Security issue- password reset itself at 00:00AM


log in

Advanced search

Questions and Answers : Web site : Security issue- password reset itself at 00:00AM

Author Message
Crun-chi
Volunteer tester
Avatar
Send message
Joined: 3 Apr 99
Posts: 174
Credit: 3,037,232
RAC: 0
Croatia
Message 1119203 - Posted: 19 Jun 2011, 23:54:30 UTC
Last modified: 20 Jun 2011, 0:07:41 UTC

Hi, I have next problem. I sow that my gmail address was accesed from other country, and last two days password on all Boinc projects reset itself at 00:00 AM ( or near this time). So I login with auth number, chaged it , and after 24 hours when I try login it says password is invalid. How to solve this?
Now I change e-mail and password to post this. Can someone of site admins look at log and see from what location /ip reseting of password is coming?
Thanks

Crun-chi
Volunteer tester
Avatar
Send message
Joined: 3 Apr 99
Posts: 174
Credit: 3,037,232
RAC: 0
Croatia
Message 1119342 - Posted: 20 Jun 2011, 13:22:53 UTC - in response to Message 1119203.

UPDATE: Password are chaged, I log in using auth method.
So please, can one of system admin help me?
thanks
____________
I am cruncher :)
I LOVE SETI BOINC :)

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12258
Credit: 2,544,727
RAC: 264
Netherlands
Message 1119349 - Posted: 20 Jun 2011, 13:40:46 UTC - in response to Message 1119342.
Last modified: 20 Jun 2011, 13:41:49 UTC

Any Seti administrator won't be into office for another hour or two. Remember that they live on Californian time and only come in at around 9am local time, 8am at the earliest. You have to subtract 9 hours from your own local time to get to the correct time in Berkeley. So, it's only 6:40am over there.

I did email them to ask to check this thread. You'll need some further patience.
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

Profile ignorance is no excuse
Avatar
Send message
Joined: 4 Oct 00
Posts: 9529
Credit: 44,433,274
RAC: 0
Korea, North
Message 1119405 - Posted: 20 Jun 2011, 15:50:22 UTC - in response to Message 1119349.

In the mean time you should be doing a thorough virus and malware scan. You probably have something onboard your computer where someone or something can read your keystrokes or use your computer remotely
____________
In a rich man's house there is no place to spit but his face.
Diogenes Of Sinope

End terrorism by building a school

Crun-chi
Volunteer tester
Avatar
Send message
Joined: 3 Apr 99
Posts: 174
Credit: 3,037,232
RAC: 0
Croatia
Message 1119406 - Posted: 20 Jun 2011, 15:50:59 UTC - in response to Message 1119349.
Last modified: 20 Jun 2011, 16:20:35 UTC

Since I refformated hard disc, then use another new hard disc, and install OS there is no chance that some "evil thing" is on my computer. But still passwords are changed. I think I found weak spot, but I will not about that on this board. Still waiting that someone from site admins contact me.
Thanks
____________
I am cruncher :)
I LOVE SETI BOINC :)

Crun-chi
Volunteer tester
Avatar
Send message
Joined: 3 Apr 99
Posts: 174
Credit: 3,037,232
RAC: 0
Croatia
Message 1119407 - Posted: 20 Jun 2011, 15:52:23 UTC - in response to Message 1119405.
Last modified: 20 Jun 2011, 16:19:59 UTC

In the mean time you should be doing a thorough virus and malware scan. You probably have something onboard your computer where someone or something can read your keystrokes or use your computer remotely

skilldude, I use new hard disc and do fresh install , so that cannot be case :(
____________
I am cruncher :)
I LOVE SETI BOINC :)

Profile ignorance is no excuse
Avatar
Send message
Joined: 4 Oct 00
Posts: 9529
Credit: 44,433,274
RAC: 0
Korea, North
Message 1119408 - Posted: 20 Jun 2011, 15:53:18 UTC - in response to Message 1119407.

