|
Post by Huronna on Nov 9, 2023 9:37:43 GMT -5
When I get on the computer first thing I di is I go to my e-mail. Since I get notifications of PM's sent to me I first read them. Many I can tend to when I get to the site, but today I get one that said "Checkout 'outstanding tags 2014'I suspect they may be up to no good. Delete them before sombody clicks them." a bunch of things went through my head, aren't those threads locked? I could not imagine any member messing with anything. So immediately I went to check it out. There were two posts in that area (and the area is totally locked no members can read but not add anything) How did someone post? I did not open the post, I could see the names of the poster and I recognized both of them. I have been getting many applications lately, I always check the IP addresses and many of them have been from Bangladesh, those I immediately reject other IP address I will let stay for a day or to to see if they sent the e-mail regard the responses to the questions in the application. These two posters were immediate rejects from a day ot so ago. I did immediately delete those two threads and rechecked to makes sure the area was indeed locked, it was. I then went to the admin security logs and in these logs are many things. All the edits that I or any member makes are there, and this delete (not the content) was there.
I have sent all this information to Support and will let you all know their response.
So please IF YOU EVER SEE ANYTHING STRANGE, send me a PM so I can deal with anything that pertains to the site. This is the first time since 2006 that anything like this has ever happened, and I'm getting flashbacks to the MSN day when AL was shuttered and no reason was ever received.
|
|
|
Post by Flagryl on Nov 9, 2023 10:03:10 GMT -5
I wonder if it's time for AL to go Private. We have so many lessons and tutorials I would hate to see compromised.
|
|
|
Post by Huronna on Nov 9, 2023 10:23:52 GMT -5
I'm working with this on Support
|
|
|
Post by Huronna on Nov 9, 2023 10:32:32 GMT -5
Sadly that is the only way it can be done. Many of the boards in the properties were already Who can access this category..members and staff. but There were some that said everyone and when it said that, it enabled outsiders to post, though this has never ever happened before. I'm going to see if there is someone to make a board visible but not postable
|
|
|
Post by Huronna on Nov 9, 2023 10:43:09 GMT -5
OK we have found a way, now we just have to decide if there is any other area that we want visible to the world To check what I mean, log out of the site and then come back as a viewer or guest. You should only see the Must Read Information but you will no longer be able to post as a guest.
Is there any other area that we should have visible to the world? but allowing posting to only members and staff?
|
|
|
Post by Huronna on Nov 9, 2023 10:49:34 GMT -5
I want to give ARBEE my big thanks for giving me the alert first thing in the morning.
|
|
|
Post by Flagryl on Nov 9, 2023 12:52:23 GMT -5
Personally, I don't think our Monthly Chat thread should be public. Too much personal stuff and pics there.
|
|
|
Post by Flagryl on Nov 9, 2023 12:52:47 GMT -5
Yea Arbee, you rock!
|
|
|
Post by Huronna on Nov 9, 2023 15:20:24 GMT -5
Nope it's not visible for non-members This is the only thing that is visible to non-members. they can read these topics, but they cannot post in them and any links to other areas they get......you are not authorized to view this
|
|
|
Post by Flagryl on Nov 9, 2023 16:15:27 GMT -5
That would be fine!
|
|
|
Post by Huronna on Nov 9, 2023 16:34:03 GMT -5
ok leaving it that way, I have enough other things to worry about LOL
|
|
|
Post by silk on Nov 9, 2023 19:02:49 GMT -5
Thank you for sorting this out Huronna, Arbee and Flagryl.
|
|
|
Post by Bubs on Nov 9, 2023 21:01:16 GMT -5
I also want to say "thank you" for everyone's time involved in solving this problem. (((HUGS)))
|
|
|
Post by deezaster on Nov 10, 2023 2:05:51 GMT -5
I’m guessing, this could have happened without anyone knowing. So I’m just throwing this out there, as we forget about these things at times… A user of these boards could have had their Facebook and or email compromised, and not even be aware of it yet. This means you can lock everything up you want, but if they are a member with a compromised “keystroke shadow” access via Facebook or an email (the two most common ways to get compromised) then they can access, everything, said member can because they have all that persons access to their accounts, passwords etc, they can clone everything.
