Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: unsolicited password reminder  (Read 3736 times)

0 Members and 1 Guest are viewing this topic.

Im_Addicted

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
unsolicited password reminder
« on: April 11, 2005, 01:56:11 am »

I ran a search on this site for password reminder and came up with no results, so I am going to go ahead and post.  On my Coppermine site, I keep getting e-mails sent to my account from the Coppermine gallery telling me that I requested a reminder of my password to be sent to me and it sends me my info; user name and password.  But, I have not requested it.  Could it be a glitch, something I did wrong, or is somebody trying to hack the gallery?  Thanks for any response you can give me.
« Last Edit: April 14, 2005, 10:56:05 am by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: unsolicited password reminder
« Reply #1 on: April 11, 2005, 07:03:53 am »

someone ist trying to gain access (hacking attempt). Make sure you have a good password (upper and lower case plus numbers, not a dictionary word, min. 8 chars, no keyboard pattern nor backwards-word).

Joachim
Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: unsolicited password reminder
« Reply #2 on: April 11, 2005, 12:50:38 pm »

You should also review your server logs.  Cross reference the times with the times on your emails, that should help you narrow down the culprit.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Im_Addicted

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Re: unsolicited password reminder
« Reply #3 on: April 12, 2005, 01:45:45 am »

Thanks for the help.  I have always had it set up that the users can not see the member list at all, so I am wondering how they got my user name to begin with?  I have also had the password to be a combination of letters and numbers that are case sensitive.  But, I am changing it again now.  I am going to try cross referencing to see if I can figure out who it might be, but I am not sure I am skilled enough to figure that out.  Not sure where to go for my server logs but I will most certainly look into it.  I would not be surprised if it is the creep who wrote all sorts of profane comments on the site until I banned the IP address and forced registration just to view the albums.

One question, when I change my password, it asks me to confirm which user I am changing it for and it gives me three options - my user name and two that look like this "<>".  What on earth are those?
Logged

Nibbler

  • Guest
Re: unsolicited password reminder
« Reply #4 on: April 12, 2005, 01:57:48 am »

That would be some password remembering feature in your browser, not a part of coppermine. Just going to /profile.php?uid=1 will bring up the admin profile on most galleries, so it is easy to get the admin username.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: unsolicited password reminder
« Reply #5 on: April 12, 2005, 07:24:55 am »

as a workaround against what Nibbler is refering to, create another user account, make him admin, log in with the new admin account and make the old aldmin account a regular user. This way, your new admin account will have a random uid (not "1").

Joachim
Logged

Im_Addicted

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Re: unsolicited password reminder
« Reply #6 on: April 12, 2005, 03:50:17 pm »

Thank you so much.  I will do that now.
Logged
Pages: [1]   Go Up
 

Page created in 0.021 seconds with 19 queries.