I see that now
____________
In a rich man's house there is no place to spit but his face.
Diogenes Of Sinope

End terrorism by building a school

Crun-chi
Volunteer tester
Avatar
Send message
Joined: 3 Apr 99
Posts: 174
Credit: 3,037,232
RAC: 0
Croatia
Message 1119463 - Posted: 20 Jun 2011, 19:15:21 UTC

Anyone?
____________
I am cruncher :)
I LOVE SETI BOINC :)

Profile David Anderson
Volunteer moderator
Project administrator
Project developer
Avatar
Send message
Joined: 13 Feb 99
Posts: 36
Credit: 381,044
RAC: 0
Message 1119607 - Posted: 21 Jun 2011, 5:58:43 UTC - in response to Message 1119463.

I changed the authenticator of your account.
Please email Jord to get this from him.
Then use it to log on and reset your email address and password.

-- David

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12258
Credit: 2,544,727
RAC: 264
Netherlands
Message 1119636 - Posted: 21 Jun 2011, 8:09:21 UTC
Last modified: 21 Jun 2011, 8:11:21 UTC

Crun-chi, I have your new authenticator.
I did PM you my email address, but it's possible that the bad guy changed your email address & password, so now you're locked out of your account as the authenticator won't be the same.

If you can't log in to your present account, you need to make a new one for temporary use. I will PM you the email address of choice then on that account.

You will have to detach from Seti with your computer(s) as well, as they use a non-existing authenticator now. Yes, any work you have in progress will get lost, but that can't be helped at this stage. You can reattach to your account (the same one with all the credit) at a later stage, after we locked the bad guy out.

You can post on these help desk forums with a new account with no credit/no RAC. I think you can also PM with it, test that out please.
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

Profile BilBg
Volunteer tester
Avatar
Send message
Joined: 27 May 07
Posts: 2563
Credit: 5,855,911
RAC: 2,336
Bulgaria
Message 1119957 - Posted: 22 Jun 2011, 11:42:54 UTC - in response to Message 1119636.
Last modified: 22 Jun 2011, 11:54:37 UTC


I think it will be good to wait for Crun-chi to attach his computer to the new "empty" account.
This way he will prove the new account is in fact his and not of some cheater.

After you see the same computer details:
http://setiathome.berkeley.edu/show_host_detail.php?hostid=5923060

... listed on the new "empty" account you will be more confident who do you contact by PM or email.


@Crun-chi
I suggest you to refrain from checking (log-in) your account using public places or your "friend's" computers.

Use only your computer's browser (Google Chrome is notorious to not protect in any way the saved passwords)
and for now don't give others physical access to your computer (e.g. at party).


____________



- ALF - "Find out what you don't do well ..... then don't do it!" :)

Profile Gundolf Jahn
Send message
Joined: 19 Sep 00
Posts: 3184
Credit: 356,746
RAC: 15
Germany
Message 1119967 - Posted: 22 Jun 2011, 12:58:45 UTC - in response to Message 1119957.

@Crun-chi
I suggest you to refrain from checking (log-in) your account using public places or your "friend's" computers.

Use only your computer's browser (Google Chrome is notorious to not protect in any way the saved passwords)
and for now don't give others physical access to your computer (e.g. at party).

That's all good advice but useless if something happens to you as did to NATE1 (someone dug up the cable and spliced in some device). See here :-(

Gruß,
Gundolf

Profile ignorance is no excuse
Avatar
Send message
Joined: 4 Oct 00
Posts: 9529
Credit: 44,433,274
RAC: 0
Korea, North
Message 1125125 - Posted: 6 Jul 2011, 15:15:01 UTC - in response to Message 1119967.

that would seem to be an extreme case of dumb hacking
____________
In a rich man's house there is no place to spit but his face.
Diogenes Of Sinope

End terrorism by building a school

Questions and Answers : Web site : Security issue- password reset itself at 00:00AM

Copyright © 2014 University of California