unsolicited password reminder unsolicited password reminder
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

unsolicited password reminder

Started by Im_Addicted, April 11, 2005, 01:56:11 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Im_Addicted

April 11, 2005, 01:56:11 AM Last Edit: April 14, 2005, 10:56:05 AM by GauGau
I ran a search on this site for password reminder and came up with no results, so I am going to go ahead and post.  On my Coppermine site, I keep getting e-mails sent to my account from the Coppermine gallery telling me that I requested a reminder of my password to be sent to me and it sends me my info; user name and password.  But, I have not requested it.  Could it be a glitch, something I did wrong, or is somebody trying to hack the gallery?  Thanks for any response you can give me.

Joachim Müller

#1
April 11, 2005, 07:03:53 AM
someone ist trying to gain access (hacking attempt). Make sure you have a good password (upper and lower case plus numbers, not a dictionary word, min. 8 chars, no keyboard pattern nor backwards-word).

Joachim

kegobeer

#2
April 11, 2005, 12:50:38 PM
You should also review your server logs.  Cross reference the times with the times on your emails, that should help you narrow down the culprit.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Im_Addicted

#3
April 12, 2005, 01:45:45 AM
Thanks for the help.  I have always had it set up that the users can not see the member list at all, so I am wondering how they got my user name to begin with?  I have also had the password to be a combination of letters and numbers that are case sensitive.  But, I am changing it again now.  I am going to try cross referencing to see if I can figure out who it might be, but I am not sure I am skilled enough to figure that out.  Not sure where to go for my server logs but I will most certainly look into it.  I would not be surprised if it is the creep who wrote all sorts of profane comments on the site until I banned the IP address and forced registration just to view the albums.

One question, when I change my password, it asks me to confirm which user I am changing it for and it gives me three options - my user name and two that look like this "<>".  What on earth are those?

Nibbler

#4
April 12, 2005, 01:57:48 AM
That would be some password remembering feature in your browser, not a part of coppermine. Just going to /profile.php?uid=1 will bring up the admin profile on most galleries, so it is easy to get the admin username.

Joachim Müller

#5
April 12, 2005, 07:24:55 AM
as a workaround against what Nibbler is refering to, create another user account, make him admin, log in with the new admin account and make the old aldmin account a regular user. This way, your new admin account will have a random uid (not "1").

Joachim

Im_Addicted

#6
April 12, 2005, 03:50:17 PM
Thank you so much.  I will do that now.
Print
Go Up Pages1
User actions