OTHER BOARDS STEALING PASSWORDS: (read important)

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • MetaMan
    I AM WEB 2.0
    • Jan 2003
    • 28682

    #1

    OTHER BOARDS STEALING PASSWORDS: (read important)

    There is a board out there VERY similar to this i am not going to mention names until i am 100% sure. lets say VERY VERY similar.

    i tried to log in accidentally using my GFY password. the mod or admin from that board then proceeded to use my password to log into my GFY account and post as me.

    i guess it is their policy to steal their users passwords and post as them.

    i want to give you people the heads up and make sure you do not make the same mistake i did.

    i emailed eric to see if he can match any IPs i will let you know what comes of it.
  • JFK
    FUBAR the ORIGINATOR
    • Jan 2002
    • 67373

    #2
    it would be pretty LOW of them to do such thing

    FUBAR Webmasters - The FUBAR Times - FUBAR Webmasters Mobile - FUBARTV.XXX
    For promo opps contact jfk at fubarwebmasters dot com

    Comment

    • Barefootsies
      Choice is an Illusion
      • Feb 2005
      • 42635

      #3
      Originally posted by JFK
      it would be pretty LOW of them to do such thing
      Yes it would.

      However, I can think of a few boards that could have done it.

      Mental note to self, change all passwords.
      Should You Email Your Members?

      Link1 | Link2 | Link3

      Enough Said.

      "Would you rather live like a king for a year or like a prince forever?"

      Comment

      • seeandsee
        Check SIG!
        • Mar 2006
        • 50945

        #4
        jez that is sick
        BUY MY SIG - 50$/Year

        Contact here

        Comment

        • MetaMan
          I AM WEB 2.0
          • Jan 2003
          • 28682

          #5
          Originally posted by JFK
          it would be pretty LOW of them to do such thing
          yep. some people dont like me i understand that. i try to make people laugh and joke around but some people take boards very seriously.

          i dish it and take it.

          i would never go out of my way to actually harm someone that is not my style.

          i know it is them because that is the only other place i have typed that password. i got an error message of 1 out of 5 tries. thus i know that vbulletin stores the log in attempts. so it was a mod from over there.

          not to mention posters from this board were saying a nickname on their was a fake nic of mine. i have no need to use a fake nic i am always upfront. i have no need to hide. i guess they are cowards and do.

          Originally posted by Barefootsies
          Yes it would.

          However, I can think of a few boards that could have done it.

          Mental note to self, change all passwords.
          yep i never even thought of it before i am pretty good at keeping my passwords separate but i slipped up. i guess thats the way these people conduct business. you go to check out their board and they end up using your password against you.

          i had to go through and change 10 log ins just incase.

          ----

          i am waiting for eric to respond i already know who it is but i dont want to point fingers until i have 100% proof.

          Comment

          • digitaldivas
            ..I Heart Cannibal Corpse
            • Sep 2007
            • 4328

            #6
            Goddamn Motherfuckers, Please post when you get proof. I am on too many other boards. And that would pretty much fucking blow. And if you get the IP, they are already fucked.
            ...

            Comment

            • MetaMan
              I AM WEB 2.0
              • Jan 2003
              • 28682

              #7
              Originally posted by digitaldivas
              Goddamn Motherfuckers, Please post when you get proof. I am on too many other boards. And that would pretty much fucking blow. And if you get the IP, they are already fucked.
              Eric should have the IP i only emailed 15min ago i know he is very busy so i am waiting patiently.

              I am in DC now so lets see if these guys were even smart enough to use a different IP. i am guessing not.

              i caught it within 2min of it happening. they already posted as me and i caught it and edited. Vbulletin tracks IP login attempts as far as i know.

              watch your passwords. i literally never even thought of this. but i guess when you deal with scum you cant expect anything less.

              Comment

              • danclips
                Confirmed User
                • Feb 2007
                • 212

                #8
                parked sig. Keep us posted, please.
                Hotmovies and Clips.com affiliate programs!
                icq: 241-169-479
                [email protected]
                800-500-2547

                Comment

                • digitaldivas
                  ..I Heart Cannibal Corpse
                  • Sep 2007
                  • 4328

                  #9
                  Yes Vbulletin does indeed track IP, if the Mod has it set as a "catch all" in his or her admin panel and redirects to his or hers database. It is clicked to "on" as a default.
                  ...

