MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Mass emails requesting password reset.
Full Version: Mass emails requesting password reset.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

MSC_Ed

2005-02-25, 12:34 AM
Hi all,
I run a farily busy forum and this evening around 23:36:53 GMT it seems everone on the forum was asked for a password reset?!! Any idea how or why this may have happened? Im quite concerend so have shut down HTTPD until I find an answer of this. I would appreahate help or advice as soon as anyone can..

Thanks,

Ed

k776

2005-02-25, 02:14 AM
My guess, a hacker got in. Cause theres nothing in the code of myBB that does this. I suggest you contact your host about this!

Chris Boulton

2005-02-25, 11:57 AM
I'd actually say, not a hacker, but a denial of service or similar flood attack was administered on your server to cause this. Take a look in your httpd logs (hopefully you're storing access logs) and let me know if you find anything out of the ordinary apart from a flood.

Thanks,
Chris

MSC_Ed

2005-02-27, 02:27 AM
I am my host lol Smile I now think this was nothing more sinister than somone going through the members list and clicking on reset password on every person they could. I now know that not eveyone got them, but around the time it happened there were 8 guests which is quite strange for that time or night. I believe they were responsible for the wierd things that happened.

Thanks for the help guys. Love the forum we use about 15-18 gigs a month of forum only traffic and so far im impressed.

Ed

Chris Boulton

2005-02-27, 09:51 AM
Wow, you've got some pretty popular forums I take it.

Hopefully we'll add some sort of protection for password reset abuse in the future (making it an option) only allowing users to request x password resets every 24 hours, then they can't do it again.

Let me know if you find out anything about it. Smile

MSC_Ed

2005-02-28, 02:33 AM
http://www.micra.org.uk/ is the site. All that is on it at the moment is the forms really. If the password could be limited to two attempts from one IP per day that would solve the problem I would say.

Smile

Ed

James

2005-03-02, 01:46 AM
I dread the update to Gold - I've done so many custom mods to the code!

It seems whoever did it hasn't repeated it, but if it happens again I'll just remove the email password option temporarily Smile

James.

James

2005-03-02, 01:56 AM
While I'm here, have there been any other reports of portal.php running VERY slowly - i've just waited over 60 seconds and it still hasn't loaded.

Is it to do with the fact that we have a huge forum? Or something more sinister?

Thanks,
James.

Not bad for 3 months:
[attachment=604]
Wink
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Mass emails requesting password reset.