Jump to content

Password recovery form


Recommended Posts

Today I received an unsolicited password recovery email for my account, with a suspicious recovering IP address. I headed over to the Invision Power Services company forums to browse around and discovered that some administrators have been reporting that their boards have been exploited with what appears to be the password recovery form URL, according to their server access logs.

I checked YC's access logs and they revealed that the suspicious IP arrived, registered an account (which I have now deleted), looked at my profile, logged out, then went to the password recovery form. I didn't like the look of that.

As a precaution, I've now disabled the password recovery form altogether. If you need to recover the password for your account, you will need to create a second account and use that to PM an administrator asking them to reset the password on your original account. Things will stay this way at least until the matter is resolved.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...