|
extreme-dm leaking user:pass in public referer stats
<img src="http://media.sensationcontent.com/rowan/extreme-pw-leak.gif">
Never seen this before - someone has clicked through to another site from a link in my members area, and it's been recorded in that site's extreme-dm stats. Several people have jumped on that URL in the past few minutes. |
Yup. I've noticed that quite a few times in my stats as well. Pretty shitty.
|
Brutal. Looks like a bug.
|
Woud happen with any stats program
|
Quote:
|
How does well do fark boobies convert?
|
It's not the program revealing the username:password so much as it is alerting you to a compromised password.
Look at it this way, if someone accesses your site as http://yourdomain.com/ instead of http:// www.yourdomain.com and you use relative linking throughout, then their referers will always be of the form http://yourdomain.com/directory/page.html. Right? Now, keeping that in mind- the question is, when does a person access a membership area using http://username:[email protected]/members/? |
Quote:
|
fiveeyes is the only one with a clue, thats definetely a pw crack,
unless you have a bookmark script that adds them like that for your members. |
In fact, comng to think of it, go pull your referer log and find the first occurance of that usage. It'll will point back to the password site that has you hotlinked.
|
Quote:
|
I agree that it was probably a password crack that got the 'leaker' to my site, it was just unusual to see it carried through as-is... from checking my logs it looks like it's buried in quite a few other sites extreme-dm stats and has been for at least 2 weeks. My compromised account script didn't pick it up due to the URL being well hidden (for the most part), so there was hardly anyone using it until it hit the 'last 20 referers' of a site and got noticed.
|
| All times are GMT -7. The time now is 04:58 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123