WTF - posting as someone else?

Message

gabtech · #1 Post by **gabtech** » Wed 14 Nov 2018, 03:20

nic007 has suddenly become gabtech?????????????????????? Posting this before logging out as gabtech and trying to login as nic007

nic007 · #2 Post by **nic007** » Wed 14 Nov 2018, 03:25

Was able to login and post as nic007. What the hell happened?

#3 Post by **Flash** » Wed 14 Nov 2018, 04:48

I don't understand. Slow down a bit and tell us exactly what happened.

nic007 · #4 Post by **nic007** » Wed 14 Nov 2018, 07:26

I never logout myself after a session so am normally logged in when I return to the forum. Today I visited the site and replied to a post, I then noticed that I was logged in as gabtech and posting under that name. Logged out and successfully logged in with my nic007 login. How did my live nic007 login status change to gabtech?

Burn_IT · #5 Post by **Burn_IT** » Wed 14 Nov 2018, 12:15

Someone used your PC???

nic007 · #6 Post by **nic007** » Wed 14 Nov 2018, 12:42

No. gabtech is a registered user of this forum who last posted on 23 September 2018 according to his profile.

quirkian2new · #7 Post by **quirkian2new** » Wed 14 Nov 2018, 14:15

i remember some of us had asked why murga linux is not https enabled.

whenever i want to post something, i usually type it in a word processor, login , copy and then paste it, and then logout.

#8 Post by **Flash** » Wed 14 Nov 2018, 15:12

That doesn't explain how nic007 got changed to gabtech. Maybe the forum software was just having a bad day.

ITSMERSH · #9 Post by **ITSMERSH** » Wed 14 Nov 2018, 16:16

Flash wrote:That doesn't explain how nic007 got changed to gabtech. Maybe the forum software was just having a bad day.

This seems to happen sequentially when Guests are in Off-Topic-Forum.

#10 Post by **rockedge** » Wed 14 Nov 2018, 17:10

Maybe the forum software was just having a bad day.

That should never be a thing with program code all of a sudden.

This seems to happen sequentially when Guests are in Off-Topic-Forum

hey ITSMERSH what do you mean? I would like to repeat this and find out in the code why this is possible. It may be a session cookie problem. Can you explain your reason for this login transfer...

ITSMERSH · #11 Post by **ITSMERSH** » Wed 14 Nov 2018, 18:34

I have watched multiple times Guests showing up in the Off-Topic-Forum when I was logged in and visiting this section (made at least two topics/posts about that issue some time ago).

Usually this section is invisible for members not being logged in (or is logged on the right saying?).

Checked right now: shows 1 Hidden (me) and 0 Guests.

I can't imagine this being be a cookie problem.

belham2 · #12 Post by **belham2** » Wed 14 Nov 2018, 19:28

I think nic007 was drinking too much whiskey, that he was dreaming and/or talking about in another thread.

Ya gotta watch that hard stuff, it kicks like a mule at a certain point

tallboy · #13 Post by **tallboy** » Wed 14 Nov 2018, 20:10

quirkian2new wrote:whenever i want to post something, i usually type it in a word processor, login , copy and then paste it, and then logout

That is a good practice, I have seen too many members in other forums, who are permanently logged in, I am sure there are some here too.

I always log in for my daily dose, and close the browser when I log out, thus deleting all cookies and history. I have also made the startup script for my Palemoon to start with:

Code: Select all

rm -r /root/.cache/moonchild*

, the same with Thunderbird. They are not automatically emptied with a setting in prefs.

nic007 · #14 Post by **nic007** » Wed 14 Nov 2018, 22:25

belham2 wrote:I think nic007 was drinking too much whiskey, that he was dreaming and/or talking about in another thread.

Ya gotta watch that hard stuff, it kicks like a mule at a certain point

Hey, watchit!!!

Burn_IT · #15 Post by **Burn_IT** » Wed 14 Nov 2018, 23:45

He was making a Wry comment????

a_salty_dogg · #16 Post by **a_salty_dogg** » Thu 15 Nov 2018, 00:51

Burn_IT wrote:He was making a Wry comment????

Took me a while to understand that comment but now I see it in Black & White and I'm not Grousing!

s243a · #17 Post by **s243a** » Thu 15 Nov 2018, 07:02

nic007 wrote:I never logout myself after a session so am normally logged in when I return to the forum. Today I visited the site and replied to a post, I then noticed that I was logged in as gabtech and posting under that name. Logged out and successfully logged in with my nic007 login. How did my live nic007 login status change to gabtech?

I don't completely understand this yet but I did find the following:

The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.

https://www.owasp.org/index.php/Session_fixation

nic007 · #18 Post by **nic007** » Thu 15 Nov 2018, 08:17

I wasn't asked to do anything as user. When I visited the forum I was magically logged in as gabtech instead of nic007

fredx181 · #19 Post by **fredx181** » Thu 15 Nov 2018, 17:39

nic007 wrote:I wasn't asked to do anything as user. When I visited the forum I was magically logged in as gabtech instead of nic007

This is really weird !!!, completely the other way around, in fact it looks like gabtech is the victim of being "hacked" (unintended, I believe you

) by you.
(if I understand well)

I wonder what gabtech thinks about it, but it looks like he/she is not around here anymore.

Fred

(old)Puppy Linux Discussion Forum

(old)Puppy Linux Discussion Forum

WTF - posting as someone else?

WTF - posting as someone else?