Paul, they might be phishing around the site and may have possibly hacked some or all users passwords. Allowing them to easily hijack an account/s and use it to spam all over the site. If you're thinking that changing your password is pointless it's not. It could have taken them weeks or months to get it and so by changing it sets them back again and they'll most likely lose interest and hopefully move on. It's not a bad thing either to change it regularly which can help minimise the risk and the stronger your password is the longer it will take to be cracked.
I would hope that most sites had ( at least ) a limit on failed sequential logins.
The brute force cracking can only work if they test against the site????
That said, changing passwords is always a good thing ( as long as you can remember them :-) )
Andrew
Paul, they might be phishing around the site and may have possibly hacked some or all users passwords. Allowing them to easily hijack an account/s and use it to spam all over the site. If you're thinking that changing your password is pointless it's not. It could have taken them weeks or months to get it and so by changing it sets them back again and they'll most likely lose interest and hopefully move on. It's not a bad thing either to change it regularly which can help minimise the risk and the stronger your password is the longer it will take to be cracked.
The big thing spammers / phishers go for is email addresses and then bomb you with junk emails and they can even send out emails to random people with your email address as the sender so it looks like you are the spammer. If you ignore and delete suspect emails they soon stop.
Mostly, aren't these spammers just advertising their stuff. And don't they just create an account in the normal way followed by posting their links?
Why have we suddenly started substituting/confusing 'spammer' with 'hacker'?
This is most likely what's happening but I thought I'd point out what can happen and why it's good practice for not just on here but for the 'www universe' in general.
This is most likely what's happening but I thought I'd point out what can happen and why it's good practice for not just on here but for the 'www universe' in general.
Ok matey, thanks for taking the time to clarify. I do totally get what you're saying in the broader context.
Perhaps , but I have recieved 2 emails from a fellow IIS'r last week , just links and nothing else , I did not open them of course just deleted them and
he has been notified and did not send them so I thought I would put this out there so others can be advised .
Brian.
Quote:
Originally Posted by LostInSp_ce
This is most likely what's happening but I thought I'd point out what can happen and why it's good practice for not just on here but for the 'www universe' in general.
Considering that this site is using HTTP only (no encryption) keep in mind that passwords are sent over the Internet in plain text, readable by everybody.
DO NOT REUSE THE PASSWORDS!