| Author |
 Topic  |
|
|
eric1
Starting Member
3 Posts |
 Posted - 19 July 2004 : 16:45:26
|
On our forum we are having some either hacking issues or something....because we have people who shouldnt have access, somehow reading our private boards. My guess is someone had their password guessed (like username = password).
is there a way to reset all users passwords to random characters, and make them fix via email? As well as a way to require new passwords to be at least 1 number, capital letter, or random sign (ie: #!@%...) |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 19 July 2004 : 16:59:57
|
| How do you know these persons are reading topics in your private forums? |
Support Snitz Forums
|
 |
|
|
eric1
Starting Member
3 Posts |
Posted - 19 July 2004 : 17:14:50
|
Lemme give you some background. The site that uses the forum is for an online gaming guild. We have a public and private section (where we give individual users access to the private section ... not using a shared password). We have about 150 members that have access to the private section. In the game another guild has admitted and has copy & pasted stuff from our private boards.
I ended up going through one day of server logs (about 25mb in a text file) and was able to find one user logging in via 4 different IP's...matching the IP's to one of the guys stating he reads our boards, we were able to verify one users account was compromised. He had the same username/password ~so that was easily fixed.
But, the problem still persists. So we feel more users may have the same issues. We also don't know that all our members use their acct, and if we request everyone changes their password, one of the outsiders may just change it and still gain access.
Does this clarify some? |
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 19 July 2004 : 19:51:18
|
Ahh guild espionage, I remember the days well when we had other guilds claiming to be reading our forums, turned out we had someone on the inside just sending them the posts.
To update all passwords, your going to have to write your own custom function to do it I'm afraid theres no easy way you can just do it via the forum admin.
Have you written any ASP scripts before? |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
|
eric1
Starting Member
3 Posts |
Posted - 20 July 2004 : 11:00:51
|
no i haven't
Any other suggestions on how to fix this kind of problem> |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 20 July 2004 : 12:56:21
|
Are you positive that they are actually reading the topics in the private forums (besides those that were using the account with the same username & password)? If someone without the proper permissions were to navigate to them by entering the URL of a forum or topic in their browser's address bar, the logs would show them as having accessed it when, in reality, all they would have seen would have been an error message stating they didn't have the necessary permissions.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
| |
Topic |
|
Topic Locked
