|
|
Joined: Jan 2003
Posts: 141
Journeyman
|
Journeyman
Joined: Jan 2003
Posts: 141 |
I have been having some security issues on my boards from a competing forum lately and I finally figured out how they are doing it. They have been logging in under at least 1 mutual member that they helped with a pasword problem at their site and he happened to use the same password at ours. When I help someone and they forget their password or something and I edit their profile all I see in their password box is the astericks. Is there any way that they can get the other members password off of their forums and take the off chance they are the same as on ours? They are using 6.1.1 and have stated that they have read every pm from every member on our site. I have another admin that used the same password at both places.
|
|
|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
Addict
Joined: Apr 2002
Posts: 1,768 |
Some possibilities:
1) If they know the user's encrypted password, they could easily write a script to encrypt dictionary words, or other guesses, until finding a match.
2) They could insert a line of code into the login script and record the user's unencrypted password when he types it in.
That's why using the same password on different sites is a really bad idea.
|
|
|
|
Joined: Jan 2003
Posts: 141
Journeyman
|
Journeyman
Joined: Jan 2003
Posts: 141 |
Thanks. I was going crazy trying to figure out exactly how they were doing what they were doing. I have made a post at my forums explaining what was happening and asked everyone to change their password if they are the same.
|
|
|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
Addict
Joined: Apr 2002
Posts: 1,768 |
It would also be a good idea to password-protect your admin directory, if you're not already doing that. And you could remove some of the riskier admin functions, such as the one for doing MySQL queries, if you can get by without it.
|
|
|
|
Joined: Jan 2003
Posts: 141
Journeyman
|
Journeyman
Joined: Jan 2003
Posts: 141 |
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 1,157
Joined: July 2001
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|