|
|
| L.H.V.F. |
| Posted: May 8 2011, 10:39 PM |
 |
|
Advanced Member
Group: Members
Posts: 49
Member No.: 28822
Joined: 19-October 10
|
Hi for all of the Unofficial VirtualDub Forum
I have recently had problems for use Forum. Various times I had to change my password, and I have percepted that this can be related of security of Invision Board platform. E-mails that has a tip for the password, were the e-mails with more ease for attack. I suggest to Founder or for the responsable to update security for not have problems futurely. I have saw one post with the "Founder" saying something, but not found he again. I also suggest to use systems as "CAPTCHA" in all steps, and independently of the access, the e-mail used for Login not be showed in the screen. I expect have no problems again, and for this I suggest these measures. I guess that in my computer has a bot make this attacks, and also possibly somebody intermediate or do this invasions anyway. I need the contact of Administrators (that I cannot access this e-mails addresses in my computer), or if possible the own Founder. Who can help, I thanks a lot.
L.H.V.F. |
|
| stephanV |
| Posted: May 9 2011, 06:23 AM |
|
|
Spam killer ;)
Group: Moderators
Posts: 4348
Member No.: 8917
Joined: 18-February 04
|
Can you be more clear? Why did you have to change your password?
--------------------
useful links:
VirtualDub, Input plugins and filters, AviSynth, AVI-Mux GUI, AC3ACM by fcchandler, VirtualDub FAQ |
|
| L.H.V.F. |
| Posted: May 9 2011, 03:45 PM |
|
|
Advanced Member
Group: Members
Posts: 49
Member No.: 28822
Joined: 19-October 10
|
| QUOTE (stephanV @ May 9 2011, 06:23 AM) | | Can you be more clear? Why did you have to change your password? |
Hi stephanV
I would like to say that my password was reseted maybe automaticaly by a virus/malware or one person remotely. I have used e-mails with password tips, or more known (more vulnerable for attacks). Since I noticed that the password that I always use had been replaced, I immediately rechanged with "I've forgotten my password!" (I had to finally change the e-mail for those reasons). I had to modify the password many times, until I found a safer e-mail. I think that this can be one bot, because immediately after I had rechanged my password, it was reseted automatically. In my computer I have been using only "Safe Mode" in Browser, for not having problems again, and with an Antivirus/Antimalware I have scanned my computer to remove possible virus/malware problems. I noticed that there are virus/malwares, because my other hotmail account was also attacked - password reseted. There was a strange message, until I removed my cookies 2 times (notice that I was using Firefox...) http://imageshack.us/photo/my-images/691/m...gmsnbrasil.png/. I again suggest the Forum to use CAPTCHA in all steps, because if the password is captured and the e-mail for recovering the password is attacked, the bot or people could access the Control Panel, and rechange it. Also another suggestion would be either suppress the e-mail in User Control Panel, or not to show it in the screen, simply, the e-mail address for recovery password. Finally another idea would be to create a session for retrievals, to avoid Brute Force attacks, or to use SSL connections, so the user can know if somebody tried invade their e-mail.
I thank you for replying to this message,
L.H.V.F. |
|
| phaeron |
| Posted: May 14 2011, 08:50 PM |
|
|
Virtualdub Developer
Group: Administrator
Posts: 7773
Member No.: 61
Joined: 30-July 02
|
I'm sorry for your difficulties, but in general, the security of your computer and email that you use for an account on this board is your responsibility.
I took a look at the password reset form, and it already has number entry to prevent accidental or trivial hits, and it also has the custom +1 modification I made a long time ago to prevent standard IPB attacks from working. The problem that I've found with trying to block these types of attacks is that they often involve manual intervention by a human, based on the way I've seen specific attempts to bypass countermeasures, and therefore CAPTCHAs would be ineffective. In other words, if your accounts are getting hacked then there's a good chance an actual human is involved in the process.
|
|
|
