ForumsWebsite Feedback
Someone is trying to reset your password
Bitza Racing » Forums » Website Feedback
Someone is trying to reset your password
My ProfileMy PreferencesMy Mates
SearchMy Stuff
What's New3122472
Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only
Author
Discussion

saaby93

Original Poster:

32,038 posts

201 months

[report]
[news]
Sunday 26th August 2018
quotequote all
A couple of times now Ive had the
to reset your password click this link
email come through.
and
your old password will no longer work afterwards

Why would anyone be trying to reset my password?
and what's the point if the reset link comes through to my email address?

Don1

16,439 posts

231 months

[report]
[news]
Tuesday 28th August 2018
quotequote all
Phishing, password reuse would be the normal reason. I'd be more worried that someone can reset your password without an additional form of ID - do that to enough people you have a DOS attack.

anonymous-user

77 months

[report]
[news]
Tuesday 28th August 2018
quotequote all
Security is well documented as poor on PH.

Guys who do IT for a living have offered to patch it for PH some for free.. Haymarket not interested.

Jack Mansfield

3,273 posts

113 months

PH TEAM

[report]
[news]
Wednesday 29th August 2018
quotequote all
Hi Saaby,

I'm just looking into this for you, will come back to you shortly...

Thanks for reporting it.

Jack

B'stard Child

30,797 posts

269 months

[report]
[news]
Wednesday 29th August 2018
quotequote all
saaby93 said:
A couple of times now Ive had the
to reset your password click this link
email come through.
and
your old password will no longer work afterwards

Why would anyone be trying to reset my password?
and what's the point if the reset link comes through to my email address?
Who sent the email - I mean really sentvit not who the email says sent it

saaby93

Original Poster:

32,038 posts

201 months

[report]
[news]
Thursday 30th August 2018
quotequote all
B'stard Child said:
Who sent the email - I mean really sentvit not who the email says sent it
Good point

Received: from a8-176.smtp-out.amazonses.com ([54.240.8.176])

the link to click is to
https://www.pistonheads.com/emails/process?


saaby93

Original Poster:

32,038 posts

201 months

[report]
[news]
Monday 24th December 2018
quotequote all
Just happened again. Own up tongue out

It says it was from adverts at PH
but looking in more detail

a8-13.smtp-out.amazonses.com [54.240.8.13]

anonymous-user

77 months

[report]
[news]
Monday 31st December 2018
quotequote all
Yes, same today.

What's going on?? It sounds as though a known security issue has not been addressed.

anonymous-user

77 months

[report]
[news]
Wednesday 2nd January 2019
quotequote all
And the same again today.

This really does need to be properly sorted out.

saaby93

Original Poster:

32,038 posts

201 months

[report]
[news]
Friday 4th January 2019
quotequote all
and again
a8-56.smtp-out.amazonses.com [54.240.8.56]

Mr2Mike

20,143 posts

278 months

[report]
[news]
Monday 7th January 2019
quotequote all
Just got the same email, again from a8-176.smtp-out.amazonses.com

EDIT: Just tried a genuine "forgot password" request and the email comes from the same server.

Burwood

18,718 posts

269 months

[report]
[news]
Tuesday 8th January 2019
quotequote all
I got one too

saaby93

Original Poster:

32,038 posts

201 months

[report]
[news]
Tuesday 8th January 2019
quotequote all
Jack Mansfield said:
Hi Saaby,

I'm just looking into this for you, will come back to you shortly...

Thanks for reporting it.

Jack
Just in case anyone was wondering, no-one came back and the dubious messages still appear from time to time
Unless one is the other hehe

thebraketester

15,498 posts

161 months

[report]
[news]
Tuesday 8th January 2019
quotequote all
Give them chance for heavens sake.

saaby93

Original Poster:

32,038 posts

201 months

[report]
[news]
Tuesday 8th January 2019
quotequote all
thebraketester said:
Give them chance for heavens sake.
Sorry boxedin

How long do you reckon in PH years?
And theyre just going through a transfer of ownership

bitchstewie

64,179 posts

233 months

[report]
[news]
Wednesday 9th January 2019
quotequote all
There probably isn't much they can do given that if you forgot your password you'd want to use the "forgot my password" functionality to send a reset link.

I'd focus on making sure you're using a strong unique password for every site you use, and make damned sure you're using one (and ideally multi-factor authentication) for your email account.

saaby93

Original Poster:

32,038 posts

201 months

[report]
[news]
Wednesday 9th January 2019
quotequote all
bhstewie said:
There probably isn't much they can do given that if you forgot your password you'd want to use the "forgot my password" functionality to send a reset link.

I'd focus on making sure you're using a strong unique password for every site you use, and make damned sure you're using one (and ideally multi-factor authentication) for your email account.
It does make you wonder if it's not a PH issue but whether someone is monitoring/using your email account

bitchstewie

64,179 posts

233 months

[report]
[news]
Wednesday 9th January 2019
quotequote all
saaby93 said:
It does make you wonder if it's not a PH issue but whether someone is monitoring/using your email account
Use Gmail
Use a strong unique password
Switch on Multi-Factor

bitchstewie

64,179 posts

233 months

[report]
[news]
Wednesday 9th January 2019
quotequote all
Oddly I had one this morning.

Anyone else or am I the lucky one?

Mr2Mike

20,143 posts

278 months

[report]
[news]
Wednesday 9th January 2019
quotequote all
saaby93 said:
It does make you wonder if it's not a PH issue but whether someone is monitoring/using your email account
Anyone can trigger these messages on PH (and other forums) just by attempting to log in as an existing user and requesting a password reset. Unless you have evidence of your email account being used then it's not linked.

A slightly competent IT team should be able to see if many different user password requests are being triggered from a single IP address so I won't hold my breath on that.
Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only

Forums | Website Feedback | Top of Page | What's New | My Stuff