Replying to Did My Account Get Hacked Into?

ive never used a password manager for anything. i would rather just type in a password my self than letting a program do it for me especially since my computer is shared with the rest of my family.

I haven't ever heard of the issues with the firefox password manager vulnerabilities...

I'll have to look into those, in any event the password manager hasn't caused any issues for me so far...

Also I have had trouble with Opera's password manager thing, it just isn't as easy to use as firefox's is for me....Anybody else experience that?

In any event, even when you do use random passwords, if you use them enough you'll remember them... I can have a password like af3h2ls and within a couple of days of using it a couple times a day you'll remember it easily... (and no that is not a password i use for anything, so you don't have to go trying it on my account, as I would never give out a password i use for anything)

hmmm... my astahost forum account is found in a dictionary im pretty sure but i cant count on my cpanel password being found in a dictionary.
i do have one password i only use for one site because i dont want to get hacked, it would NEVER be in a dictionary since i made it up and its the most secure password ive ever had, lol

I do not know... but OpaQue tells me that most of accounts, I had to reset their passwords, were compromised by FTP brute force method. And once passwords were found the perpetrator then accessed those cpanels and started to use up their disk spaces.

I noticed that when I went into each account and saw the last IP to log from 222.252.*.* (the last two values were not consistent). I'm wondering if you noticed out of ordinary IP as the last logged when you finally got into your cpanel...?

Acutally, there is a vulnerability with Firefox/Flock's password manager. Search Secunia for details, I found this: http://secunia.com/advisories/23046/.

I use Opera's wand, Internet Explorer autocomplete and I don't know if Safari has one or not, but I still use Firefox Password Manager regardless of the vulnerability. Do you think that this has something to do with this situation?

FirefoxRocks,

Was your original password found in a dictionary? In another words, was it not combined with numbers and symbols?

If your original password was a combination of words found in a dictionary, please read http://www.trap17.co...showtopic=51761

And for the rest of AstaHost members, start changing your passwords as I explained in above topic ASAP!!

Maybe this link should be posted in the announcements section?

Anyway, something I suggest that people do is use a random password generator to get your passwords, that way you'll have a nice secure password that you can use (and if you use firefox you don't really have to worry about remembering your password, because you can simply use the password manager, of course other browsers such as opera and IE provide this as well, but I tend to find firefox's works the best)

Also, a good random password generator can be found here: http://www.pctools.c...uides/password/

Another thing I would recommend to people is not to use the same password for anything...use a different one for every single website that you use, as it'll greatly decrease the chance of something getting hacked into, or if something does, it'll decrease the chances that they'll get into your other stuff as well.

My password was not a dictionary word. It was sufficiently long at 9-10 characters and had a symbol in it. There weren't any numbers and none of those ALT+numpad things. Case-sensitivity was used to the advantage that I inserted capital letters into it.

So it wasn't wasy to guess.

I think I'm safe. My password fits those criteria. Single word or word and one number passwords are dangerous. I think there's a topic somewhere about making secure passwords.

FirefoxRocks,

Was your original password found in a dictionary? In another words, was it not combined with numbers and symbols?

If your original password was a combination of words found in a dictionary, please read http://www.trap17.co...showtopic=51761

And for the rest of AstaHost members, start changing your passwords as I explained in above topic ASAP!!

The thing is, my website was ACCESSIBLE when cPanel and FTP were down. No files were renamed/changed except for the newer uploaded directory. Also, I wasn't using any content management systems on my website, I was going to install phpBB2 but I didn't get around to uploading that yet.

And the site is pretty active, at least a few members visit it everyday. I regularly check on it also, so I don't see a problem with activity levels.