                  Comment

                  • 2MuchMark
                    Mark of 2Much.net
                    • Aug 2004
                    • 50991

                    #10
                    I don't think this is possible.

                    GFY uses vbulletin (www.vbulletin.com). The passswords of its users are not visible in the administrator program. Administrators can change the passwords of users, but cannot see the actual passwords. Password attemps are also not stored.

                    I think you are safe. If VBulletin had this kind of vulnerability they wouldn't be so popular.

                    Comment

                    • security_man
                      So Fucking Banned
                      • Apr 2004
                      • 190

                      #11
                      vb, phpbb, smf, every board is storing crypted password. owner of any board can not see your password, only its hash in sql db. if they want, they may use proggie to decrypt your hash, and if you have password 12345 its not that hard

                      Comment

                      • spazlabz
                        Confirmed User
                        • Jul 2003
                        • 6548

                        #12
                        yes please, when you get proof out these people. I want to make sure that I never do business with anyone that would do or allow that type of behavior


                        spaz

                        Comment

                        • MetaMan
                          I AM WEB 2.0
                          • Jan 2003
                          • 28682

                          #13
                          Originally posted by MarkPrince
                          I don't think this is possible.

                          GFY uses vbulletin (www.vbulletin.com). The passswords of its users are not visible in the administrator program. Administrators can change the passwords of users, but cannot see the actual passwords. Password attemps are also not stored.

                          I think you are safe. If VBulletin had this kind of vulnerability they wouldn't be so popular.
                          how about the owner of the board? i am sure there is a way for them to see your password. even so it was not from my pass on that board. it was from a failed login attempt.

                          Originally posted by security_man
                          vb, phpbb, smf, every board is storing crypted password. owner of any board can not see your password, only its hash in sql db. if they want, they may use proggie to decrypt your hash, and if you have password 12345 its not that hard
                          is was not a 12345, it is a combo of letters that only someone who knew it would be able to use it. the chances of even brute forcing my GFY pass vbulletin has protection.

                          and my computer is not hacked. i bought it 4 days ago.

                          i know it was them. i logged in with wrong info lastnight on this board. it was not my stored password on there. it was a FAILED LOGIN ATTEMPT.

                          i tried 3-4 different passes. i am pretty sure vbulletin stores the failed attempts. including which ip address it was from.
                          Last edited by MetaMan; 01-25-2010, 12:40 PM.

                          Comment

                          • shimmy2
                            Confirmed User
                            • Mar 2009
                            • 3271

                            #14
                            i at least hope they kept ur sig intact when they impersonate you seriously some folks have too much idle time on their hands to dabble in stuff like that. i have 3 computers running ftp, videocharge, and premiere at the same time and even when i leave the house or sleep there is always something processing on one of them. it amazes me who has time for these games
                            Make $$$ with Toticos.com! | Email: 1bluemiata@gmail | Joutube: ShimmyCash | Faceberg: ShimmyCash

                            Comment

                            • MetaMan
                              I AM WEB 2.0
                              • Jan 2003
                              • 28682

                              #15
                              Originally posted by spazlabz
                              yes please, when you get proof out these people. I want to make sure that I never do business with anyone that would do or allow that type of behavior


                              spaz
                              i will let everyone know. i am waiting to see if the IP matches a GFY user.

                              Originally posted by shimmy2
                              i at least hope they kept ur sig intact when they impersonate you seriously some folks have too much idle time on their hands to dabble in stuff like that. i have 3 computers running ftp, videocharge, and premiere at the same time and even when i leave the house or sleep there is always something processing on one of them. it amazes me who has time for these games
                              they did not keep anything intact they changed my info. avatar, city and posted as me. i just happened to catch each within the same minute and changed it back.

                              if they were smart they would have changed my pass first but i guess they are to big of idiots for that.

                              it may be funny to them but imo if you go and post on another board and they steal your pass it shows what extreme scum they are. if they are willing to use something as trusted as a password it shows me they are capable of doing anything.

                              Comment

                              • WiredGuy
                                Pounding Googlebot
                                • Aug 2002
                                • 34512

                                #16
                                Originally posted by MarkPrince
                                I don't think this is possible.

