Password reset notifications

Status
Not open for further replies.
INDY72

INDY72

Monitoring since 1982, using radios since 1991.
Premium Subscriber
Joined
Dec 18, 2002
Messages
14,650
Location
Indianapolis, IN
Just got a PW reset request notification myself,.. So add me to that list.
 
S

slicerwizard

Member
Joined
Sep 19, 2002
Messages
7,643
Location
Toronto, Ontario
Aaaaand I immediately get six of these:


To: slicerwizard
Subject: RadioReference.com Password Reset Request



Dear slicerwizard

You requested a password reset for your account with username: slicerwizard

Please visit the following link to change your password for your account:

[URL="https://www.radioreference.com/apps/account/[/URL]

Sincerely,

The RadioReference.com Admin Team

NOTE: If you did not make this request you can safely disregard this message.

if the link above does not work, paste this direct link in your browser:

https://www.radioreference.com/apps/account/?action=doPw&u=slicerwizard&c=01767e64

Request IP Address: 209.95.60.138
 
poltergeisty

poltergeisty

Truth is a force of nature
Banned
Joined
May 7, 2004
Messages
4,012
Location
RLG, Fly heading 053, intercept 315 DVV
Might I suggest the best script in the whole world CIDRAM? :lol: I use it myself and it's been great. I don't know why there are password resets happening, but I can only guess it's a bot doing it.

Perhaps a Recaptcha should be used on the password reset link page.

And this forum software is quite old. But please don't go Xenforo. I hate that platform. It's like built for millennials who like trophies and likes.

E-mails like these might actually make the RR E-mail get blacklisted I suppose.
 
rbrtklamp2

rbrtklamp2

Member
Premium Subscriber
Joined
Dec 8, 2005
Messages
847
Location
Dupage County, Illinois
LS101 said:
Got 5 today

Request IP Address: 174.220.13.236
Click to expand...
I got one yesterday from the same IP address. I disregarded it and came to the site it self to update my password. Figured I may as well just as a safeguard but why the hell would they want our RR info.?

Sent from my SM-N910V using Tapatalk
 
poltergeisty

poltergeisty

Truth is a force of nature
Banned
Joined
May 7, 2004
Messages
4,012
Location
RLG, Fly heading 053, intercept 315 DVV
They are not after your RR Info. It sounds like someone is running a bot and triggering the password reset link on your account. If the email is not coming from RR that of course is something completely different altogether. Which would be of the phishing realm.

Always have to be mindful of the emails one gets. If it looks suspicious then don't trust it.

The IP address of 174.220.13.236 is from Verizon wireless out of NY.

The IP address of 50.7.87.195 is from a host called FDCServers.net out of Kansas.

Note how the email says, "if you did not make this request you can safely disregard this message." Which would be wise to do.


I wonder if it would be a good idea for people to post the full email headers to narrow down the culprit. Maybe this has been rectified already though.
 
mmckenna

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
23,842
Location
Roaming the Intermountain West
poltergeisty said:
Perhaps a Recaptcha should be used on the password reset link page.

And this forum software is quite old. But please don't go Xenforo. I hate that platform. It's like built for millennials who like trophies and likes.

E-mails like these might actually make the RR E-mail get blacklisted I suppose.
Click to expand...

I think this is a good point.

I'm not paying for a subscription, so I don't count, leave me out of this…

But, for those that are paying for service, I'd expect this site to take some steps if there is some risky stuff going on. Knowing it's happening, but not making an effort to secure it gets a little on the grey side of things. If I was running a site that took money in exchange for a service, I'd probably be getting a tad bit nervous. I'd probably be taking some steps to at address the risk. Like you said, a "captcha" function on the password reset page.

Either way, someone managed to get enough information to tie our RR.com user names to an e-mail address and send out an e-mail to all of us that looks like it's coming from RR on the surface. Most don't know to read into the headers, do IP lookups, etc. to see where stuff is coming from.

Knowing there is a security risk and failing to take steps to mitigate it, probably not a good approach. Enough people have experienced this and made it aware to the powers that be that it's probably time to act, or at least make a really strong suggestion that personal info may have been compromised and passwords should be changed.

Hopefully the powers that be are on top of this and taking steps.

But like I said, I'm a freeloader here, so there's a pretty good argument to be made that I don't really have a dog in this fight.
 
mikewazowski

mikewazowski

Forums Manager/Global DB Admin
Staff member
Forums Manager
Joined
Jun 26, 2001
Messages
13,510
Location
Oot and Aboot
captainmax1 said:
I got a few of these reset emails yesterday. I always ignore these type of emails.
Click to expand...


Best advice.

If anyone looks at the password reset process, they'll soon realize that email addresses have not been compromised, the reset emails are coming from RR so headers are meaningless and a captcha won't work since it's a disgruntled ex-RR member manually inputting usernames in.

I filter the reset emails directly into my Trash folder and if I ever did need to reset my password, I know where to find the email.
 
Citywide173

Citywide173

Member
Premium Subscriber
Joined
Feb 18, 2005
Messages
2,151
Location
Attleboro, MA
mmckenna said:
Either way, someone managed to get enough information to tie our RR.com user names to an e-mail address and send out an e-mail to all of us that looks like it's coming from RR on the surface. Most don't know to read into the headers, do IP lookups, etc. to see where stuff is coming from.

Knowing there is a security risk and failing to take steps to mitigate it, probably not a good approach. Enough people have experienced this and made it aware to the powers that be that it's probably time to act, or at least make a really strong suggestion that personal info may have been compromised and passwords should be changed.
Click to expand...

I don't believe there is a security risk. I think MikeOxlong hit it right on the head

MikeOxlong said:
If anyone looks at the password reset process, they'll soon realize that email addresses have not been compromised, the reset emails are coming from RR so headers are meaningless and a captcha won't work since it's a disgruntled ex-RR member manually inputting usernames in.
Click to expand...

The reset emails are coming from RR. Someone, who is probably pissed about their new "Banned for the greater good" title is trying a brute force attempt to either get lucky and gain access or to cause aggravation to as many users as possible. I haven't seen the email, but it probably contains some direction if you didn't initiate the recovery, most likely that you have to do nothing.

I'm not familiar enough with vBulletin to say for sure, but there may be tools available to find out what IP addresses the reset requests are coming from, and that could be cross referenced to determine who is conducting the attack.
 
Status
Not open for further replies.

Similar threads

n1moy
SDS100/SDS200: sds200, microSD, maintenance, tidy, ftp, Linux
Replies
18
Views
1K
n1moy
n1moy
C
  • Locked
ICQ xxxxxxx SELL CCV US CA FULLZ UK SSN DOB WITH DL MAIL PASS LIVE OFFICE INVOICE
Replies
1
Views
1K
KevinC
KevinC
N9NU
Member since 2007 - Cannot change my pword - asks me to login agn & won't except my pword lol
Replies
5
Views
3K
mikewazowski
mikewazowski
blantonl
RadioReference Web Host Receives DMCA Takedown Notice from Priority Dispatch Corp
2 3 4 5 6
Replies
109
Views
28K
blantonl
blantonl
Saint
  • Locked
MY Uniden Sign in problem
Replies
8
Views
1K
bobruzzo
bobruzzo
Top