Someone tried to... do something to my account?

[Liliam]

So I just got up, and checked my e-mail, and I find three copies of the following in my inbox:

Dear Neo Chaotikal,

You have requested to reset your password on SRB2 Message Board because you have forgotten your password. If you did not request this, please ignore it. It will expire and become useless in 24 hours time.

To reset your password, please visit the following page:
<snip>

Obviously I can't check who the culprit was, but maybe you can? Am I that prestigious of a target? Has this happened to someone else?

 

[Terra]

Well, this never happened to me, but right now I think you should worry about changing both your E-Mail password and SRB2 MB password.

 

[Liliam]

Anyone can request a password reset right here: http://mb.srb2.org/login.php?do=lostpw

The point is, you have to intentionally and specifically write an existing member's e-mail address for it to do anything, and even then you'd need to be able to peek in my e-mail inbox to take control of my one of my random forum accounts. I'm not sure if this was the work of a misguided human, a malicious human, or a particularly annoying bot. I'm putting it out there just in case.

 

[Rob]

I'm surprised someone would pick your account over a staff member's, honestly.

I'll direct Alam or Logan to this and see if they can't check server logs to see who might've been trying this.

 

[Torgo]

I was thinking that it could have possibly been a user with a similar name and used autocomplete or something, but I don't think there is another user that starts with Neo C. *shrug*

 

[Mystic]

I suspect Torgo is right on this one. Never attribute to malice what you can attribute to pure stupidity.

 

[Ricardo]

I was thinking that it could have possibly been a user with a similar name and used autocomplete or something, but I don't think there is another user that starts with Neo C. *shrug*

Regardless of there being a similar name or not, someone apparently typed Neo's e-mail three times to attempt to reset his password for some reason, so it certainly wasn't "an accident".

However, I suspect this may be a prank (Halloween and etc.). Really, there is no point in doing something like this if your intent is to do harm.

 

[Torgo]

Oh, so you have to know the e-mail address to do a password reset? That is a bit more odd then. I *guess* there could have been a similar e-mail address, but it seems a little unlikely.

Is there a different screen that tries to send the password request to the e-mail associated to the name you tried to log in?

 

[Monster Iestyn]

...Well it's not exactly hard to find Neo's email actually, so I don't really think it was an "accident" much either.

 

[LoganA]

Neo Chaotikal, can you give me the times and date of each lost password email you got?

 

[Liliam]

Date: Sat, 02 Nov 2013 08:44:59 +0000

Date: Sat, 02 Nov 2013 08:45:19 +0000

Date: Sat, 02 Nov 2013 08:49:08 +0000

 

[LoganA]

171.101.237.53 - - [02/Nov/2013:04:44:31 -0400] "GET /index.php HTTP/1.1" 200 13405 "http://mb.srb2.org/login.php?do=lostpw" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36"
171.101.237.53 - - [02/Nov/2013:04:44:58 -0400] "POST /login.php?do=emailpassword HTTP/1.1" 200 3939 "http://mb.srb2.org/login.php?do=lostpw" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36"
171.101.237.53 - - [02/Nov/2013:04:45:02 -0400] "GET /index.php HTTP/1.1" 200 13395 "http://mb.srb2.org/login.php?do=emailpassword" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36"
171.101.237.53 - - [02/Nov/2013:04:45:18 -0400] "POST /login.php?do=emailpassword HTTP/1.1" 200 3939 "http://mb.srb2.org/login.php?do=lostpw" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36"
171.101.237.53 - - [02/Nov/2013:04:45:23 -0400] "GET /index.php HTTP/1.1" 200 13410 "http://mb.srb2.org/login.php?do=emailpassword" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36"
171.101.237.53 - - [02/Nov/2013:04:48:47 -0400] "POST /login.php?do=emailpassword HTTP/1.1" 200 7861 "http://mb.srb2.org/login.php?do=lostpw" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36"
171.101.237.53 - - [02/Nov/2013:04:49:07 -0400] "POST /login.php?do=emailpassword HTTP/1.1" 200 3939 "http://mb.srb2.org/login.php?do=lostpw" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36"
171.101.237.53 - - [02/Nov/2013:04:49:12 -0400] "GET /index.php HTTP/1.1" 200 13370 "http://mb.srb2.org/login.php?do=emailpassword" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36"

 

[Jayoshi]

Reminds me of another troll from Thailand that used to attack the smbx forums and MFGG.

So, who on this forum uses (or has used) 171.101.237.53, anyways?

 

[Monster Iestyn]

As far as I can see, nobody at all whatsoever.

 

[Liliam]

Google cache throws up a match on the Master Server, though, game ID 90512. The plot thickens.