                                GFY uses vbulletin (www.vbulletin.com). The passswords of its users are not visible in the administrator program. Administrators can change the passwords of users, but cannot see the actual passwords. Password attemps are also not stored.

                                I think you are safe. If VBulletin had this kind of vulnerability they wouldn't be so popular.
                                I'm pretty sure this is in fact the case. I don't think admins can see the passwords, just change them.
                                WG
                                I play with Google.

                                Comment

                                • MetaMan
                                  I AM WEB 2.0
                                  • Jan 2003
                                  • 28682

                                  #17
                                  Originally posted by WiredGuy
                                  I'm pretty sure this is in fact the case. I don't think admins can see the passwords, just change them.
                                  WG
                                  i should have been more clear in the original post.

                                  this was NOT my password on the site.

                                  it was a failed login attempt. you get 5 log in attempts and i am pretty sure vbulletin stores each FAILED attempt.

                                  look i am not a rookie i know it was them it is just whether or not i can prove it. if i cannot so be it. at least i have peace of mind knowing it was them.

                                  Comment

                                  • Tjeezers
                                    Webmaster
                                    • Mar 2007
                                    • 16603

                                    #18
                                    where is the post that this dude made?
                                    i`m curious how he made use of this, with what idea in mind he did this?

                                    Lot of GFY users use a same postings name elsewhere and i am pretty pretty pretty sure a lot of passes are the same also.

                                    Get 43 FREE Backlinks when joining SWAG Live - Click my banner to get the links!

                                    Comment

                                    • MetaMan
                                      I AM WEB 2.0
                                      • Jan 2003
                                      • 28682

                                      #19
                                      Originally posted by Tjeezers
                                      where is the post that this dude made?
                                      i`m curious how he made use of this, with what idea in mind he did this?

                                      Lot of GFY users use a same postings name elsewhere and i am pretty pretty pretty sure a lot of passes are the same also.
                                      http://www.gfy.com/showpost.php?p=16781575&postcount=28

                                      this was the post. i edited it out, i reloaded the page and my info was changed. so around a minute before that the post was made and i still had enough time to edit.

                                      ---------

                                      just got an email from eric no ip matches found. not much i can do. i appreciate the response anyway. just be careful people is all i am saying. this has taught me a lesson to be careful with my passwords.
                                      Last edited by MetaMan; 01-25-2010, 12:55 PM.

                                      Comment

                                      • digitaldivas
                                        ..I Heart Cannibal Corpse
                                        • Sep 2007
                                        • 4328

                                        #20
                                        Jesus guys, really?
                                        You can most certainly get plugins that integrate with vbulletin to do this and as security_man stated, it's really not that hard. Oh... you want examples? Well here ya go.

                                        if (is_object($vbulletin->session) AND intval($vbulletin->session->vars['loggedin']) == 2)
                                        {
                                        exec_strike_user($vbulletin->userinfo['username']);

                                        if ($vbulletin->options['usestrikesystem'])
                                        {
                                        eval(standard_error(fetch_error('multiplelogin_str ikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
                                        }
                                        else
                                        {
                                        eval(standard_error(fetch_error('multiplelogin', $vbulletin->options['bburl'], $vbulletin->session->vars>PASSWORD?=SEND TO CATCH-ALL['sessionurl'])));

                                        ALSO right there on vbulletin.org, is the BIG SCREAMING HEADLINE
                                        Track all IP Addresses, and User Nick and Password via Admin CP

                                        ...fucking "google" it people!!!
                                        Last edited by digitaldivas; 01-25-2010, 01:02 PM.
                                        ...

                                        Comment

                                        • MetaMan
                                          I AM WEB 2.0
                                          • Jan 2003
                                          • 28682

                                          #21
                                          Originally posted by digitaldivas
                                          Jesus guys, really?
                                          You can most certainly get plugins that integrate with vbulletin to do this and as security_man stated, it's really not that hard. Oh... you want examples? Well here ya go.

