Mike Posted July 18, 2006 Share Posted July 18, 2006 Today I received an unsolicited password recovery email for my account, with a suspicious recovering IP address. I headed over to the Invision Power Services company forums to browse around and discovered that some administrators have been reporting that their boards have been exploited with what appears to be the password recovery form URL, according to their server access logs. I checked YC's access logs and they revealed that the suspicious IP arrived, registered an account (which I have now deleted), looked at my profile, logged out, then went to the password recovery form. I didn't like the look of that. As a precaution, I've now disabled the password recovery form altogether. If you need to recover the password for your account, you will need to create a second account and use that to PM an administrator asking them to reset the password on your original account. Things will stay this way at least until the matter is resolved. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.