View Full Version : How to keep your user account secure
eclectica
2004-05-16, 16:47
One of the administrators named Music Pirate from Unite The Cows got his user account hijacked. The hijacker then logged into the administator control panel and did some damage to their forums. If you are an administrator or a moderator on a board then you have a special obligation to keep your account secure, because more damage can be done. There are a lot of different ways to get your account hijacked, and I here I list the ones that come to my mind.
1. Use a secure email address.
If someone gets hold of your email account then the person could use the "forgot password" feature and have your account password reset. This is something to worry about if you have a Hotmail or a Yahoo email account and you don't log in for a while, which will cause the email address to be turned over to the public domain. You ought to use your ISP email address instead of those free email services to register your account with.
2. Use a unique password.
This is very important if you are an admin or moderator of a board. I use the same passwords for a few different sites that I am registered on, but for this one that I am an administrator of I use one that is used no place else.
3. Be wary of public computers or keyloggers.
When you log in to your account from a public computer, log out when done. Some public computers have keyloggers working on them. Scan your own computer for spyware and trojans as well, or don't activate any suspicious programs and email attachments. Another thing you could do is change your password after using a public computer.
Dollar_Girl
2004-05-31, 01:21
on the topic, i recently had a member send me their account informatin, including password.
Stating the obvious... this is not a good idea, account info should be kept private.
DUH.
eclectica
2004-06-01, 11:39
I would guess it was you tim or mekajinn who sent her the info.
Account on The Inferno locked out
________________________________________________
From: "The Inferno Forums" <webmaster@3-3-3.org>
Date: Mon, 30 Aug 2004 19:20:05 -0400
________________________________________________
slx,
Your account on The Inferno has been locked because someone has tried
to log into the account with the wrong password more than 5 times. You
will be able to attempt to log in again in another 15 minutes.
The person trying to log into your account had the following IP
address: 4.153.74.76
Don't forget that the password is case sensitive. Forgotten your
password? Use the link below:
All the best,
The Inferno team
________________________________________________________
________________________________________________________
the ip just happens to belong to our beloved littledik
The Passion
2004-08-31, 04:42
Account on The Inferno locked out
________________________________________________
From: "The Inferno Forums" <webmaster@3-3-3.org>
Date: Mon, 30 Aug 2004 19:20:05 -0400
________________________________________________
slx,
Your account on The Inferno has been locked because someone has tried
to log into the account with the wrong password more than 5 times. You
will be able to attempt to log in again in another 15 minutes.
The person trying to log into your account had the following IP
address: 4.153.74.76
Don't forget that the password is case sensitive. Forgotten your
password? Use the link below:
http://www.3-3-3.org/forum/login.php?do=lostpw
All the best,
The Inferno team
________________________________________________________
________________________________________________________
the ip just happens to belong to our beloved littledik
so timmy is trying to log in as you? I assume that is who littledik is, I haven't been around very much, but I am getting the hang of how it works around here. if it was his real ip, I would say hack the little fags pc, but we all know she is the proxy type of girl.
so timmy is trying to log in as you? I assume that is who littledik is, I haven't been around very much, but I am getting the hang of how it works around here. if it was his real ip, I would say hack the little fags pc, but we all know she is the proxy type of girl.pardon me, if i'm curt but i'm shy til i know who's who.....
yep...littledik is timmy, harb, whatever he's currently calling himself and no, he doesn't use a proxy, he's on dial up and as you prob know, proxy+dial up= slow as shit page loading
seems he tried to get in the club using my pass...
worse things happen....and will.....to him.......soon
Dollar_Girl
2004-08-31, 10:46
speaking of emails, good ole humpty has registered my old email address that i left to expire, and has politely emailed me from it with the following :
To: "Katarina ." <pepper_revolution@yahoo.com.au>
Subject: just saying hi
Date: Fri, 27 Aug 2004 08:26:51 -0400
just wanted to tell you hello and to make you aware that if you don't still have access to the following accounts:
1)worldpeace22@hotmail.com
and
2)kgb_goddess@yahoo.com
that someone else...most presumably eclectica does..for it was he who gave me the idea to register old expired email accounts.
He has read all of your exchanged with mekajinn on the forum..when I worked with him behind the scenes early on I taught him how to do this...that was what prompted his original thread entitled 'mekajinn'
what i've said stands..btw not that you give a shit about the truth but at the time i responded to your accusations I really had not registered any of your old email addy's until finding this one available.
maybe you can say i registered it for altruistic reasons to keep tom from getting it.
its sometimes interesting what we find out from old email address...people may have you on their contact list..you may have a list of contacts...pm's people sent you..other forums you belonged to..correspondence with hewlett packard etcetera, etcetera.
I want to know what your real name is..including your address and telephone number...i never give up and even if I don't post on the forum again you can be sure I am always thinking about you.
eclectica
2004-08-31, 12:22
He has read all of your exchanged with mekajinn on the forum..when I worked with him behind the scenes early on I taught him how to do this
Those are lies which I usually don't even bother to refute
I ran some tests on this login lockout and that email is actually wrong about your account being locked. It is not the account which is locked but the intruding IP address which is locked. At that point when tttimmmy was locked out he probably tried to log back into his own account and got the same email too.
Make sure you folks keep your emails secure and updated in order that your accounts here also stay secure. Hotmail and Yahoo accounts expire if you don't use them for a month. There is also an extra layer of security you could have, which is security through obscurity, by selecting to keep your email address hidden from the regular members of the forum, which will reduce the odds of account hijacking.
has humpty become evil?no dude....you're still just a piece of shit, floating in the bowl
waiting to be flush'd
eclectica
2004-08-31, 17:16
lol
Dollar_Girl
2004-09-01, 05:25
why did you email me a half hour ago saying you have been banned from posting, if it was infact untrue?
eclectica
2004-09-30, 00:45
I merged a thread that slx started on August 30 into this one to make it a single thread.
I just thought of another security vulnerability in which one could get an email account or any other account hijacked. Some accounts have a function in which there is a feature that you lost your password and need it reset. On such accounts they may ask you a question like "what is your mother's name" "what is your pet's name" "what city were you born in" or "what school did you attend" as a question which you could use to reset your password. While you may put a hard to hack password as your regular password, if you answer truthfully those forgot password questions, then the security would be breached if someone actually knew you and could answer those questions. I recommend creating yet another password for those answers or using random characters that you're bound to forget, rather than using truthful answers. You'll lose the convenience of being easily able to recover your password, but you'll gain in security.
Dollar_Girl
2004-09-30, 01:54
the secret question feature is good if you can choose your own question. when i am asked to write my own question, i usually write something in a different language such as slovak, polish or czech - and sometimes a combination of all three. it is better to have a question that is something only you would know, something in your life, that is so small and unimportant that it only sticks in your mind, example "what food do i always buy at the indian store?"
vBulletin® v3.8.3, Copyright ©2000-2010, Jelsoft Enterprises Ltd.