Disturbing message

D

David K

Filing Flight Plan
Joined
Nov 8, 2014
Messages
4
Display Name
Display name:
David K
Today I appreciated a memo from this site, warning me that someone tried unsuccessfully to sign in as if they were me. The warning told me the IP address, and a quick search (Google) told me the IP address is in China.

Since I use the same password on several low-threat sites, I changed my password to a unique one for this site. But as an infrequent user, I thought it might be best to remove myself from the registered users.

I couldn't find advice on how to do that, nor a contact e-mail for an administrator. Maybe I overlooked one, but a link within "User CP" that lets a person 'dis-enroll' would have been useful.
 
Every website is under near-constant attempts to crack passwords. That's been going on heavily for at least ten years now. If not more.
 
Yes. My question isn't about preventing 'hacks' from happening. I'd just like to know how to close my account at the site.
 
David, There is no method to "de-register" from the site or delete ones membership ( there is no actual membership) I think the best advice is to create a very strong password) All that said we'd love to see you take part in POA!
 
Someone tried to access my account last night from Prague, Czech Republic.

I assume whether it's China or Prague, they are routing through some proxy server.
 
It sounds like a list of email addresses was compromised somewhere. Not necessarily at PoA, but perhaps an ISP or even a marketing company. As long as your password isn't one of the most frequently used passwords you'll be fine. You'd be surprised how often 12345678 works!


Sent from my iPhone using Tapatalk
 
If you contact a site admin, they can delete your account.
 
No offense, but my PoA forum password being hacked is not in my top 1,000 things to worry about in life.

What's the worst that could happen if somebody hacked into your PoA account? :confused:
 
orange said:
No offense, but my PoA forum password being hacked is not in my top 1,000 things to worry about in life.

What's the worst that could happen if somebody hacked into your PoA account? :confused:
Click to expand...
The worst? Branding himself as a ......... In Sin Zone and demanding that folks not of that persuasion go **** themselves. ;) :rolleyes:
 
Easiest solution is to change your listed email to a junk address you dont use (I have several gmail accounts just for spam) and to not put any personal info in your profile. Deleting an account isn't necessary if the account really has no ties to you. Most forums don't allow you to delete accounts simply because it totally wrecks the database when random data throughout the site goes missing.
 
I've never even seen forum software that wouldn't let you delete a member, and vbulletin (which this site uses) definitely allows it. Your content just gets attributed to a guest, or another account of the admin's choosing.
 
StinkBug said:
Easiest solution is to change your listed email to a junk address you dont use (I have several gmail accounts just for spam) and to not put any personal info in your profile. Deleting an account isn't necessary if the account really has no ties to you. Most forums don't allow you to delete accounts simply because it totally wrecks the database when random data throughout the site goes missing.
Click to expand...

Then it's a ****ty database.
 
What I find odd is this: the OP received a message that someone had unsuccessfully tried to login; so what's the problem? It is not of this the forum software, after several unsuccessful attempts, pukes up all your personal information to appease the hacker.
 
I'm puzzled about who sent the warning or was it an automated warning? Not only that, the attempt was unsuccessful. All someone needs to do is type in you user name, David K, and try a password to generate an unsuccessful attempt. If they really had your password they would have been successful.

Or am I missing something?
 
Palmpilot said:
See post #4.
Click to expand...

But that was incorrect information. There certainly is a way to have one's membership deleted from here and it is trivial for an administrator to do so. I'm a bit surprised it hasn't already been done.
 
Everskyward said:
I'm puzzled about who sent the warning or was it an automated warning? Not only that, the attempt was unsuccessful. All someone needs to do is type in you user name, David K, and try a password to generate an unsuccessful attempt. If they really had your password they would have been successful.

Or am I missing something?
Click to expand...

The software sends the warning. If you want to see one, log out, then try to log in again with the wrong password. I don't know the limit, but after some point the software will lock down your account for a time.

Since the board can be read by the public, finding account names is trivial. They're trying to guess your password by brute force.
 
dBrad said:
But that was incorrect information. There certainly is a way to have one's membership deleted from here and it is trivial for an administrator to do so. I'm a bit surprised it hasn't already been done.
Click to expand...

