Greetings,

Today I received two email from webmaster@wilders.org informing me of my username and password - only this was not my actual password, and the passwords in both emails were different. What's going on - I didn't ask for these so has somebody masqueraded as me or are Wilders reseting lots of passwords ???

Regards.

PitBull.

Please forward the two emails to me, with the full headers intact, at the email address in my profile (http://www.wilderssecurity.com/index.php?board=10;action=viewprofile;user=LowWaterMark), and I'll take a look at what's what. (We aren't changing people's passwords, so I think it's something else.)

Thanks.

Pitbull,

Please forward the emails in question to me as well - full headers included: webmaster@wilders.org

Thanks in advance,

regards.

paul

Both emails + headers have been forwarded tonight - thanks for taking a look.

Regards.

PitBull.

Paul & LowWaterMark,

Any feedback on this ???

Regards.

PitBull.

PitBull,

Due to som urgent matters, it hasn't come to digging into this. Be assured you will be informed!

regards,

paul

{QUOTE-> quoting: Paul Wilders link=board=11;threadid=14706;start=0#msg98023 date=1067771277]
PitBull,

Due to som urgent matters, it hasn't come to digging into this. Be assured you will be informed!

regards,

paul
<-QUOTE}
Your message is over a month old.
I'd hate to think you're deliberately stalling on this, but then, I don't know squat about security businesses.

New Raider,

{QUOTE-> Your message is over a month old.
I'd hate to think you're deliberately stalling on this, but then, I don't know squat about security businesses. <-QUOTE}

Thanks for the heads up, and the personal info. The person involved will be informed.

regards.

paul

PitBull, if it makes you feel any better, during the "ready for the" holiday season, fake E-mails like this happen all the time.
I have gotten a few, and just threw them out like it says to do.
The only trouble is, it was my IP in the message, but I didn't ask for it.
This is a harmful bot that puts the blame on the user.
The IP is generated automatically when it goes through your mailbox.
No administrator or Webmaster could have seen this IP.
It is only displayed on your computer.
Once you've reactivated your account with the fake activation key, and the first time you input your password, someone else has control over your account, which is traceable to your ISP.

Reactivate your account frequently to generate new passwords.

BBs and message boards, would like to think they are nice and secure, and a "user ID", code number, and activation key, in addition to your password, is a nice start, but just to be sure, there should be a waiting period of up to 24 hours for your ID and code to be verified.
The next day, you will get a follow up mail after the initial code input before reactivation.
This validates the user, but what validates the sender?
Your IP the administrator logs when you register doesn't do it.