-
Posts
-
PLEASE CHANGE YOUR PASSWORD
To do so, click on your name in the upper right corner and then press “manage password”
Here is the situation. V 4 Vendetta logged in last night about 6:30. I was checking the user log and I noticed that “V” and “admin” shared the same IP address. I am not a computer expert but I know that is not right.
I followed up by checking “V”‘s IP address against all the other IP addresses in the system. They did not match any others. This shows me that “V” did not log in with anyone elses name besides “V” and the “admin”.
Next question is security. I do not have access as the “admin” to your passwords. They are always protected from everyone, even the admins. The only person that can get the password is with the “Remember Password” button. The password is then sent to the email recipient.
Mory and myself have changed all the passwords that allow access to future breaches. I am pretty positive your information was not accessed, but I want you to take your own precautions and change your password.
I will continue to monitor the user log to see anything unusual.
We are still investigating how the individual got the password to the admin account. I know of only a few places that I used the same password.
Thanks for taking the time to read this message and change your password.
If you have any questions, concerns or comments, please post or email me. I will do whatever I can to answer all your questions.
Would not let me do it. said: “: You must enter a valid password”. I did. Then, something about asking the administrator. ????
Andy I must compliment you on the website, it truly is sincere in it’s entirety. We have been reading all the post and really have benefittied from the info. I am sorry to here that you have a security issue on the site, mabe it won’t cause you the problems that when I got notice from my credit card company that I owe a lot of money. You all said that this guy V was probably someone you know, and now i read that mory had a problem with his system too. hopefully this guy V can be found out so you can say hi to him someday.
james
Click on Name in upper left corner > Click “manage password > enter password > enter new password > confirm password and that is it.
If the password you use on this site is not used for other sites you may visit, you may not need to change it. The only reason we use the password for The Fabricator Network is to provide each user with a unique name on the forum. Some pages are only accessed by registered users but only for convience.
JamesS wrote
Andy I must compliment you on the website, it truly is sincere in it’s entirety. We have been reading all the post and really have benefittied from the info. I am sorry to here that you have a security issue on the site, mabe it won’t cause you the problems that when I got notice from my credit card company that I owe a lot of money. You all said that this guy V was probably someone you know, and now i read that mory had a problem with his system too. hopefully this guy V can be found out so you can say hi to him someday.
james
I appreciate the compliments.Very unfortunate that one person can cause such problems. The same person hacked into Mory’s system. I think they will look into what legal actions they can take. As far as this site is concerned, all seems well but who really knows.
I do know on thing, there is only a couple places that they could have gotten my password. That is what disturbs me about the whole thing.
Thanks for visiting the site and keep coming back.
Andy, this thing really pisses me off! Any help I can provide be it legally or monetarily, just ask. This malcontent WILL be taken care of.
I recently had a competitor (local) attempt to hack my site. I have spent 1000’s on security measures and it worked just fine. Especially since this dimwit made no attempt at hiding his IP address. Real smart. There are laws against this crap and it’s in the hands of our legal side. I’ve instructed them, whatever it takes, bury him! Plus, it will make for a nice sales flyer!
Andy, when I got my Credit card info stolen, they askd me who all I had giving my number to. I told them all that about my purchases. They said that most of the time when numbers are gotten it is from someone that took the job from someone elseand could see all the numbers. Sumeone said something about you doing another site for the assocation but never really understood all that. If you did work on the other sight, surely you did not use the same password for the sight now. If you did that is how they found out, but then you know who the guy is. If you know, then maybe you should go and say hi.
Andy, I changed the password on my account around six or seven, central time. Then I got an email saying that I asked for a password reminder and it gave the new password. Is this normal? I don’t remember asking for it, or is it generated automatically.
Only reason I ask is because of the security issue….
I started to post this earlier and canceled it.
Here is the situation on passwords and mailing password back to user which forget their password.All one has to do is install a packet sniffer on their system. Then you need the users e-mail address. Let’s say in this case azamia@…com if you do a MX DNS Query it will give a person where my …com e-mail server’s ip address is. Start the packet sniffer and record all packets going into that server. Then you go to a site that is known that the user has registered with their e-mail address such as this and click on forgot password and have the system e-mail the password to you. The sniffer captures the message and bang you have the info that you need. This is unfortunately the flaw of an old info structure. I will send Andy SSL authentication information within a week or so, I need to test it.
If you did not request for your password to be e-mailed to you someone is playing with your account. I’m not sure how this site behaves so don’t hold me on all this since there is tons of if’s and or’sI just checked and it appears that the system will e-mail you the change password request information when changing a password. So it should be OK if you received this message just after changing a password.
Amir, I thought a sniffer was one of those things you can clean a floor with. Youmean that anyone can sniff all the information I by stuff with on the interenet. I was thinking about bying all or most of my christmas presence on the internet this year but if someone can see what I can buy them I guess I want.
thank you for the hindsight
James
- You must be logged in to reply to this topic.