Hey there! Sign in to join this conversationNew here? Join for free
x Turn on thread page Beta
    Offline

    2
    (Original post by PQ)
    Sorry but you're wrong - did you even read the quote you posted
    Apologies. Although this doesn't seem to match what john was telling me afterwards.
    Offline

    0
    ReputationRep:
    (Original post by PQ)
    Please READ what you're responding to US as in myself and daveo LOOKING AT THE HTML SOURCE CODE OF THE LOGIN PAGE....something that is available to ANYONE viewing ANY webspage with ANY browser.

    :rolleyes:
    :eek: why were you looking? and why was he sending weird pms to everyone? :confused:
    • Very Important Poster
    • PS Reviewer
    Offline

    21
    ReputationRep:
    Very Important Poster
    PS Reviewer
    (Original post by Moncal)
    You would need admincp access to see the passwords (unless they were being sent elsewhere) but you would have to have server access to put in the key logger and take it out.
    That is correct

    Daveo didn't do any of these things - he spotted the possword loggers trace in the HTML of the login page.

    The admin of *** installed the password logger and ADMITTED loggin passwords and having access to all passwords. Daveo simply spotted and exposed the password loggin on ***.
    • Very Important Poster
    • PS Reviewer
    Offline

    21
    ReputationRep:
    Very Important Poster
    PS Reviewer
    (Original post by 2 + 2 = 5)
    Apologies. Although this doesn't seem to match what john was telling me afterwards.
    given that john was logging all of the *** members passwords I'm not surprised he sanitised his story a little :rolleyes:
    Offline

    1
    ReputationRep:
    (Original post by PQ)
    That is correct

    Daveo didn't do any of these things - he spotted the possword loggers trace in the HTML of the login page.

    The admin of *** installed the password logger and ADMITTED loggin passwords and having access to all passwords. Daveo simply spotted and exposed the password loggin on ***.
    Giving out Ip's too. :eek:

    (going a little off topic here :p: )
    Offline

    2
    Looking through the HTML. You know, as you do.
    Offline

    0
    ReputationRep:
    (Original post by PQ)
    given that john was logging all of the *** members passwords I'm not surprised he sanitised his story a little :rolleyes:
    i don't get it? who cares if the admin log your password? makes it easier to find out if you forget it - just ask an admin person
    Offline

    0
    ReputationRep:
    (Original post by 2 + 2 = 5)
    Looking through the HTML. You know, as you do.
    innit :cool: :rolleyes:
    • Very Important Poster
    • PS Reviewer
    Offline

    21
    ReputationRep:
    Very Important Poster
    PS Reviewer
    (Original post by TK)
    :eek: why were you looking? and why was he sending weird pms to everyone? :confused:
    Because TSR members had had their TSR accounts hacked by people who could only have gotten into their accounts through accessing their password for TSR or their TSR email accounts.

    We suspected that the people involved had been using a single password on all forums/accounts and that someone might have logged it somehow - turned out we were right.
    Offline

    2
    (Original post by PQ)
    given that john was logging all of the *** members passwords I'm not surprised he sanitised his story a little :rolleyes:
    Yes, to find passwords being used by Daz only. And it was uninstalled once that was done.
    Offline

    2
    ReputationRep:
    (Original post by PQ)
    given that john was logging all of the *** members passwords I'm not surprised he sanitised his story a little :rolleyes:
    only people who signed in, not anyone who was being remembered
    Offline

    2
    ReputationRep:
    (Original post by 2 + 2 = 5)
    Looking through the HTML. You know, as you do.
    That's what I thought, hmmm...

    This is great though - Agatha Christie for geeks :cool:
    Offline

    1
    ReputationRep:
    (Original post by PQ)
    Because TSR members had had their TSR accounts hacked by people who could only have gotten into their accounts through accessing their password for TSR or their TSR email accounts.

    We suspected that the people involved had been using a single password on all forums/accounts and that someone might have logged it somehow - turned out we were right.
    How long was it on there for?

    Is that why A reset the p/w agggggggggggggggggggeeeeeeeeeeee eeeessss ago? :confused:
    Offline

    0
    ReputationRep:
    (Original post by PQ)
    Because TSR members had had their TSR accounts hacked by people who could only have gotten into their accounts through accessing their password for TSR or their TSR email accounts.

    We suspected that the people involved had been using a single password on all forums/accounts and that someone might have logged it somehow - turned out we were right.
    so did you find out there was someone from C+B admin hacking people's accounts on here. Or does the html thingamebob actually allow EVERYONE to see passwords or does it just show that admin can see passwords and if so are you saying that C+B admin hacked TSR accounts? :eek:
    • Very Important Poster
    • PS Reviewer
    Offline

    21
    ReputationRep:
    Very Important Poster
    PS Reviewer
    (Original post by 2 + 2 = 5)
    Yes, to find passwords being used by Daz only. And it was uninstalled once that was done.
    Funny - I thought it was uninstalled once daveo started letting the membership know that it was taking place (as it said in the quote you posted) - not "once that was done".

