Someone is deleting my account on my site

Discussion in 'privacy problems' started by OptikalFibre, Nov 6, 2007.

Thread Status:
Not open for further replies.
  1. OptikalFibre

    OptikalFibre Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1
    Basically, we were four guys who developed our final year project. Out of this, two of us (me and pranav) bought a domain and put the site online. Now this 3rd guy (say, "B") comes in ans asks for username/pwd for the project. I provide him one. After a few days I find more than 10 new accounts and hence decide to put remove all but 2 of our accounts (me and the other guy who bought domain)
    (Note: When you login, you can see the password of all accounts in plaintext. So anyone who can login once can have a look at everyone's account )

    On the morning of 27th Oct, my friend Pranav tried logging through his account but couldn't so he asked me for my account. He tried mine but that didn't work either. When I accessed my site through FTP account and downloaded the MDB (MS Access DataBase) file, I was shocked to see that my password was changed and Pranav's account deleted. I informed Pranav about this and recreated his account. Took a look at the HTTP access logs and they showed that someone from hyderabad (a city here) did that. Also there was an IP from chennai (another city) that was pretty frequent during the whole time. The "B" guy was in hyderabad at that time.

    On 2nd-Nov, the file got changed again. Exactly same, my account's password changed and Pranav's deleted. I got mad and deleted all accounts from the MDB file and created a user account with random username and random password (Even I don't know the username/password). But to my amazement it changed again when I checked today. The logs show the change yesterday (5th Nov) When I checked the access logs I found 2 IPs pretty frequent - one from chennai and another from Bangalore. (the "B" guy is in bangalore currently)

    I analyzed the logs and came to know that he was logging on using the provided login box. Moreover, it looked like he got through in just one or two attempts. Can anyone explain how this could happen?
    I believe the Chennai guy is helping him out. I even found a cookie in the first line when it all started happening on 5th Nov.
    The cookie
    I know its a link to someone's account and possibly linked to a chat session but it was in the cs-cookie column. Is there any way I can find the email ID of the person to which this link belonged?

    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+Mozilla/4.0+
    (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)+;+.NET+CLR+1.1.4322;+MEGAUPLOAD+2.0
    was the user-agent string of the chennai guy in 5th Nov's log. Does "MEGAUPLOAD" hint that he provided a file through megaupload recently before he came to my site? Or does it mean he's using Alexa toolbar?
    And the user-agent string on 27th Oct for chennai guy was Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+
    Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+S.
    No MegaUpload this time. Both times, the ISP of the IP was VSNL

    Haven't analyzed the access logs for 2nd Nov yet

    If anyone needs logs I can provide.

    Thanks in advance
     
    Last edited: Nov 6, 2007
Loading...
Thread Status:
Not open for further replies.