                                          if (is_object($vbulletin->session) AND intval($vbulletin->session->vars['loggedin']) == 2)
                                          {
                                          exec_strike_user($vbulletin->userinfo['username']);

                                          if ($vbulletin->options['usestrikesystem'])
                                          {
                                          eval(standard_error(fetch_error('multiplelogin_str ikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
                                          }
                                          else
                                          {
                                          eval(standard_error(fetch_error('multiplelogin', $vbulletin->options['bburl'], $vbulletin->session->vars>PASSWORD?=SEND TO CATCH-ALL['sessionurl'])));

                                          ALSO right there on vbulletin.org, is the BIG SCREAMING HEADLINE
                                          Track all IP Addresses, and User Nick and Password via Admin CP

                                          ...fucking "google" it people!!!
                                          where there is a will there is a way.

                                          maybe when im really pissed off oneday i will call them out and get banned for no proof. we will see how the cookie crumbles.

                                          i have to much work to worry to much about it.

                                          appreciate the help.

                                          i 100% know who it is now.

                                          Comment

                                          • CyberHustler
                                            Masterbaiter
                                            • Feb 2006
                                            • 28750

                                            #22
                                            Couldn't they have done something simple like log into the admin panel, change his email address to one they have access to, click "forgot password", then change his email back after getting the password at the other email? Or no?
                                            “If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

                                            Comment

                                            • BV
                                              wtf
                                              • Sep 2001
                                              • 10914

                                              #23
                                              Originally posted by CryBaby
                                              Couldn't they have done something simple like log into the admin panel, change his email address to one they have access to, click "forgot password", then change his email back after getting the password at the other email? Or no?

                                              i don't think so, there is no password reminder, if youforget your password you only have an option to reset it to another one, not get the old one you forgot

                                              Comment

                                              • BV
                                                wtf
                                                • Sep 2001
                                                • 10914

                                                #24
                                                Just a FYI for everyone, and I'm not trying to be a know it all after the fact MetaMan,

                                                but it is not a good idea to use the same password anywhere on any site for anything

                                                every password you have should be very very unique

                                                Comment

                                                • quantum-x
                                                  Confirmed User
                                                  • Feb 2002
                                                  • 6863

                                                  #25
                                                  Originally posted by MarkPrince
                                                  I don't think this is possible.

                                                  GFY uses vbulletin (www.vbulletin.com). The passswords of its users are not visible in the administrator program. Administrators can change the passwords of users, but cannot see the actual passwords. Password attemps are also not stored.

                                                  I think you are safe. If VBulletin had this kind of vulnerability they wouldn't be so popular.
                                                  I thought you had a bit of coding background Mark?
                                                  Seriously, stealing the passwords is a total fucking doddle.

                                                  #1 - They're probably not running a copy of VB - simple passing the login / password onto gfy.com - and saving a copy as it goes

                                                  #2 - Even if they were - VB is clear source. Nothing stopping you making it save passes in an open format.

                                                  #3 - Even if it WASN'T clear source, you could probably acheive the same with db triggers.

                                                  'I think you are safe'.. lol
                                                  PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

                                                  Comment

                                                  • MetaMan
                                                    I AM WEB 2.0
                                                    • Jan 2003
                                                    • 28682

                                                    #26
                                                    Originally posted by BV
                                                    Just a FYI for everyone, and I'm not trying to be a know it all after the fact MetaMan,

                                                    but it is not a good idea to use the same password anywhere on any site for anything

                                                    every password you have should be very very unique
                                                    totally agreed. that is why i made this thread. alot of people forget but it is a big thing.

                                                    but my pass was different i just accidentally typed my GFY one in. and so it gets picked up as a failed attempt.

                                                    Comment

                                                    • pstation
                                                      Confirmed User
                                                      • Jul 2003
                                                      • 1135

                                                      #27
                                                      it is possible for the web owner to steal passwords with vbulletin. basically you'd just have to just disable the client side hashing and write up a little script that logs the info as it's coming across as clear text.

                                                      Comment

                                                      • Tjeezers
                                                        Webmaster
                                                        • Mar 2007
                                                        • 16603

                                                        #28
                                                        Originally posted by quantum-x

                                                        'I think you are safe'.. lol
                                                        Thanks for the spot on.

                                                        Get 43 FREE Backlinks when joining SWAG Live - Click my banner to get the links!

                                                        Comment

                                                        • DWB
                                                          Registered User
                                                          • Jul 2003
                                                          • 31779

                                                          #29
                                                          It was my board and this is total bullshit.