    :rolleyes:

    Please stop **** stirring and bending the truth. If Daveo was a member and not a mod all of these unfounded accusations would have been removed a few pages back and you would have recieved a pretty hefty warning:mad:
    • Very Important Poster
    • PS Reviewer
    Offline

    21
    ReputationRep:
    Very Important Poster
    PS Reviewer
    (Original post by Bezza)
    only people who signed in, not anyone who was being remembered
    This was around the time *** was renamed - with the new url everyone was forced to sign in again
    Offline

    0
    ReputationRep:
    (Original post by PQ)
    Please stop **** stirring and bending the truth. If Daveo was a member and not a mod all of these unfounded accusations would have been removed a few pages back and you would have recieved a pretty hefty warning:mad:
    Thats a little rich.
    Offline

    1
    ReputationRep:
    Code:
    <!-- Welcome / Login Block -->
    
    	<script src="http://www.************.com/forum/clientscript/vbulletin_md5.js" type="text/javascript"></script>
    	<form action="http://www.************.com/forum/login.php" method="post" onsubmit="md5hash(vb_login_password,vb_login_md5password)">
    	<input name="vb_login_md5password" type="hidden" />
    	<input name="s" type="hidden" value="" />
    	<input name="do" type="hidden" value="login" />
    
    
    
    
    			
    <table align="center" border="0" cellpadding="6" cellspacing="1" class="tborder" width="100%">
    	<tr>
    		<td class="tcat"><span class="smallfont"><strong>&raquo; Log in</strong></span></td>
    	</tr>
    	<tr>
    		<td class="alt1">
    			
    				<table width="100%">
    					<tr>
    						<td>
    							<span class="smallfont"><b>User Name:<br />
    							<input class="bginput" name="vb_login_username" size="12" type="text" /><br />
    							Password:</b></span><br />
    							<input class="bginput" name="vb_login_password" size="12" type="password" /><br />
    							<input checked="checked" class="bginput" name="cookieuser" id="cb_cookieuser" type="checkbox" value="1" /><span class="smallfont">Remember Me?</span>
    						</td>
    					</tr>
    					<tr>
    						<td><input class="button" type="submit" value="Log in" /></td>
    					</tr>
    					<tr>
    						<td><span class="smallfont">Not a member yet?<br />
    <a href="http://www.************.com/forum/register.php">Register Now!</a></span></td>
    					</tr>
    				</table>
    			
    		</td>
    	</tr>
    </table>
    
    <br />
    
    
    	</form>
    
    <!-- End Welcome / Login Block -->
    Code:
    <!-- login form -->
    		<form action="login.php" method="post" onsubmit="md5hash(vb_login_password,vb_login_md5password,vb_login_md5password_utf)">
    		<script type="text/javascript" src="clientscript/vbulletin_md5.js"></script>
    		<table cellpadding="0" cellspacing="3" border="0">
    		<tr>
    			<td class="smallfont">User Name</td>
    			<td><input type="text" class="button" name="vb_login_username" id="navbar_username" size="10" accesskey="u" tabindex="1" value="User Name" onfocus="if (this.value == 'User Name') this.value = '';" /></td>
    			<td class="smallfont" colspan="2" nowrap="nowrap"><label for="cb_cookieuser_navbar"><input type="checkbox" name="cookieuser" value="1" tabindex="3" id="cb_cookieuser_navbar" accesskey="c" checked="checked" />Remember Me?</label></td>
    		</tr>
    		<tr>
    			<td class="smallfont">Password</td>
    			<td><input type="password" class="button" name="vb_login_password" size="10" accesskey="p" tabindex="2" /></td>
    			<td><input type="submit" class="button" value="Log in" tabindex="4" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profile for yourself." accesskey="s" /></td>
    		</tr>
    		</table>
    		<input type="hidden" name="s" value="1ff26377ab549628f0d5f98dda9e1857" />
    		<input type="hidden" name="do" value="login" />
    		<input type="hidden" name="forceredirect" value="1" />			
    		<input type="hidden" name="vb_login_md5password" />
    		<input type="hidden" name="vb_login_md5password_utf" />
    		</form>
    		<!-- / login form -->
    I'm not really into html all that much, but I don't see any logging.
    Offline

    0
    ReputationRep:
    (Original post by PQ)
    Funny - I thought it was uninstalled once daveo started letting the membership know that it was taking place (as it said in the quote you posted) - not "once that was done".

    :rolleyes:

    Please stop **** stirring and bending the truth. If Daveo was a member and not a mod all of these unfounded accusations would have been removed a few pages back and you would have recieved a pretty hefty warning:mad:
    Daveo's modding is a tad dodge though to be fair.
    Offline

    2
    (Original post by PQ)
    Funny - I thought it was uninstalled once daveo started letting the membership know that it was taking place (as it said in the quote you posted) - not "once that was done".

    :rolleyes:

    Please stop **** stirring and bending the truth. If Daveo was a member and not a mod all of these unfounded accusations would have been removed a few pages back and you would have recieved a pretty hefty warning:mad:
    Just saying. There seem to be a numer of coincidences, parallels between the two. And I never presented it as fact. Just put it there so that members could research the facts themselves, and come to their own conclusions.

    ****-stirring and bending the truth? Like you were just doing with john? Well, like you said, let it rest.
 
 
 
Turn on thread page Beta
TSR Support Team

We have a brilliant team of more than 60 Support Team members looking after discussions on The Student Room, helping to make it a fun, safe and useful place to hang out.

Updated: June 20, 2005
Poll
Are you going to a festival?
Useful resources

The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

Write a reply...
Reply
Hide
Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.