It is important to Never click on any link, image, or web address without knowing from whom and where it came, FB is filled with click bait and a lot of it is compromising, email is the same. Both also have malware attached to images and files If you don’t recognize the senders email, then do not open it, you immediately compromise everything by doing so, you don’t need to click on anything just open the email will trigger a keystroking invisible Trojan. Never fully trust security software, and update it regularly There are thousands of backdoor Trojans, hacking profs, bad Links bd data, malware, bait click, etc made hourly, to replace those already discovered, Security software cannot keep up with that.. no matter who makes it. Use your smarts and don’t click, save, open, peruse, anything when you don’t know it’s origins, and lastly Never give out passwords via email or messenger or phone texts to family or friends, Snail Mail that information or write everything in a password book. You should also change all your passwords at least every 3 months. And no 2 should be the same.
Thank you for fishing out those sneaky bastards and fixing the problem, awesome work ladies.
|
|
|
Post by Huronna on Nov 10, 2023 9:28:37 GMT -5
Good advice for those who forget about it. I was at lunch the other day and she was telling me when happened to her husband. He's one of those people who knows everything...well he thought he did. Apparently he had bought a computer at Best buy and did a Geek contract (a fool right there) He got an e-mail that it was time to renew, but he wanted to cancel it, so while he was on line, he called them to cancel it...and guess what...it was a hacker who got into everything in his computer, told him they could access all of his account, knew all the balances...and on and on and on. So with his wife's cell, he called the security company he uses, something like Life Lock but different. He followed their instructions, turning off all computers for at least 24 hours while they took care of the soft ware that had been embedded in his computer. Meanwhile he had to contact all of his banks and credit cards and cancel everything. Oh and they had wanted $50,000 ransom to get out of his computer. So even someone who things they know everything, can "get gotten'
|
|
|
Post by margie52501 on Nov 10, 2023 13:23:38 GMT -5
Thanks for letting us know what's going on here. We appreciate our privacy as well do all the members on this board.
|
|
|
Post by Flagryl on Nov 10, 2023 13:44:34 GMT -5
I have a Best Buy Total that includes Geek Squad contract and they have been great, they never ask for any personal info. Only your email address and phone on your BB Account and they required a secondary verification process for protection. I do not think this is a foolish at all. Quite the opposite. And, they never send you an email w/link to update. Only notifications. You choose if you want it ongoing and manage it in your Best Buy Account.
|
|
|
Post by panthera66 on Nov 10, 2023 16:20:24 GMT -5
Thanks for keeping this group safe and all the hard work involved . Fingers crossed its sorted and doesn't happen again. I wouldn't have a clue.
|
|
|
Post by Grassy on Nov 10, 2023 19:44:00 GMT -5
Wow - holy cow! Thanks everybody, especially Eagle Eye Arbee for spotting the weird post.
|
|
|
Post by Smilyn on Nov 11, 2023 8:22:09 GMT -5
Thank you Special Security Occifer Arbee, and thank you very much Huronna for all the work you do to keep these spaces safe. I totally understand your flashbacks; that was a horrible thing - and no explanation means no closure. The legacy of these two pages is unique. You do a great job of protecting it. My small input - my opinion - is that only the 1st of the three items in your screenshot should be available. Holly's tutorial on how to use a rotator, for instance, is not info I see as something to share with non members. There are many groups that just give you a form to fill out before you see anything.
And after Deezaster's comment I am going to update my security.
|
|
|
Post by Huronna on Nov 11, 2023 11:07:46 GMT -5
Thanks for you input Milyn. There is a form for applying members to fill out, or to e-mail me with their responses. I know in the very old days this was not done, we just accepted everyone since there was never an influx. I changed that quite a few years ago when spammers would join my ferret site. Changed that one also. And you are right, many people just change their stuff when the mood hits them or the seasons change and keeping the others in sync somethings is a pain in the butt. ANd I hate when people post something and it's only a temporary post and you go to look a thread and there is nothing but little boxes. Yes sometimes that happens on it's own. I was just on another site and monthly you have a partner where you make things in certain categories for them. So I was curious as to what this member was making, everything she had posted, even as recent as the 9th, we gone, Seemed that as soon as her partner had picked them up she deleted them. Bleck! Personally I love seeing the old tags in people's rotators...but I digress ha ha
|
|