Accounts hackered?!

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26520
Joined: Fri Aug 29, 2008 9:49 am

Re: Accounts hackered?!

Post by Mick »

bidouille wrote: Fri Jan 20, 2023 1:45 pmAre you sure?
Being spammed is not a security issue, it’s just idiots, be they human or otherwise, wanting to post crap wherever they can hopefully to make clickthrough money. There is no threat to the system apart from a possible overload. A lot of this nonsense stems from people buying mailing lists and using dodgy SEO companies in the blind hope they’ll get to the top of Google listings.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
bidouille
Registered User
Posts: 17
Joined: Fri Sep 15, 2006 3:27 pm
Location: France

Re: Accounts hackered?!

Post by bidouille »

Mick wrote: Tue Jan 24, 2023 11:23 amBeing spammed is not a security issue
Read (better) my previous comment: the issue is not the spam but that PhpBB can registering same datas for login and password.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72354
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Accounts hackered?!

Post by KevC »

That's entirely down to the user and I'd be surprised if it's very common.

That's not what's happened with this spam attack I don't think.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26520
Joined: Fri Aug 29, 2008 9:49 am

Re: Accounts hackered?!

Post by Mick »

And aren’t we talking about one set of credentials on say a WP site or an IPB board, for example, working on a phpBB board? How is phpBB to know those details are being used elsewhere?
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
bidouille
Registered User
Posts: 17
Joined: Fri Sep 15, 2006 3:27 pm
Location: France

Re: Accounts hackered?!

Post by bidouille »

We're getting off topic. The initial issue is that PhpBB does not prevent registrations with the same login and password.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72354
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Accounts hackered?!

Post by KevC »

Then make a submission to the phpBB Ideas section.

I still think that would be incredibly rare and someone would literally have to check every account to see if that was the case.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
Mannix_
Registered User
Posts: 1839
Joined: Sun Oct 25, 2015 2:56 pm
Name: Matt
Contact:

Re: Accounts hackered?!

Post by Mannix_ »

bidouille wrote: Mon Jan 30, 2023 10:49 am We're getting off topic.
No. You went of topic first by saying that allowing user to use their username as password is a security issue. All post before yours didn't suggest/say that ;)
Did I helped You? Consider a donation.
New version of phpBB has been released? My styles aren't validated for it yet? Check my page for the latest downloads!
bidouille
Registered User
Posts: 17
Joined: Fri Sep 15, 2006 3:27 pm
Location: France

Re: Accounts hackered?!

Post by bidouille »

KevC wrote: Mon Jan 30, 2023 10:52 am Then make a submission to the phpBB Ideas section.
Again, read the entire topic and my post of Jan 20, 2023 3:45 pm
Mannix_ wrote: Mon Jan 30, 2023 11:06 am use their username as password is a security issue
If you don't understand that, I can't do anything for you.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72354
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Accounts hackered?!

Post by KevC »

bidouille wrote: Mon Jan 30, 2023 12:52 pm Again, read the entire thread and my post of Jan 20, 2023 3:45 pm
I have read the entire topic. I'm not sure what more you're getting at.
You think it's a security issue to have the same username and password. Fine. That's not what this topic is about.
If you want to make a change, post in Ideas that it should be impossible for them to be the same.

I'm saying I highly doubt that is common in the slightest. That's also probably nothing to do with this spam posting incident.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
warmweer
Jr. Extension Validator
Posts: 11242
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium
Contact:

Re: Accounts hackered?!

Post by warmweer »

bidouille wrote: Mon Jan 30, 2023 12:52 pm
KevC wrote: Mon Jan 30, 2023 10:52 am Then make a submission to the phpBB Ideas section.
Again, read the entire thread and my post of Jan 20, 2023 3:45 pm
Honestly, if on my board registration using a password someone else already used on the board, would result in a message stating that the password has already been used; I'ld consider THAT information a real security issue.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.


Time flies like an arrow, but fruit flies like a banana.
djsupport
Registered User
Posts: 27
Joined: Tue Jul 25, 2006 7:56 pm
Contact:

Re: Accounts hackered?!

Post by djsupport »

warmweer wrote: Mon Jan 30, 2023 1:04 pm
bidouille wrote: Mon Jan 30, 2023 12:52 pm
Again, read the entire thread and my post of Jan 20, 2023 3:45 pm
Honestly, if on my board registration using a password someone else already used on the board, would result in a message stating that the password has already been used; I'ld consider THAT information a real security issue.
😂 For real!
User avatar
[Dimetrodon]
Registered User
Posts: 438
Joined: Tue Aug 30, 2022 3:29 am
Location: Paleozoic Era
Contact:

Re: Accounts hackered?!

Post by [Dimetrodon] »

warmweer wrote: Mon Jan 30, 2023 1:04 pm Honestly, if on my board registration using a password someone else already used on the board, would result in a message stating that the password has already been used; I'ld consider THAT information a real security issue.
It would be a great way to bypass the limit on failed logins. Just go through a bunch of possible passwords in the registration screen until it comes up with a match. Then test it against the member-list. May not be effective on large boards, but on small ones, it would be.
Avatar by someone named AdmiralRA on Reddit. (No, I don't have a Reddit account)
When seeking support, please consider filling out the Support Request Template. It makes it easier for anyone trying to help.
Post Reply

Return to “phpBB Discussion”