An important note to all private trackers users

Lots of sites changed to more strict security policy last weeks, all of them stated that bunch of accounts hijacking occur daily. U can check any tracker help irc to realize the size of such prob.

The most reason for this hijacking I guess is that the some users use the same password in more than a tracker (or in all their trackers), in fact tracker mods. can access ur password too (so don't use a password like f***ingpay2lechtracker :no:), so please be ware and change ur passwoeds to more secure ones, time of ilovemary like passwords has gone.

Cautions suggested by FST users:
*Use https to access the site. (If your trackers rules allow using https freely of course).
*Use different nickname, passwords & e-mail for each site.
*Use a password manager like Roboform or Firefox.
*Don't sign up in every tracker you know. Only what tou need.
*Try including numbers inbetween your password field.

(If you know another way to avoid such hijacking please post here and I'll edit this post)
Take care. (If I hijacked any of FST users accounts, don't be worried, I'll just invite myself then return the account to his owner :P)

Using ssl helps as well when entering your password :)

I recommend even using a different nickname for each site. Good info over all.

I've always suspected this to be a problem, where the admins can see your passwords.

Your best bet is to use different user names, passwords, and emails for all your trackers.
This way, a "shady" admin can not know your user name and password
and hijack one of your tracker accounts.

For now, I've started changing my passwords for my favorite trackers.

It can be a mess to keep track of, but you can always use Roboform or Firefox password
manager to remember your login details for all your trackers.

It's sad that some people have nothing better to do than to hijack other
people's accounts, I hope they catch these fools one day.

Ya, lot of Hacking attempts recently. Even certain websites database has been compromised because of that.

Quote:

---

Originally Posted by dythim

Using ssl helps as well when entering your password :)

---

1st time to know https helps in that
Thamks dythim

SSL only helps in password sniffing, it does not help against the site admin stealing your pass

What's with spreading false info about mods and admins being able to see your password?

Yes, it's possible on a site specifically coded to catch users passwords (a phishing site in other words), but the default tbdev uses hashing to protect the passwords. It's the reason you cannot simply have your password sent to you. Not even the server can recover a plain text password from a hash.

The most likely way to lose your pass is on a site which does not protect against brute force attacks. With a weak password, and no brute force protection, an attacker can simply keep feeding passwords into the site until they get access. Once they are in, they will then try the same password on other sites you are a member of.

Simply avoid using dodgy sites or signing up to every single new site that is announced, and don't use the same password everywhere. That way, if you join one of the phishing sites (less likely if you don't sign up to brand new sites), you have not lost anything. If you are bruteforced on a site without protection, you have not lost anything.

Quote:

---

Originally Posted by (I)

The most reason for this hijacking I guess is that the some users use the same password in more than a tracker (or in all their trackers), in fact tracker mods. can access ur password too (so don't use a password like f***ingpay2lechtracker :no:), so please be ware and change ur passwoeds to more secure ones, time of ilovemary like passwords has gone.

---

no tracker mod or tracker admin can access your password, unless they read it out at login what most dont do and if they do only the sysop has access to it. so you are pretty clueless in your guessing.

the most times an account gets hijacked is from brute forcing. you just need the userlist and the program accessdiver then you run all usernames to passwords like 123456 or qwerty.for bitme i found like 20 logins all vip/elite members..they changed to ocr login then.....that can be bruteforced too but its much harder and not really worth it... (tho i wish site admins would change to some smart/funny/clever methods instead of deciphering fucking letters..... like instead show a photo of 10 animals where u must pick the cat..... or do some math work etc)

another way would be to steal the users cookie but even then u dont know the users password in plain text u only have the hash and its not really workable to crack the real password from that, so yes...you can have the same password on every tracker still it doesnt matter.

but having different names in sites is a wise decision also if u get banned at some tracker u might lose other accounts on other sites with the same name.... anyway just pick some good password nothing that can be bruteforced and u r safe...

I use AI roboform.
so, I generate passwords each tracker, and save this.
for roboform I don't need to memorize any password. :)