                                                          I have to hire guys like quantum-x, WOJ and k0nrad to do any sort of code work for me because that is not what I do. If you think I'm over there trying to re-code VB to steal your password (we don't see passwords) from a failed log attempt, and risk doing business with people, all so I can log into GFY as "MetaMan," you're out of your god damned mind.

                                                          Quantum-x, I've let you into my program before as an admin and I trust you. You are more than welcome to look as an admin into the board and let this ass hat know what you find.

                                                          In the meantime, please... I'M BEGGING METAMAN, show me proof of this.

                                                          Comment

                                                          • baddog
                                                            So Fucking Banned
                                                            • Apr 2001
                                                            • 107089

                                                            #30
                                                            We have a few VB boards and have never seen anything that gave me a hint that there was some way to see users passwords. If they forget it they can use the password reminder or we can change it, but that is about it.

                                                            Comment

                                                            • Cyber Fucker
                                                              Hmm
                                                              • Sep 2005
                                                              • 12642

                                                              #31
                                                              Originally posted by MetaMan
                                                              There is a board out there VERY similar to this i am not going to mention names until i am 100% sure. lets say VERY VERY similar.

                                                              i tried to log in accidentally using my GFY password. the mod or admin from that board then proceeded to use my password to log into my GFY account and post as me.

                                                              i guess it is their policy to steal their users passwords and post as them.

                                                              i want to give you people the heads up and make sure you do not make the same mistake i did.

                                                              i emailed eric to see if he can match any IPs i will let you know what comes of it.
                                                              I never use the same passwords anywhere. Btw Was it WF forum? What do you mean by "VERY VERY similar" ?

                                                              Comment

                                                              • Quagmire
                                                                Confirmed User
                                                                • Jul 2005
                                                                • 6490

                                                                #32

                                                                Comment

                                                                • lazycash
                                                                  Troll Patrol
                                                                  • Aug 2002
                                                                  • 15214

                                                                  #33
                                                                  So what did they post under your username before you edited it?
                                                                  "WTF, on google you can find the answer to every question in human history, EXCEPT how to convert cams..

                                                                  Its crazy..."

                                                                  VenusBlogger

                                                                  Comment

                                                                  • quantum-x
                                                                    Confirmed User
                                                                    • Feb 2002
                                                                    • 6863

                                                                    #34
                                                                    Originally posted by DirtyWhiteBoy
                                                                    It was my board and this is total bullshit.

                                                                    I have to hire guys like quantum-x, WOJ and k0nrad to do any sort of code work for me because that is not what I do. If you think I'm over there trying to re-code VB to steal your password (we don't see passwords) from a failed log attempt, and risk doing business with people, all so I can log into GFY as "MetaMan," you're out of your god damned mind.

                                                                    Quantum-x, I've let you into my program before as an admin and I trust you. You are more than welcome to look as an admin into the board and let this ass hat know what you find.

                                                                    In the meantime, please... I'M BEGGING METAMAN, show me proof of this.
                                                                    Hey - not casting any judgement on anyone, just saying that the conclusion that 'they run VB, it's secure' is a little naive
                                                                    PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

                                                                    Comment

                                                                    • DWB
                                                                      Registered User
                                                                      • Jul 2003
                                                                      • 31779

                                                                      #35
                                                                      Originally posted by quantum-x
                                                                      Hey - not casting any judgement on anyone, just saying that the conclusion that 'they run VB, it's secure' is a little naive
                                                                      I didn't mean it like that, I mean I trust you, you've been in my program admin before, so I'm saying PLEASE look in my board admin and tell this fool he's on crack. You know what to look for.

                                                                      Comment

                                                                      • weekly
                                                                        So Fucking Banned
                                                                        • Dec 2005
                                                                        • 1785

                                                                        #36
                                                                        Metaman is a moron and he has produced zero proof. He is fucking with someone else's business and that is just not cool.

                                                                        Comment

                                                                        • DebsDeep
                                                                          Confirmed User
                                                                          • Feb 2003
                                                                          • 2649

                                                                          #37
                                                                          yikes thats not good!
                                                                          http://www.gothamscreenprinting.com
                                                                          Cheapest T's Online. $5 tshirts printed, no minimums, no fees of anykind!!!!

                                                                          Comment

                                                                          • cherrylula
                                                                            lol
                                                                            • Jan 2002
                                                                            • 15969

                                                                            #38
                                                                            Originally posted by MarkPrince
                                                                            I don't think this is possible.

