| Author | Comment | |||
|---|---|---|---|---|
 Glad.joannasheenscra... |
Serious problem |
Lead | ||
|
Posts: 2 20-Apr-08 12:29 PM |
I couldn't remember my password to one of my accounts. I entered my email address and was sent a link to click to reset my password. When I reset my
password, I was logged in under the account you see here. THIS IS NOT MY ACCOUNT. THE EMAIL ADDRESS ATTACHED IS NOT MINE, IS NOT EVEN SIMILAR TO MINE.
I'm left wondering... WHO HAS ACCESS TO MY ACCOUNT with this kind of security?????? |
|||
|
|
||||
|
Glad.joannasheenscra... |
#1 | |||
|
Posts: 2 20-Apr-08 12:30 PM |
Just to make sure you completely understand... I'm am presently logged in to Glad.joannasheenscraft and I don't know who this is, or how I
gained access to her account!
|
|||
|
|
||||
 Chris W962 |
#2 | |||
|
ADMINISTRATOR
Posts: 4408 20-Apr-08 3:33 PM Kudos Lady
|
Could you please pm me your name, or email on your account and the password you wish to use?
Obviously, I'll also ask someone to look into this problem. |
|||
|
|
||||
|
SmokieTopaz |
#3 | |||
|
Posts: 509 20-Apr-08 3:39 PM |
Yikes! That certainly is a serious security problem.
|
|||
|
|
||||
|
reph |
#4 | |||
|
Posts: 657 20-Apr-08 4:29 PM |
It certainly is. A member of our board once logged into someone else's account without doing anything special like the forgotten-password routine. It gave
her the creeps. This bug is at the top of the list of things we want yuku to fix.
|
|||
|
|
||||
|
SmokieTopaz |
#5 | |||
|
Posts: 509 20-Apr-08 6:45 PM |
This happened to me many years ago on ezboard. I thought that such serious glitches don't happen anymore.
|
|||
|
|
||||
|
Kristin |
#6 | |||
|
ADMINISTRATOR
Posts: 1890 22-Apr-08 11:18 AM |
Are you using the AOL browser? AOL auto-caches pages which appears to be the cause of this.
Advice on how to turn off caching from the 1st link below: "If anyone still has problems with the site updating, and you've recently gotten AOL 9.0. The update changes all the browser settings and automatically saves pages you've visited "for faster loading". You have to turn that option off and the page will update for you. There's a tab in the Internet browser options. If anyone needs more help, you can ask." Background info on problem: http://ilia.ws/archives/59-AOL-Browser-Woes.html AOL info links: http://help.aol.com/help/search.do?cmd=displayKC&docType=kc&externalId=http--helpchannelsaolcom-kjumpadparticleId218332&sliceId=&dialogID=61208868&stateId=1%200%2061292291 http://help.aol.com/help/search.do?cmd=displayKC&docType=kc&externalId=http--helpchannelsaolcom-kjumpadparticleId219373&sliceId=&dialogID=61208868&stateId=1%200%2061292291 |
|||
|
|
||||
|
reph |
#7 | |||
|
Posts: 657 22-Apr-08 7:27 PM |
AOL auto-caches pages which appears to be the cause of this.There are evidently other causes as well. The member on our board who had a mistaken log-in didn't use AOL. |
|||
|
|
||||
|
Kathy |
#8 | |||
|
ADMINISTRATOR
Posts: 952 30-Apr-08 6:55 PM The puck stops here
|
Other ISPs besides AOL do this. When working the ezboard Help forums, I know of problems with Earthlink and Net Zero and other ISPs whose names I can't
remember. The problems come when dial up users take advantage of the web accelerator features that their ISP provides. Web accelerators "speed up"
the web by caching pages and serving those cached pages to all their users. Some ISPs clear the cache daily, while others may do it every few days, weekly or
every two weeks.
We used to get reports of users who would get the "you are banned" page at a board because someone else with that ISP had been banned and they were getting that cached page. Turning off the web accelerator worked in many cases, but for others, they just had to wait until the cache was cleared/updated. 
|
|||
|
|
||||
|
reph |
#9 | |||
|
Posts: 657 1-May-08 1:17 PM |
Kathy, I asked our member whether your explanation about browsers applied to her. She gave me permission to post this. It may help in further troubleshooting.
Reph, I wasn't on dial-up. I don't know what a web accelerator even is so I don't think I have that. I was using either IE7 or Yahoo AT&T browser. All I can tell you is the following: |
|||
|
|
||||
|
Harry Flatters |
#10 | |||
|
Posts: 228 1-May-08 2:00 PM |
I don't know about 'web accelerators', but many many ISPs use proxy servers and caching and this sort of thing isn't a general problem
elsewhere logins are required.
We've had at least three instances of this sort of thing to my knowledge. In the first, a user logged in and appeared in 'who's online' under his own user name but when he posted his posts appeared under a completely different user name belonging to someone who had no connection with our board. In the second, a user registered using his 'real world' name as his user name, but appeared on the board and posts as a different user name. I'm afraid I can't remember the details of the third instance but I'll post the report if I find it. |
|||
|
|
||||
|
alison |
#11 | |||
|
ADMINISTRATOR
Posts: 8768 1-May-08 4:21 PM pink goddess |
If "Jane" is not the real username, then we won't be able to look up the details of these accounts without the correct username.
|
|||
|
|
||||
|
reph |
#12 | |||
|
Posts: 657 1-May-08 5:07 PM |
I'll ask "Jane" whether she wants to follow up privately with her real screen name.
Last Edited By: reph 1-May-08 10:39 PM.
Edited 2 times.
|
|||
|
|
||||
|
reph |
#13 | |||
|
Posts: 657 1-May-08 10:40 PM |
Following up.
"Jane" says she doesn't think yuku staff can do anything about the faulty log-in now, because it happened too long ago. She prefers not to give her username because she is uncomfortable with the security measures now, and will just use her new global name instead. I hope the details of her incident will nevertheless help you track down why these things happen, since they differ from what other users have reported. |
|||
|
|
||||
|
alison |
#14 | |||
|
ADMINISTRATOR
Posts: 8768 2-May-08 4:58 AM pink goddess |
If it happened a long time ago then it's not revelant. We DID have a caching issue on one server a long time ago which was resolved back then, and reports
from now are not related to that previous problem.
|
|||
|
|
||||
|
reph |
#15 | |||
|
Posts: 657 2-May-08 11:47 AM |
Alison, "Jane's" mixup happened in February or March, soon after our board was migrated. That may be recent enough for relevance. Another member
also logged into the wrong account since then, but I couldn't get enough info about that one to help in diagnosis.
If the problem always involves local accounts, that's a start. This security issue scares users. Some of us who have discussed it privately believe that it deserves a high priority on the list of bugs to fix.
Last Edited By: reph 2-May-08 11:49 AM.
Edited 1 time.
|
|||
|
|
||||
|
alison |
#16 | |||
|
ADMINISTRATOR
Posts: 8768 5-May-08 1:21 PM pink goddess |
If it does happen from now, then we need as MUCH info as possible in order to nail down where things are going wrong. That includes all the profile names
involved, and the ISPs used. If it does happen - even if it is a problem caused by the ISP - then we want to fix it where possible asap.
|
|||
|
|
||||
|
reph |
#17 | |||
|
Posts: 657 8-May-08 12:51 AM |
"Jane" has posted under two names on our board. (She switched to a second name after the mistaken log-in.) As Jane, the Admin section shows three IPs
for her posts. As the other name, it shows seven IPs. All ten belong to the same ISP.
Would knowing the exact IPs help the techs figure out how to prevent this kind of problem? I don't want to post that information in public. |
|||
|
|
||||
|
reph |
#18 | |||
|
Posts: 657 8-May-08 4:28 PM |
If this helps at all--
The ISP for the ten IPs is AT&T. "Jane" used the same computer every time. It therefore seems that AT&T assigns dynamic IPs. Here's part of the search results for one of them: AT&T Internet Services SBCIS-SBIS-6BLK (NET-76-192-0-0-1) 76.192.0.0 - 76.255.255.255 PPPoX Pool - rback2.rcsntx-1171845662 |
|||
|
|
||||
|
alison |
#19 | |||
|
ADMINISTRATOR
Posts: 8768 11-May-08 11:02 AM pink goddess |
yes, thank you reph - do we have the names of the two incidents too?
|
|||
|
|
||||
|
reph |
#20 | |||
|
Posts: 657 11-May-08 8:19 PM |
I thought I replied to "do we have the names of the two incidents," but no reply shows. The answer from my corner is that "Jane" is
concerned about privacy and has said she doesn't want her real screen name known. So that's all I can tell you about that incident.
|
|||
|
|
||||
|
alison |
#21 | |||
|
ADMINISTRATOR
Posts: 8768 12-May-08 2:46 PM pink goddess |
Well as I said before, I can't compare and contrast the profiles involved unless I am told who they are. So I am afraid this particular issue cannot be
dealt with.
|
|||
|
|
||||
|
reph |
#22 | |||
|
Posts: 657 12-May-08 7:32 PM |
"Jane" didn't expect a fix for her particular mishap. If you keep asking for data, you might eventually get enough reports from people who
don't mind revealing their identities to make more progress on the problem. I'll send 'em over here when I hear about more!
|
|||
|
|
||||
|
alison |
#23 | |||
|
ADMINISTRATOR
Posts: 8768 15-May-08 2:47 AM pink goddess |
Well, the reports that have come in with the information have all been from AOL members, and we know the problem there is AOL using their caching servers on
yuku despite our headers declaring not to. Jane is obviously not concerned that there actually was a problem if she won't even identify herself to me or
give me details of this alleged problem.
|
|||
|
|
||||
|
reph |
#24 | |||
|
Posts: 657 15-May-08 10:49 AM |
"Jane" is concerned about yuku security because she got into someone else's account, which means someone else could get into hers. Her concerns
about security make her reluctant to invite yuku admins to examine her account. We don't hope that anything can be done about her wrong log-in--it happened
too long ago--only that whatever information we can provide that's consistent with her privacy may help toward a solution for other users. For example, now
you know that AT&T joins AOL in these mishaps.
|
|||
|
|
||||
|
alison |
#25 | |||
|
ADMINISTRATOR
Posts: 8768 15-May-08 1:32 PM pink goddess |
not really, because if I could have checked all three profile names then I would have been able to confirm if all three used AT&T. If they did, THEN I
would have known that the issue was the ISP caching server issue. However if it happened that long ago, then it would have been to do with our own caching
issue which was fixed back then - and if it was, then there is a lot of wasted to and fro in this thread about something that is not an issue.
|
|||
|
|
||||
