Printable View
Ok, I am a member of a HTML enabled discussion forum. Someone managed to steal my password and wrote in my behalf bad phrases that slightly damaged my reputation. Luckily, I was able to restore my password and change it. Would someone help me to secure myself against future abuse? Thanks in advance.
Ok, I am a member of a HTML enabled discussion forum. Someone managed to steal my password and wrote in my behalf bad phrases that slightly damaged my reputation. Luckily, I was able to restore my password and change it. Would someone help me to secure myself against future abuse? Thanks in advance.
Only advice I can say is this: Change your password often, make it a strong one, use all sorts of characters (numbers, letters, etc) and to make it as long as possible. He porbably got in because you might of had an easy password. By changing it often and by making it hard (such as 5jfu4kfj) you probably won't have it happen again. Hope I helped!
Only advice I can say is this: Change your password often, make it a strong one, use all sorts of characters (numbers, letters, etc) and to make it as long as possible. He porbably got in because you might of had an easy password. By changing it often and by making it hard (such as 5jfu4kfj) you probably won't have it happen again. Hope I helped!
Make sure that you tell who ever is in charge of the discussion forum about incident just in case it’s a problem with the forum its self and not password guessing. Might not hurt to scan for Trojans just in case someone installed a key logger or some other spyware. You can go here http://directory.google.com/Top/Comp.../Trojans/?il=1
to find a list of anti-Trojan programs, MooSoft seems to be a favorite around here.
Make sure that you tell who ever is in charge of the discussion forum about incident just in case it’s a problem with the forum its self and not password guessing. Might not hurt to scan for Trojans just in case someone installed a key logger or some other spyware. You can go here http://directory.google.com/Top/Comp.../Trojans/?il=1
to find a list of anti-Trojan programs, MooSoft seems to be a favorite around here.
Start getting into the habit of setting your password by replacing numbers and special characters in place of letters.
Eg.
O replace with 0 (thats a zero!)
A replace with @
L replace with ! or 1 or |
B replace with 8
E replace with 3
S replace with 5
and on and on. Make them up yourself!!
If you get into this habit, it can make a password a lot harder to crack.
Eg.
Password (easily cracked or brute forced).
P@55w0rd (hard to crack and brute force).
Start getting into the habit of setting your password by replacing numbers and special characters in place of letters.
Eg.
O replace with 0 (thats a zero!)
A replace with @
L replace with ! or 1 or |
B replace with 8
E replace with 3
S replace with 5
and on and on. Make them up yourself!!
If you get into this habit, it can make a password a lot harder to crack.
Eg.
Password (easily cracked or brute forced).
P@55w0rd (hard to crack and brute force).
jookokoko
jookokoko
Can you use language packs for your passwords? I've never tried it before but I wonder if you could try useing random keys from lets say... Japan. I haven't done that before but I bet it would really confuse or frustrate someone if they were useing a dictionary or bruteForce cracker.
Can you use language packs for your passwords? I've never tried it before but I wonder if you could try useing random keys from lets say... Japan. I haven't done that before but I bet it would really confuse or frustrate someone if they were useing a dictionary or bruteForce cracker.
And then there's always the Mitnick trick of simply "social engineering" it out of someone. That seems to be the easiest way to get a password.
From what I know they either
1. Got your password from an admin
2. Are a friend of yours that had your password for awhile but just got pissed at you for one thing or another
3. Asked you for it
4. Cracked the login page
5. Used Brute Force and spent all day guessing
My best bet would be to go with one of the first three. An HTML group most likely isn't going to have profficent experts in C++ or any other programming language that's not web based. I would suggest simply changing your password, letting the admin know, and moving on. Don't know that you can do much more. peace
And then there's always the Mitnick trick of simply "social engineering" it out of someone. That seems to be the easiest way to get a password.
From what I know they either
1. Got your password from an admin
2. Are a friend of yours that had your password for awhile but just got pissed at you for one thing or another
3. Asked you for it
4. Cracked the login page
5. Used Brute Force and spent all day guessing
My best bet would be to go with one of the first three. An HTML group most likely isn't going to have profficent experts in C++ or any other programming language that's not web based. I would suggest simply changing your password, letting the admin know, and moving on. Don't know that you can do much more. peace
That's probably a bug with the forum itself, the guy was offensive from the beginning. He always posts lame posts and threats. I replied to his post asking him to stop posting such a stupid things. Then it took him only one hour to steal my nick and revise my signature with his own. So, as cha_chi mentioned, I bet it's the fourth, he cracked the login page. Indeed the whole forum is vulnerable, as there are so many members who had the same situation.
BTW, my password isn't that easy to guess, but I rarely change it.
Thank you all for you replies, I would sincerely appreciate your advice.
That's probably a bug with the forum itself, the guy was offensive from the beginning. He always posts lame posts and threats. I replied to his post asking him to stop posting such a stupid things. Then it took him only one hour to steal my nick and revise my signature with his own. So, as cha_chi mentioned, I bet it's the fourth, he cracked the login page. Indeed the whole forum is vulnerable, as there are so many members who had the same situation.
BTW, my password isn't that easy to guess, but I rarely change it.
Thank you all for you replies, I would sincerely appreciate your advice.
along with the social engineering aspect, when I sign up for services, when they ask me for a secret question/answer, I supply something like, what is your cats name, then I type something totaly out of this world, not my cats name, but something else. This way if somone uses social engineering to tyr to get my cats name which can be achieved without any social engineering at all and just knowing the person, but in either case my cats name is not the answer.
Strong passwords as previously mentioned should be used. I like to use at least 6 characters for mine, they never contain any words, and always contain at least one number. Dont give your passwords to anyone includeing fammily and friends.
Avopid writeing passwords on peices of paper, you never know where your enemy will strike next.
along with the social engineering aspect, when I sign up for services, when they ask me for a secret question/answer, I supply something like, what is your cats name, then I type something totaly out of this world, not my cats name, but something else. This way if somone uses social engineering to tyr to get my cats name which can be achieved without any social engineering at all and just knowing the person, but in either case my cats name is not the answer.
Strong passwords as previously mentioned should be used. I like to use at least 6 characters for mine, they never contain any words, and always contain at least one number. Dont give your passwords to anyone includeing fammily and friends.
Avopid writeing passwords on peices of paper, you never know where your enemy will strike next.
there is a password validator thing somebody posted that ive seen, it tells you how long it would take to break your password. i suggest you choose a new password and make sure that its a good one with all the @!&123 stuff like the soggy said above:)
try doing a search for password checker on google you will most likey find it
there is a password validator thing somebody posted that ive seen, it tells you how long it would take to break your password. i suggest you choose a new password and make sure that its a good one with all the @!&123 stuff like the soggy said above:)
try doing a search for password checker on google you will most likey find it
Don't use any foreign words from different languages as your password thinking
a Hacker won't know you'll be busted
Try to avoid being silly by using too obvious words like 'qwerty' on the keyboard
If your typing in your password on a sight like Yahoo make sure you always click on the secure
option when your logging in so nobody can watch your keys
Here is a sight that can create secure randomized passwords
http://www.winguides.com/security/password.php
Good Luck!
Don't use any foreign words from different languages as your password thinking
a Hacker won't know you'll be busted
Try to avoid being silly by using too obvious words like 'qwerty' on the keyboard
If your typing in your password on a sight like Yahoo make sure you always click on the secure
option when your logging in so nobody can watch your keys
Here is a sight that can create secure randomized passwords
http://www.winguides.com/security/password.php
Good Luck!