Main > Main Forum

---WARNING--- - password hacking attempt on many accounts -- UPDATE --

Pages: << < (13/22) > >>

missioncontrol:

Jokes on him, not only did I change my password, I then changed it back just to mess with him   :duckhunt

saint:


--- Quote from: SavannahLion on February 16, 2011, 08:18:45 pm ---Reporting in that I too got the email attempt. Obvious attack vector on that one. Might I suggest that Saint temporarily disables the password recovery module/code and switch to a manual request system? Or maybe use a capta? At least for the time being.

--- End quote ---

Good suggestion - implemented.

saint:

The password hacking attack does not appear to be related to any other issue at BYOAC. There is a mass-attack against SMF forums (and others, such as PHPboard) in general. More info here: http://www.simplemachines.org/community/index.php?topic=421603.msg2949285#msg2949285. The attacks against BYOAC match this pattern exactly. I do not believe Driver-Man is related to this at all.

I am taking various measures against the attacks. There have not been any successful attacks that I am aware of anywhere. I now consider this a low threat level. Make sure you have a good, non-dictionary based password and beyond that I would not worry about it.

I will note if anything changes in this arena.

--- saint


WhereEaglesDare:


--- Quote from: HarumaN on February 16, 2011, 09:13:25 am ---Here's a dumb question, say he was able to hack a mod's account... would that give him access to the forum user's passwords?  Or is that encrypted somewhere (I hope).

--- End quote ---

Mods dont have access to PWs on SMF, they can reset them though.

twisty:

He was doing the mass password recovery routine at MW concurrent with it happening here. This was 100% confirmed as being him by matching IP's. (And we don't use SMF either.)

Just thought you should know that.

Pages: << < (13/22) > >>

Go to full version