forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Permissions & Access Rights => Topic started by: Im_Addicted on April 11, 2005, 01:56:11 am

Title: unsolicited password reminder
Post by: Im_Addicted on April 11, 2005, 01:56:11 am

I ran a search on this site for password reminder and came up with no results, so I am going to go ahead and post.  On my Coppermine site, I keep getting e-mails sent to my account from the Coppermine gallery telling me that I requested a reminder of my password to be sent to me and it sends me my info; user name and password.  But, I have not requested it.  Could it be a glitch, something I did wrong, or is somebody trying to hack the gallery?  Thanks for any response you can give me.

Title: Re: unsolicited password reminder
Post by: Joachim Müller on April 11, 2005, 07:03:53 am

someone ist trying to gain access (hacking attempt). Make sure you have a good password (upper and lower case plus numbers, not a dictionary word, min. 8 chars, no keyboard pattern nor backwards-word).

Joachim

Title: Re: unsolicited password reminder
Post by: kegobeer on April 11, 2005, 12:50:38 pm

You should also review your server logs.  Cross reference the times with the times on your emails, that should help you narrow down the culprit.

Title: Re: unsolicited password reminder
Post by: Im_Addicted on April 12, 2005, 01:45:45 am

Thanks for the help.  I have always had it set up that the users can not see the member list at all, so I am wondering how they got my user name to begin with?  I have also had the password to be a combination of letters and numbers that are case sensitive.  But, I am changing it again now.  I am going to try cross referencing to see if I can figure out who it might be, but I am not sure I am skilled enough to figure that out.  Not sure where to go for my server logs but I will most certainly look into it.  I would not be surprised if it is the creep who wrote all sorts of profane comments on the site until I banned the IP address and forced registration just to view the albums.

One question, when I change my password, it asks me to confirm which user I am changing it for and it gives me three options - my user name and two that look like this "<>".  What on earth are those?

Title: Re: unsolicited password reminder
Post by: Nibbler on April 12, 2005, 01:57:48 am

That would be some password remembering feature in your browser, not a part of coppermine. Just going to /profile.php?uid=1 will bring up the admin profile on most galleries, so it is easy to get the admin username.

Title: Re: unsolicited password reminder
Post by: Joachim Müller on April 12, 2005, 07:24:55 am

as a workaround against what Nibbler is refering to, create another user account, make him admin, log in with the new admin account and make the old aldmin account a regular user. This way, your new admin account will have a random uid (not "1").

Joachim

Title: Re: unsolicited password reminder
Post by: Im_Addicted on April 12, 2005, 03:50:17 pm

Thank you so much.  I will do that now.