Password reset notifications

[UPMan]

Putin?

 

[blantonl]

I'm going to go ahead and disable password resets for each of your accounts....

 

[INDY72]

Just got a PW reset request notification myself,.. So add me to that list.

 

[W8SQY]

Add me to the list. I just got two.
Sending IP 174.220.13.236 is NJ ?

 

[bgav]

Add me to the list. I just got two.
Sending IP 174.220.13.236 is NJ ?

IP Address Locator - Where is this IP Address?

Catskill, NY

 

[mmckenna]

I got two at 4:01pm Pacific time today.

Request IP Address: 50.7.87.195

 

[N9PBD]

I got two at 4:01pm Pacific time today.

Request IP Address: 50.7.87.195

That shows out of Los Angeles.

 

[fxdscon]

That shows out of Los Angeles.

Other lookup sites show it as Independence, Kansas:

https://whatismyipaddress.com/ip/50.7.87.195

Others show it as Frankfurt, Germany

.

 

[LS101]

Got 5 today

Request IP Address: 174.220.13.236

 

[slicerwizard]

I'm going to go ahead and disable password resets for each of your accounts....

Damn, gotta clean this screen. For a sec there, it looked like blantoni had risen from the dead.

 

[slicerwizard]

Aaaaand I immediately get six of these:


To: slicerwizard
Subject: RadioReference.com Password Reset Request



Dear slicerwizard

You requested a password reset for your account with username: slicerwizard

Please visit the following link to change your password for your account:

[URL="https://www.radioreference.com/apps/account/[/URL]

Sincerely,

The RadioReference.com Admin Team

NOTE: If you did not make this request you can safely disregard this message.

if the link above does not work, paste this direct link in your browser:

https://www.radioreference.com/apps/account/?action=doPw&u=slicerwizard&c=01767e64

Request IP Address: 209.95.60.138

 

[poltergeisty]

Might I suggest the best script in the whole world CIDRAM? :lol: I use it myself and it's been great. I don't know why there are password resets happening, but I can only guess it's a bot doing it.

Perhaps a Recaptcha should be used on the password reset link page.

And this forum software is quite old. But please don't go Xenforo. I hate that platform. It's like built for millennials who like trophies and likes.

E-mails like these might actually make the RR E-mail get blacklisted I suppose.

 

[poltergeisty]

Putin?

https://www.youtube.com/watch?v=y3z841UJiVk

 

[rbrtklamp2]

Got 5 today

Request IP Address: 174.220.13.236

I got one yesterday from the same IP address. I disregarded it and came to the site it self to update my password. Figured I may as well just as a safeguard but why the hell would they want our RR info.?

Sent from my SM-N910V using Tapatalk

 

[poltergeisty]

They are not after your RR Info. It sounds like someone is running a bot and triggering the password reset link on your account. If the email is not coming from RR that of course is something completely different altogether. Which would be of the phishing realm.

Always have to be mindful of the emails one gets. If it looks suspicious then don't trust it.

The IP address of 174.220.13.236 is from Verizon wireless out of NY.

The IP address of 50.7.87.195 is from a host called FDCServers.net out of Kansas.

Note how the email says, "if you did not make this request you can safely disregard this message." Which would be wise to do.


I wonder if it would be a good idea for people to post the full email headers to narrow down the culprit. Maybe this has been rectified already though.

 

[captainmax1]

I got a few of these reset emails yesterday. I always ignore these type of emails.

 

[mmckenna]

Perhaps a Recaptcha should be used on the password reset link page.

And this forum software is quite old. But please don't go Xenforo. I hate that platform. It's like built for millennials who like trophies and likes.

E-mails like these might actually make the RR E-mail get blacklisted I suppose.

I think this is a good point.

I'm not paying for a subscription, so I don't count, leave me out of this…

But, for those that are paying for service, I'd expect this site to take some steps if there is some risky stuff going on. Knowing it's happening, but not making an effort to secure it gets a little on the grey side of things. If I was running a site that took money in exchange for a service, I'd probably be getting a tad bit nervous. I'd probably be taking some steps to at address the risk. Like you said, a "captcha" function on the password reset page.

Either way, someone managed to get enough information to tie our RR.com user names to an e-mail address and send out an e-mail to all of us that looks like it's coming from RR on the surface. Most don't know to read into the headers, do IP lookups, etc. to see where stuff is coming from.

Knowing there is a security risk and failing to take steps to mitigate it, probably not a good approach. Enough people have experienced this and made it aware to the powers that be that it's probably time to act, or at least make a really strong suggestion that personal info may have been compromised and passwords should be changed.

Hopefully the powers that be are on top of this and taking steps.

But like I said, I'm a freeloader here, so there's a pretty good argument to be made that I don't really have a dog in this fight.

 

[mikewazowski]

I got a few of these reset emails yesterday. I always ignore these type of emails.

Best advice.

If anyone looks at the password reset process, they'll soon realize that email addresses have not been compromised, the reset emails are coming from RR so headers are meaningless and a captcha won't work since it's a disgruntled ex-RR member manually inputting usernames in.

I filter the reset emails directly into my Trash folder and if I ever did need to reset my password, I know where to find the email.

 

[u2brent]

Got 2 yesterday..

Add me to that list Lindsay.

Thanks,

IP Address 50.7.87.195 also

 

[Citywide173]

Either way, someone managed to get enough information to tie our RR.com user names to an e-mail address and send out an e-mail to all of us that looks like it's coming from RR on the surface. Most don't know to read into the headers, do IP lookups, etc. to see where stuff is coming from.

Knowing there is a security risk and failing to take steps to mitigate it, probably not a good approach. Enough people have experienced this and made it aware to the powers that be that it's probably time to act, or at least make a really strong suggestion that personal info may have been compromised and passwords should be changed.

I don't believe there is a security risk. I think MikeOxlong hit it right on the head

If anyone looks at the password reset process, they'll soon realize that email addresses have not been compromised, the reset emails are coming from RR so headers are meaningless and a captcha won't work since it's a disgruntled ex-RR member manually inputting usernames in.

The reset emails are coming from RR. Someone, who is probably pissed about their new "Banned for the greater good" title is trying a brute force attempt to either get lucky and gain access or to cause aggravation to as many users as possible. I haven't seen the email, but it probably contains some direction if you didn't initiate the recovery, most likely that you have to do nothing.

I'm not familiar enough with vBulletin to say for sure, but there may be tools available to find out what IP addresses the reset requests are coming from, and that could be cross referenced to determine who is conducting the attack.