Author

Topic: Attempted account hack? (Read 1399 times)

hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
April 26, 2013, 11:18:16 AM
#18
And lie on the security questions. Just remember your lies.

I always give nonsense answers on security questions.  You can put "polka dots" down for you mother's maiden name for all the system cares and "dragon football aluminium" for your favourite movie.
Exactly. As long as you remember that your favorite movie was dragon football aluminum, you're good. Which is why I like Theymos' "just generate another password" idea. because then you don't have to remember. The password generator does that. Smiley
hero member
Activity: 868
Merit: 1000
April 26, 2013, 04:19:56 AM
#17
And lie on the security questions. Just remember your lies.

I always give nonsense answers on security questions.  You can put "polka dots" down for you mother's maiden name for all the system cares and "dragon football aluminium" for your favourite movie.
sr. member
Activity: 322
Merit: 252
April 25, 2013, 10:12:32 PM
#16
For the second time now, someone has tried to reset my password on my account.

This time, it came from IP address 63.118.235.5, which traces to the domain "mail.wholesystems.com".

Any idea if there is someone from that domain involved in BitCoin?

Admin, last time you moved this message elsewhere - I think if we can have some of the other threads I've seen in here, a discussion about someone potentially trying to compromise an account is worthy of a discussion.

I think that he only tried this on you. He may have actually thought that he owned your account. He was trying passwords on a similar-looking account.

OK.  I guess I'll just have to wait and see... it was just that this was the second time in about a month someone tried to "recover" my account.
administrator
Activity: 5222
Merit: 13032
April 25, 2013, 07:15:40 PM
#15
For the second time now, someone has tried to reset my password on my account.

This time, it came from IP address 63.118.235.5, which traces to the domain "mail.wholesystems.com".

Any idea if there is someone from that domain involved in BitCoin?

Admin, last time you moved this message elsewhere - I think if we can have some of the other threads I've seen in here, a discussion about someone potentially trying to compromise an account is worthy of a discussion.

I think that he only tried this on you. He may have actually thought that he owned your account. He was trying passwords on a similar-looking account.
sr. member
Activity: 364
Merit: 250
April 25, 2013, 05:04:12 PM
#14
Yeah, "security questions" are totally insecure. For sites that require them, I just pick a random question and generate another password.

Hehe, I do that, too ^^
sr. member
Activity: 322
Merit: 252
April 25, 2013, 01:48:01 PM
#13
Maybe we could require that someone has to request a password reset based on not only the username, but the email address associated with it as well?
legendary
Activity: 2324
Merit: 1125
April 25, 2013, 01:31:44 PM
#12
Yeah, "security questions" are totally insecure. For sites that require them, I just pick a random question and generate another password.
That's a great idea!

Mother's maiden name? D3r(83ckd8#22-H/  Cheesy

Yeah I always just jam my keyboard on those. These are also stored as plain text often.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
April 25, 2013, 01:28:12 PM
#11
Yeah, "security questions" are totally insecure. For sites that require them, I just pick a random question and generate another password.
That's a great idea!

Mother's maiden name? D3r(83ckd8#22-H/  Cheesy
administrator
Activity: 5222
Merit: 13032
April 25, 2013, 01:15:41 PM
#10
Yeah, "security questions" are totally insecure. For sites that require them, I just pick a random question and generate another password.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
April 25, 2013, 09:11:57 AM
#9
And lie on the security questions. Just remember your lies.

Adding a security question is optional. I don't recommend using them (on any site).
Well, it's optional here. But not on every site. On those you do have to use them, so long as you lie, and remember the lie (mother's maiden name is actually the name of your first dog, or whatever) then that reduces the security vulnerability that they introduce.

How many famous people have had their accounts hacked because the attacker could just look up the answers to those questions?
administrator
Activity: 5222
Merit: 13032
April 25, 2013, 08:38:31 AM
#8
I will look into it later. Maybe I'll add an option to disable password resets for your account.

And lie on the security questions. Just remember your lies.

Adding a security question is optional. I don't recommend using them (on any site).

Is there a way to lock my account to a static IP address?

That'd be too much trouble. Everyone changes IPs eventually.
sr. member
Activity: 322
Merit: 252
April 24, 2013, 11:09:31 PM
#7
Is there a way to lock my account to a static IP address?
legendary
Activity: 1288
Merit: 1227
Away on an extended break
April 24, 2013, 11:02:00 PM
#6
I've seen hacking attempts on my IRC handle too.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
April 24, 2013, 11:00:22 PM
#5
Well the IP is listed in the message as being where it came from... what do you suggest?
Theymos can check to see if that IP address has attempted to reset others', or if that IP address is associated with any accounts. If there are multiple instances of it, he can at least IP ban the person - which isn't really a solution worth cheering about, but there really aren't any decent solutions to this outside of ensuring your password is very secure both here and with your email service.
And with your back-up email service, if you use Gmail or another web-based email provider.

And lie on the security questions. Just remember your lies.
donator
Activity: 1218
Merit: 1015
April 24, 2013, 08:37:48 PM
#4
Well the IP is listed in the message as being where it came from... what do you suggest?
Theymos can check to see if that IP address has attempted to reset others', or if that IP address is associated with any accounts. If there are multiple instances of it, he can at least IP ban the person - which isn't really a solution worth cheering about, but there really aren't any decent solutions to this outside of ensuring your password is very secure both here and with your email service.
sr. member
Activity: 322
Merit: 252
April 24, 2013, 08:31:49 PM
#3
Well the IP is listed in the message as being where it came from... what do you suggest?
legendary
Activity: 966
Merit: 1004
Keep it real
April 24, 2013, 08:04:33 PM
#2
I'd suggest PMing theymos, he has access to the IP logs.
sr. member
Activity: 322
Merit: 252
April 24, 2013, 07:24:02 PM
#1
For the second time now, someone has tried to reset my password on my account.

This time, it came from IP address 63.118.235.5, which traces to the domain "mail.wholesystems.com".

Any idea if there is someone from that domain involved in BitCoin?

Admin, last time you moved this message elsewhere - I think if we can have some of the other threads I've seen in here, a discussion about someone potentially trying to compromise an account is worthy of a discussion.
Jump to: