Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: An important note to all private trackers users

  1. #1
    Lots of sites changed to more strict security policy last weeks, all of them stated that bunch of accounts hijacking occur daily. U can check any tracker help irc to realize the size of such prob.

    The most reason for this hijacking I guess is that the some users use the same password in more than a tracker (or in all their trackers), in fact tracker mods. can access ur password too (so don't use a password like f***ingpay2lechtracker ), so please be ware and change ur passwoeds to more secure ones, time of ilovemary like passwords has gone.

    Cautions suggested by FST users:
    *Use https to access the site. (If your trackers rules allow using https freely of course).
    *Use different nickname, passwords & e-mail for each site.
    *Use a password manager like Roboform or Firefox.
    *Don't sign up in every tracker you know. Only what tou need.
    *Try including numbers inbetween your password field.


    (If you know another way to avoid such hijacking please post here and I'll edit this post)
    Take care. (If I hijacked any of FST users accounts, don't be worried, I'll just invite myself then return the account to his owner )
    Last edited by (I); 03-13-2008 at 07:56 PM.

  2. BitTorrent   -   #2
    Poster BT Rep: +16BT Rep +16BT Rep +16BT Rep +16
    Join Date
    Dec 2007
    Posts
    211
    Using ssl helps as well when entering your password

  3. BitTorrent   -   #3
    VIZFX's Avatar Looking at You! BT Rep: +2
    Join Date
    Nov 2007
    Posts
    368
    I recommend even using a different nickname for each site. Good info over all.

  4. BitTorrent   -   #4
    Poster
    Join Date
    Feb 2008
    Posts
    125
    I've always suspected this to be a problem, where the admins can see your passwords.

    Your best bet is to use different user names, passwords, and emails for all your trackers.
    This way, a "shady" admin can not know your user name and password
    and hijack one of your tracker accounts.

    For now, I've started changing my passwords for my favorite trackers.

    It can be a mess to keep track of, but you can always use Roboform or Firefox password
    manager to remember your login details for all your trackers.

    It's sad that some people have nothing better to do than to hijack other
    people's accounts, I hope they catch these fools one day.

  5. BitTorrent   -   #5
    rocky1234's Avatar BT God BT Rep: +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100
    Join Date
    Aug 2006
    Location
    Cyberspace
    Posts
    536
    Ya, lot of Hacking attempts recently. Even certain websites database has been compromised because of that.



  6. BitTorrent   -   #6
    Quote Originally Posted by dythim View Post
    Using ssl helps as well when entering your password
    1st time to know https helps in that
    Thamks dythim

  7. BitTorrent   -   #7
    SSL only helps in password sniffing, it does not help against the site admin stealing your pass

  8. BitTorrent   -   #8
    rvt's Avatar Poster BT Rep: +1
    Join Date
    Aug 2007
    Posts
    441
    What's with spreading false info about mods and admins being able to see your password?

    Yes, it's possible on a site specifically coded to catch users passwords (a phishing site in other words), but the default tbdev uses hashing to protect the passwords. It's the reason you cannot simply have your password sent to you. Not even the server can recover a plain text password from a hash.

    The most likely way to lose your pass is on a site which does not protect against brute force attacks. With a weak password, and no brute force protection, an attacker can simply keep feeding passwords into the site until they get access. Once they are in, they will then try the same password on other sites you are a member of.

    Simply avoid using dodgy sites or signing up to every single new site that is announced, and don't use the same password everywhere. That way, if you join one of the phishing sites (less likely if you don't sign up to brand new sites), you have not lost anything. If you are bruteforced on a site without protection, you have not lost anything.

  9. BitTorrent   -   #9
    Quote Originally Posted by (I) View Post
    The most reason for this hijacking I guess is that the some users use the same password in more than a tracker (or in all their trackers), in fact tracker mods. can access ur password too (so don't use a password like f***ingpay2lechtracker ), so please be ware and change ur passwoeds to more secure ones, time of ilovemary like passwords has gone.
    no tracker mod or tracker admin can access your password, unless they read it out at login what most dont do and if they do only the sysop has access to it. so you are pretty clueless in your guessing.

    the most times an account gets hijacked is from brute forcing. you just need the userlist and the program accessdiver then you run all usernames to passwords like 123456 or qwerty.for bitme i found like 20 logins all vip/elite members..they changed to ocr login then.....that can be bruteforced too but its much harder and not really worth it... (tho i wish site admins would change to some smart/funny/clever methods instead of deciphering fucking letters..... like instead show a photo of 10 animals where u must pick the cat..... or do some math work etc)

    another way would be to steal the users cookie but even then u dont know the users password in plain text u only have the hash and its not really workable to crack the real password from that, so yes...you can have the same password on every tracker still it doesnt matter.

    but having different names in sites is a wise decision also if u get banned at some tracker u might lose other accounts on other sites with the same name.... anyway just pick some good password nothing that can be bruteforced and u r safe...
    Last edited by naranja; 03-12-2008 at 11:11 AM.

  10. BitTorrent   -   #10
    apollon's Avatar Poster BT Rep: +1
    Join Date
    Mar 2008
    Posts
    25
    I use AI roboform.
    so, I generate passwords each tracker, and save this.
    for roboform I don't need to memorize any password.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •