|
bitcoinminer (OP)
|
 |
April 25, 2013, 12:24:02 AM |
|
For the second time now, someone has tried to reset my password on my account.
This time, it came from IP address 63.118.235.5, which traces to the domain "mail.wholesystems.com".
Any idea if there is someone from that domain involved in BitCoin?
Admin, last time you moved this message elsewhere - I think if we can have some of the other threads I've seen in here, a discussion about someone potentially trying to compromise an account is worthy of a discussion.
|
Be fearful when others are greedy, and greedy when others are fearful.
-Warren Buffett
|
|
|
tysat
Legendary
 Offline
Activity: 966
Merit: 1004
Keep it real
|
|
April 25, 2013, 01:04:33 AM |
|
I'd suggest PMing theymos, he has access to the IP logs.
|
|
|
|
|
|
bitcoinminer (OP)
|
|
April 25, 2013, 01:31:49 AM |
|
Well the IP is listed in the message as being where it came from... what do you suggest?
|
Be fearful when others are greedy, and greedy when others are fearful.
-Warren Buffett
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
April 25, 2013, 01:37:48 AM |
|
Well the IP is listed in the message as being where it came from... what do you suggest?
Theymos can check to see if that IP address has attempted to reset others', or if that IP address is associated with any accounts. If there are multiple instances of it, he can at least IP ban the person - which isn't really a solution worth cheering about, but there really aren't any decent solutions to this outside of ensuring your password is very secure both here and with your email service. |
|
|
|
|
|
myrkul
|
|
April 25, 2013, 04:00:22 AM |
|
Well the IP is listed in the message as being where it came from... what do you suggest?
Theymos can check to see if that IP address has attempted to reset others', or if that IP address is associated with any accounts. If there are multiple instances of it, he can at least IP ban the person - which isn't really a solution worth cheering about, but there really aren't any decent solutions to this outside of ensuring your password is very secure both here and with your email service. with your back-up email service, if you use Gmail or another web-based email provider. And lie on the security questions. Just remember your lies. |
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
April 25, 2013, 04:02:00 AM |
|
I've seen hacking attempts on my IRC handle too.
|
|
|
|
|
|
bitcoinminer (OP)
|
|
April 25, 2013, 04:09:31 AM |
|
Is there a way to lock my account to a static IP address?
|
Be fearful when others are greedy, and greedy when others are fearful.
-Warren Buffett
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5460
Merit: 13695
|
|
April 25, 2013, 01:38:31 PM |
|
I will look into it later. Maybe I'll add an option to disable password resets for your account. And lie on the security questions. Just remember your lies.
Adding a security question is optional. I don't recommend using them (on any site). Is there a way to lock my account to a static IP address?
That'd be too much trouble. Everyone changes IPs eventually. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
myrkul
|
|
April 25, 2013, 02:11:57 PM |
|
And lie on the security questions. Just remember your lies.
Adding a security question is optional. I don't recommend using them (on any site). Well, it's optional here. But not on every site. On those you do have to use them, so long as you lie, and remember the lie (mother's maiden name is actually the name of your first dog, or whatever) then that reduces the security vulnerability that they introduce. How many famous people have had their accounts hacked because the attacker could just look up the answers to those questions? |
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5460
Merit: 13695
|
|
April 25, 2013, 06:15:41 PM |
|
Yeah, "security questions" are totally insecure. For sites that require them, I just pick a random question and generate another password.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
myrkul
|
|
April 25, 2013, 06:28:12 PM |
|
Yeah, "security questions" are totally insecure. For sites that require them, I just pick a random question and generate another password.
That's a great idea! Mother's maiden name? D3r(83ckd8#22-H/  |
|
|
|
wachtwoord
Legendary
Offline
Activity: 2338
Merit: 1136
|
|
April 25, 2013, 06:31:44 PM |
|
Yeah, "security questions" are totally insecure. For sites that require them, I just pick a random question and generate another password.
That's a great idea! Mother's maiden name? D3r(83ckd8#22-H/ Yeah I always just jam my keyboard on those. These are also stored as plain text often. |
|
|
|
|
|
bitcoinminer (OP)
|
|
April 25, 2013, 06:48:01 PM |
|
Maybe we could require that someone has to request a password reset based on not only the username, but the email address associated with it as well?
|
Be fearful when others are greedy, and greedy when others are fearful.
-Warren Buffett
|
|
|
|
Birdy
|
|
April 25, 2013, 10:04:12 PM |
|
Yeah, "security questions" are totally insecure. For sites that require them, I just pick a random question and generate another password.
Hehe, I do that, too ^^ |
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5460
Merit: 13695
|
|
April 26, 2013, 12:15:40 AM |
|
For the second time now, someone has tried to reset my password on my account.
This time, it came from IP address 63.118.235.5, which traces to the domain "mail.wholesystems.com".
Any idea if there is someone from that domain involved in BitCoin?
Admin, last time you moved this message elsewhere - I think if we can have some of the other threads I've seen in here, a discussion about someone potentially trying to compromise an account is worthy of a discussion.
I think that he only tried this on you. He may have actually thought that he owned your account. He was trying passwords on a similar-looking account. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
bitcoinminer (OP)
|
|
April 26, 2013, 03:12:32 AM |
|
For the second time now, someone has tried to reset my password on my account.
This time, it came from IP address 63.118.235.5, which traces to the domain "mail.wholesystems.com".
Any idea if there is someone from that domain involved in BitCoin?
Admin, last time you moved this message elsewhere - I think if we can have some of the other threads I've seen in here, a discussion about someone potentially trying to compromise an account is worthy of a discussion.
I think that he only tried this on you. He may have actually thought that he owned your account. He was trying passwords on a similar-looking account. OK. I guess I'll just have to wait and see... it was just that this was the second time in about a month someone tried to "recover" my account. |
Be fearful when others are greedy, and greedy when others are fearful.
-Warren Buffett
|
|
|
|
repentance
|
|
April 26, 2013, 09:19:56 AM |
|
And lie on the security questions. Just remember your lies.
I always give nonsense answers on security questions. You can put "polka dots" down for you mother's maiden name for all the system cares and "dragon football aluminium" for your favourite movie. |
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
|
myrkul
|
|
April 26, 2013, 04:18:16 PM |
|
And lie on the security questions. Just remember your lies.
I always give nonsense answers on security questions. You can put "polka dots" down for you mother's maiden name for all the system cares and "dragon football aluminium" for your favourite movie. Exactly. As long as you remember that your favorite movie was dragon football aluminum, you're good. Which is why I like Theymos' "just generate another password" idea. because then you don't have to remember. The password generator does that.  |
|
|
|
|
