Author Topic: Forum security (Read 3972 times)

AthlonBoy · **on:** March 28, 2009, 11:50:47 am

I recently signed up to these forums to do work on the Boanerges. Literally days later, my Steam account is hijacked. It uses the same e-mail that I used on these forums, and the same password (not that saying this matters now). My security-concious friend tells me the SMF software these forms use is "terrible".

I have to ask this. Is this forum secure? Are the e-mails and passwords kept locked up?

No need to suggest other reasons for my Steam hijacking, I'm already looking into them all. I just want to cross this off my list of suspects.

FreeSpaceFreak · **Reply #1 on:** March 28, 2009, 12:07:30 pm

I haven't had any problems with it

Herra Tohtori · **Reply #2 on:** March 28, 2009, 01:42:30 pm

Correlation doesn't imply causation, and I would think a weak password and foul luck would be far more likely culprit.

It is of course a possibility that if you use same password for many services, one of them has had a security leak of some kind. But it's still a stretch that someone would have connected your HLP account with the Steam account... unless your E-mail itself is compromised.

At any rate using same password for many purposes - especially non-important and important purposes alike - is very much not advisable...

Polpolion · **Reply #3 on:** March 28, 2009, 01:43:05 pm

I haven't had any issues in the four years that I've been here.

Hellstryker · **Reply #4 on:** March 28, 2009, 03:03:58 pm

No issues here.

Aardwolf · **Reply #5 on:** March 28, 2009, 03:50:36 pm

* Aardwolf doesn't even have a Steam account

Galemp · **Reply #6 on:** March 28, 2009, 07:18:04 pm

Sorry to hear that, Athlon, but as far as I know we've never heard of any problems coming from outside the community.

Various unsavory types from within the community have been known to cause trouble, but nothing like what you've experienced.

tinfoil · **Reply #7 on:** March 28, 2009, 07:19:27 pm

*cough* an0n *cough*

AthlonBoy · **Reply #8 on:** March 28, 2009, 07:45:46 pm

Well, fair enough.

Nothing personal, but if a woman was killed by a serial killer, you'd question the husband as a suspect until that was proven. I'm just looking into all avenues.

Mobius · **Reply #9 on:** March 28, 2009, 08:09:02 pm

Quote from: thesizzler on March 28, 2009, 01:43:05 pm

I haven't had any issues in the four years that I've been here.

Make that three years for me. I've never had security problems. Even telling Dysko what my password was lead to nothing because it was difficult to spell.

Blue Lion · **Reply #10 on:** March 28, 2009, 08:58:19 pm

Not to knock Athlonboy down a notch, but if there was an issue with security, "new guy's Steam account" wouldn't be my first pick.

I bet there is a ton of good stuff here to break into.

Polpolion · **Reply #11 on:** March 28, 2009, 11:10:19 pm

BTW, did you get your steam account back under control all right?

Goober5000 · **Reply #12 on:** March 29, 2009, 12:00:35 am

Quote from: tinfoil on March 28, 2009, 07:19:27 pm

*cough* an0n *cough*

Actually, when an0n found the new forums, he complimented us on our choice of SMF, due to SMF's security.

tinfoil · **Reply #13 on:** March 29, 2009, 11:16:38 am

Well he would know...
Not to be roasting an0n or anything, I find him to be quite entertaining.

[/offtopic]

Carry on.

AthlonBoy · **Reply #14 on:** March 30, 2009, 03:08:58 pm

It sure was an 'anon' who hijacked me. He changed my picture to the classic black-and-white tuxedo, which is a bit of a giveaway. As a veteran of internets, I know what anon is, and that you shouldn't take them seriously. Don't feed the troll, and all that.

A friend of mine had a chat with the hijacker. He claims he did indeed exploit some flaw in the MySQL of these forums. The way I've put that might sound incredibly silly, but I know nothing of SQL or of forums. Maybe an admin should check. 'Course, he may just be yanking our chains.

Mongoose · **Reply #15 on:** March 30, 2009, 05:31:06 pm

Quote from: AthlonBoy on March 30, 2009, 03:08:58 pm

It sure was an 'anon' who hijacked me. He changed my picture to the classic black-and-white tuxedo, which is a bit of a giveaway. As a veteran of internets, I know what anon is, and that you shouldn't take them seriously. Don't feed the troll, and all that.

Actually, the specific "an0n" they're referring to is a singular entity who predates the more recent "Anon" phenomenon by quite a bit. And from what I understand, this isn't the sort of thing that would be up his alley.

tinfoil · **Reply #16 on:** March 30, 2009, 05:41:56 pm

Aye, the singular an0n lives on a level far below the recant Anon phenomenon. *shudders as he remembers his lurking days and the permanent scarring*

Hippo · **Reply #17 on:** March 30, 2009, 10:55:50 pm

SMF encrypts passwords before putting them in the database, so I don't buy this for a second. More likely is you had some sort of keylogger on your computer already, and your combination of email/password you typed in when you registered was used on any common websites you've visited.

Dilmah G · **Reply #18 on:** March 31, 2009, 07:12:16 am

I've seen some of his posts, does he still go on here?

I can't offer much advice topic-wise, I don't have a steam account

tinfoil · **Reply #19 on:** March 31, 2009, 05:09:44 pm

He does indeed still go on here but much less, and his posts are rather less disturbing. Except for the Lime in the Coconut one.

News:

Author Topic: Forum security (Read 3972 times)

Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security

Re: Forum security