Archived Boards and Threads... > SMF Feedback and Discussion

Security issue

(1/3) > >>

Sekhmet:
I have a question regarding the security of YabbSE and SMF:

I have a server running YabbSE 1.5.4 just fine, no problems so far... but there's this guy that somehow was able to gain access to my admin account without my authorization (he found out my password)... luckily he didn't feel like doing any harm at that time and he just PM'd me telling me that he knew my password and that I should be more careful next time.
I asked him where/how did he got it, and he claimed that there are plenty of "utilities" out there that let you find out someone's password for forum accounts like YaBBSE, vBulletin, PHPBB and so on.

After some time searching on the net for these kind of utilities I couldn't find anything like that, I finally asked him for any specific file or link but he didn't want to give me any... so I'm starting to think that he's bull******ting me and he got my password from somewhere else :\

Are you guys aware of the existence of such utilities??

Thanks  :)

[Unknown]:
There are ways to protect against such programs, and things are going to be done... (the actual implementation has to be figured out for sure though.)

-[Unknown]

Jeff Lewis:
My guess is that he got lucky...

Spaceman-Spiff:
check your forum error log, and see if he tried to do a brute force attack

Sekhmet:

--- Quote from: Spaceman-Spiff on August 17, 2003, 11:28:00 PM ---check your forum error log, and see if he tried to do a brute force attack

--- End quote ---

Hmm I see 6 failed login attempts with my username coming from his IP address...

Is there a way to see the actual characters he tried as a password, instead of the asterisk symbols?

What I really cant believe is that there is a tool or script that can give you someone else's password just like that, I mean... it can't be that easy right?  ::)

Navigation

[0] Message Index

[#] Next page