Okay, this is not to start a he did, she did topic!

I can see how a "host" could hijack an account here and post. Follow me as I walk you thru the steps:

1 - A client posts a negative comment of their current host.
2 - The current host see's this and wants to resolve it.
3 - The current host takes matter into there own hands (here's where is gets scarry.
4 - The host then places a foward against the client, so any e-mails that are coming into that domain would be fowarded to say root@host.com
5 - The host then selects - forgot my password here at WHT.
6 - A e-mail is generated with the correct password to the clients e-mail, however it is intercepted.
7 - The host now has the password and decides to post a retraction statement.

Now, that control of the account has changed, the clients password on WHT can be changed and the e-mail address so that person cannot log back in.

I know this is kinda far fetched, but that is a security hole where a know piece of information is not challanged to retrieve the password. I'm not sure if vBulliten has a mod for that type of security, but it may be worth while to check into.


Some things to do to protect yourself. Create an e-mail account with one of the many "free" providors out there, hotmail, yahoo, mail.com just to name a few. If you feel like you have to talk in a negative way about your host, use that type of e-mail so your account cannot be hijacked.


Just my thoughts and personal opinion.

If I may add something, please.

It would also be a smart idea to not use the same passwords.

I normally use the same set of passwords & user name. It makes things more easy, but it also makes it easy for others if they catch one of them. :(

that's one hell of a story ;)

Yup and that's the very reason that everyone should have a secure password (http://www.webhostingtalk.com/showthread.php?s=&threadid=185043), to try and prevent account hijacks in most cases - although not all.

Then the moderators here at WHT get wind of it and the Bad Hosts life starts to suck real bad. :eek:

Touche rochen


*centrahost has secure password* :D

Hai,

This issue become an example to go for a goodhost
which gives a securedpassword.Privacy is one of the important thing for the mailaccount.Then only everyone can
able to have a full use of mail.

Originally posted by centrahost
Then the moderators here at WHT get wind of it and the Bad Hosts life starts to suck real bad. :eek:

Which after that, a mod may go into the censorship options and add that Bad Host's name so it will show ****** instead of "BadHost."

Having a great password and changing it everyday would not alter the course of events that ZoneHosting outlined.

That would indeed be difficult to protect against...

There is 'some' protection forum admins can use. IPs are logged with every post, so a dramatic change in the address from where a post is made can often identify when an account has been hijacked. It's rarely useful to actually finger the person who hijacked the account, since they should (if they're not complete idiots) use a proxy, but it's at least useful to determine whether or not the original user made the post in question.

Would be nice if anyone on a dedicated IP could request access only from their own IP/range. That could at least solve the problem for those of us paranoid enough to do that :)

Or if you have several domains on different hosts, use the email on the host you're not having problems with.

Originally posted by ZoneHosting
Some things to do to protect yourself. Create an e-mail account with one of the many "free" providors out there, hotmail, yahoo, mail.com just to name a few. If you feel like you have to talk in a negative way about your host, use that type of e-mail so your account cannot be hijacked.

Or if you have several domains on different hosts, use the email on the host you're not having problems with.

that would work - or just hold your thoughts until you are able to relocated you host, REMEMBER to wait atleast 72 hours, as you site may resolve correctly for you (to your now host) but may not for the whole internet...