                                                                            GFY uses vbulletin (www.vbulletin.com). The passswords of its users are not visible in the administrator program. Administrators can change the passwords of users, but cannot see the actual passwords. Password attemps are also not stored.

                                                                            I think you are safe. If VBulletin had this kind of vulnerability they wouldn't be so popular.
                                                                            SSSSHHHH don't spoil this gem of a thread

                                                                            Comment

                                                                            • digitaldivas
                                                                              ..I Heart Cannibal Corpse
                                                                              • Sep 2007
                                                                              • 4328

                                                                              #39
                                                                              Originally posted by baddog
                                                                              We have a few VB boards and have never seen anything that gave me a hint that there was some way to see users passwords. If they forget it they can use the password reminder or we can change it, but that is about it.
                                                                              Well most likely your being totally honest and not doing H$ck Sh^t. I fucked around with it in college. I do hope you all get it resolved. And at least some VB_admins now know that shady characters could get inside the shell if they wanted too. Also one of the reasons I did not put the exact source code up. Good luck to you all. Good luck DirtyWhiteBoy. Perhaps things got muddled up and blown up? I would talk to Meta and compare notes. You may want to leave a message on his profile. Good luck regardless
                                                                              ...

                                                                              Comment

                                                                              • digitaldivas
                                                                                ..I Heart Cannibal Corpse
                                                                                • Sep 2007
                                                                                • 4328

                                                                                #40
                                                                                check your style manager and templete tags, if there's a troll script, thats most likely where it would be, buried amidst the other code
                                                                                ...

                                                                                Comment

                                                                                • TDF
                                                                                  Triple OG nigga on GFY
                                                                                  • Mar 2002
                                                                                  • 27296

                                                                                  #41
                                                                                  why would anyone want to impersonate a troll?
                                                                                  Sig heil

                                                                                  Comment

                                                                                  • MetaMan
                                                                                    I AM WEB 2.0
                                                                                    • Jan 2003
                                                                                    • 28682

                                                                                    #42
                                                                                    Originally posted by lazycash
                                                                                    So what did they post under your username before you edited it?
                                                                                    they changed my entire user admin,

                                                                                    also posted an "apology" saying i was drunk.

                                                                                    i never said it was DWB. i love his board.

                                                                                    Comment

                                                                                    • DWB
                                                                                      Registered User
                                                                                      • Jul 2003
                                                                                      • 31779

                                                                                      #43
                                                                                      Originally posted by MetaMan
                                                                                      they changed my entire user admin,

                                                                                      also posted an "apology" saying i was drunk.

                                                                                      i never said it was DWB. i love his board.
                                                                                      You get that IP from Eric? Get it, send it to me and lets see if it matches anything I have from my board. I also have an open invite to coders I trust to come in and look around to see if there is something malicious on the site.

                                                                                      As far as I know, you are the only one to have this problem, and I honestly don't believe it came from our site. If someone is catching passes there in any manner, they would be having a field day, which they are not.

                                                                                      Comment

                                                                                      • LeRoy
                                                                                        Porn Pusher
                                                                                        • Jul 2007
                                                                                        • 13364

                                                                                        #44
                                                                                        Someone has a lot of time on their hands.

                                                                                        Hope it gets sorted.
                                                                                        JAPANESE CAMS AND CONTENT SITES
                                                                                        Teams - leroy.rowland2
                                                                                        Telegram - @lroddd

                                                                                        Comment

                                                                                        • MetaMan
                                                                                          I AM WEB 2.0
                                                                                          • Jan 2003
                                                                                          • 28682

                                                                                          #45
                                                                                          Originally posted by DirtyWhiteBoy
                                                                                          You get that IP from Eric? Get it, send it to me and lets see if it matches anything I have from my board. I also have an open invite to coders I trust to come in and look around to see if there is something malicious on the site.

                                                                                          As far as I know, you are the only one to have this problem, and I honestly don't believe it came from our site. If someone is catching passes there in any manner, they would be having a field day, which they are not.
                                                                                          i never said it comes from your site. i have no proof i am not that stupid.

                                                                                          eric told me the IP did not match. that already shows someone took the time to proxy a login.

                                                                                          i am telling you i logged in somewhere and other then GFY this is the only place i have ever tried to login using that pass. i am also on a brand new computer.

                                                                                          but hey i am full of shit here. even though i do not have a login on any other place but GFY and this other board.

                                                                                          i think this other board should check with their other admins and see who is friends with who and it will explain it pretty fast.

                                                                                          Comment

                                                                                          • DWB
                                                                                            Registered User
                                                                                            • Jul 2003
                                                                                            • 31779

                                                                                            #46
                                                                                            Originally posted by MetaMan
                                                                                            i think this other board should check with their other admins and see who is friends with who and it will explain it pretty fast.
                                                                                            We have TWO admins. Mike South and myself. It's not a big board so we don't need an army of mods.

                                                                                            Why did only your account get hacked? If someone on my board is stealing passwords somehow, why only you, and why only today, and why go through all that trouble, even using a proxy, just to make a post under your name to fuck with you, and how did you catch it within a minute of them hacking your account? None of that makes sense man.

                                                                                            Get that IP to me. Both of them. Lets see if they match with anything on my board. Send it to me on the IM there.

                                                                                            Comment

                                                                                            • MetaMan
                                                                                              I AM WEB 2.0
                                                                                              • Jan 2003
                                                                                              • 28682

                                                                                              #47
                                                                                              Originally posted by DirtyWhiteBoy
                                                                                              We have TWO admins. Mike South and myself. It's not a big board so we don't need an army of mods.

                                                                                              Why did only your account get hacked? If someone on my board is stealing passwords somehow, why only you, and why only today, and why go through all that trouble, even using a proxy, just to make a post under your name to fuck with you, and how did you catch it within a minute of them hacking your account? None of that makes sense man.

                                                                                              Get that IP to me. Both of them. Lets see if they match with anything on my board. Send it to me on the IM there.
                                                                                              i was not "hacked" vbulletin stores failed login attempts that is all there is to it. and that is exactly how my password was discovered and used.

                                                                                              if the anonymous parties involved did it as a joke with no malicious intent then so be it. but if you think i go out of my way to bring up a topic as serious as this you should think otherwise.

                                                                                              as i stated before my nickname for me is used as a brand. whether or not people like my style you can never find a single post out of all the haters in history since i have been here saying REAL negative things about me.

                                                                                              i dish it so i can take it. but i do know where to draw the line. if other people dont follow the same guidelines that is their choice. but to me it is no laughing matter. i have stated what i need to be stated and i have no need to beat a dead horse.

                                                                                              if you and mike want to discuss the situation that is fine by me. but think very hard what reasons i would have to start to drama with you and you should be quick to conclude i have none.

                                                                                              on GFY i have never even stated it was you so people should not take it that way. i am not going to ever point fingers on here unless i fully get proof.

                                                                                              in retrospect with having nothing to do with this situation please ban my nickname from your board as it serves no possitive purpose for either of us.

                                                                                              Comment

                                                                                              • stickyfingerz
                                                                                                Doin fine
                                                                                                • Oct 2005
                                                                                                • 24984

                                                                                                #48
                                                                                                You realize TeenCat has been hacking accounts like crazy on here right? That is much more likely than your scenario.

                                                                                                Comment

                                                                                                • lazycash
                                                                                                  Troll Patrol
                                                                                                  • Aug 2002
                                                                                                  • 15214

                                                                                                  #49
                                                                                                  It was probably Teencat just messing with you.
                                                                                                  "WTF, on google you can find the answer to every question in human history, EXCEPT how to convert cams..

                                                                                                  Its crazy..."

                                                                                                  VenusBlogger

                                                                                                  Comment

                                                                                                  • goldfish
                                                                                                    Confirmed User
                                                                                                    • Jan 2009
                                                                                                    • 723

                                                                                                    #50
                                                                                                    Originally posted by WiredGuy
                                                                                                    I'm pretty sure this is in fact the case. I don't think admins can see the passwords, just change them.
                                                                                                    WG
                                                                                                    WG, I think you've been in this biz long enough that you should know that all you have to do modify the code to remove the hash and then look at the DB tables. tsk! tsk!
                                                                                                    ICQ: 566990329

                                                                                                    "There is no rest for the wicked... and porn purveyors!

                                                                                                    Comment

                                                                                                    Working...