Yes, this is extremely strange. I wonder what they were trying to do with the liveupdate addon.
I commented earlier that while Matt was looking through server logs, that IP showed up a lot with LiveUpdate references.Where exactly does that addon tie into any of this?
I commented earlier that while Matt was looking through server logs, that IP showed up a lot with LiveUpdate references.
It may be worth checking if there is a vulnerability in that. @Chris D
Doubt there is.
Then the only solution is to mark all his e-mails as spamI realized tonight I have an account at *******s, decided to try and change the email/password to something random, apparently they've disabled the ability to change the registered email....great
View attachment 107374
Dropped you a PC, ChrisIt can be easily explained by the fact that the live update page is polled roughly every 10 seconds for each logged in user, and each tab they have open, in fact
I log in to TAZ multiple times a day, so the attacker could use up 2 trials between each login. They could have been trying for weeks. That's one explanation.Still can't fathom how they guessed the mod's password on the first try.
I log in to TAZ multiple times a day, so the attacker could use up 2 trials between each login. They could have been trying for weeks. That's one explanation.
The other explanation is more spooky. I used the same XF password for my development install which had a ******* addon (Advanced Reputation System) on it. The dev install is password protected with a completely different password so it seemed secure enough.
I don't think so.The dev install is password protected with a completely different password so it seemed secure enough.
Their code always used a callback, and they sent the entire $_SERVER array to their site - this includes the your IP, as well as any basic authentication (htaccess) details used to access the AdminCP area (which I'm not sure many people are aware of).
Well.. that would be just shocking.So... it's possible his addons are logging passwords.
so the attacker could use up 2 trials between each login. They could have been trying for weeks. That's one explanation.
Well.. that would be just shocking.
Lisa said the logs don't show any failed attempts. Maybe you really DID use the same password? That's the only conclusion I can see.
Thanks for suggestion. Let us try next update.So... it's possible his addons are logging passwords
Crap. I must have forgotten to use my sarcasm bbcode againThough, not as shocking as it would be if someone else's add-ons were doing that.
We use essential cookies to make this site work, and optional cookies to enhance your experience.