You said to contact a site admin. Post #4 was written by a site admin. Now you're saying the information from the site admin is incorrect.
 
dBrad said:
But that was incorrect information. There certainly is a way to have one's membership deleted from here and it is trivial for an administrator to do so. I'm a bit surprised it hasn't already been done.
Click to expand...

There are negative consequences for the community if we delete accounts every time someone gets their feathers ruffled and wants to pack up and leave. As a result we don't delete accounts and that has been our policy for like the last 10 years.

The reasons are complicated and mostly social/content oriented. Not something we're going to change our mind on anytime soon.

Almost everyone that at one point asks for their account to be deleted returns to the forum a day or two later and life goes on :)

If someone really wants their stuff gone they're free to go edit all of their posts to a period if they'd like but that does very little since whatever they're upset about was probably quoted by others and we're not going to go editing other people's posts.
 
Last edited:
The biggest single source of hack attempts on my servers are K-12 schools in China. If I didn't have advertisers from China and a few clients who do business with Chinese concerns, I'd probably block the whole country.

I actually have blocked all of North Korea a few times and Pakistan once or twice, generally just for a few hours to thwart ongoing attacks from miscreants whose IPs tracked to those countries. It does little good to block them on a longer-term basis because of the availability of public proxy servers (both official and otherwise). It also consumes a lot of server resources and locks out innocent users, with questionable benefits at best.

If you're really concerned, just use your favorite search engine to look up "secure password creator," change your password to an absurdly strong one, and record it in on a list in an encrypted, password-protected folder on your computer. That's about the best that you can do. Life isn't perfect.

Rich
 
jesse said:
There are negative consequences for the community if we delete accounts every time someone gets their feathers ruffled and wants to pack up and leave. As a result we don't delete accounts and that has been our policy for like the last 10 years.

The reasons are complicated and mostly social/content oriented. Not something we're going to change our mind on anytime soon.

Almost everyone that at one point asks for their account to be deleted returns to the forum a day or two later and life goes on :)

If someone really wants their stuff gone they're free to go edit all of their posts to a period if they'd like but that does very little since whatever they're upset about was probably quoted by others and we're not going to go editing other people's posts.
Click to expand...

I understand that, but this guy doesn't have his feathers ruffled. He just apparently doesn't want the account anymore for security reasons, which seems reasonable given today's online security landscape. I don't wish to meddle with your site policies - the only reason I
even posted was just to dispel the incorrect information the guy was getting re him not accually having a membership/account here (he does) or it being permanent/un-deletable (it's not) - but given the current state of things online it might be wise to reconsider that policy of not removing a member's info when requested. Or perhaps mention that during signup so people know that whatever they enter here will live forever.

If your membership database was compromised (no one is immune these days) and someone was harmed because their credentials here matched what they used on an important site (setting aside the fact that it's poor practice, it happens regularly anyway), it would reflect badly on this site if that person had previously requested account deletion and was denied (or told to handle it themselves). Again, not trying to rock your boat, just trying to draw attention to how things have changed over the last 10 years since your policy was adopted.
 
Passwords are not stored.
 
dBrad said:
If your membership database was compromised (no one is immune these days) and someone was harmed because their credentials here matched what they used on an important site (setting aside the fact that it's poor practice, it happens regularly anyway), it would reflect badly on this site if that person had previously requested account deletion and was denied (or told to handle it themselves). Again, not trying to rock your boat, just trying to draw attention to how things have changed over the last 10 years since your policy was adopted.
Click to expand...

The credentials in our database would be worthless for an attacker to try to utilize. Feel free to Google password salting and hashing if you'd like to learn how it works.

If the user is concerned about a hacker brute forcing their account all they need to do is set a strong password and there is no way in hell a hacker is ever going to succeed doing that. The locking of the account along with the slowness of each request over HTTP make brute forcing impossible. The entire universe would begin and end several times before you had enough time to do so.

Reusing passwords is a terrible idea these days. I don't use the same password anywhere.
 
You must log in or register to reply here.
Back
Top