion on February 16, 2011, 08:18:45 pm ---Reporting in that I too got the email attempt. Obvious attack vector on that one. Might I suggest that Saint temporarily disables the password recovery module/code and switch to a manual request system? Or maybe use a capta? At least for the time being. --- End quote --- Good suggestion - implemented. |
| saint:
The password hacking attack does not appear to be related to any other issue at BYOAC. There is a mass-attack against SMF forums (and others, such as PHPboard) in general. More info here: http://www.simplemachines.org/community/index.php?topic=421603.msg2949285#msg2949285. The attacks against BYOAC match this pattern exactly. I do not believe Driver-Man is related to this at all. I am taking various measures against the attacks. There have not been any successful attacks that I am aware of anywhere. I now consider this a low threat level. Make sure you have a good, non-dictionary based password and beyond that I would not worry about it. I will note if anything changes in this arena. --- saint |
| WhereEaglesDare:
--- Quote from: HarumaN on February 16, 2011, 09:13:25 am ---Here's a dumb question, say he was able to hack a mod's account... would that give him access to the forum user's passwords? Or is that encrypted somewhere (I hope). --- End quote --- Mods dont have access to PWs on SMF, they can reset them though. |
| twisty:
He was doing the mass password recovery routine at MW concurrent with it happening here. This was 100% confirmed as being him by matching IP's. (And we don't use SMF either.) Just thought you should know that. |
| Navigation |
| Message Index |
| Next page |
| Previous page |