Navigation
Archive / On Monday I Privately posted a THEMECO username
This is archived content. Visit our new forum.

Tagged: 

  • Author
    Posts
  • May 12, 2016 at 5:45 pm #988647
    Fairbanking
    Participant

    To assist you with diagnosing a problem I was experiencing with Fairbanking.org.uk

    80 minutes ago I was notified that THEMECO had logged in from Pula Croatia, and recent images appear to have been deleted.

    As the password I included was generated by WP I think it unlikely to have been hacked, therefore it must have either been harvested from my Mac or leaked from your forum.

    I have deleted all other users and changed the 2 passwords.

    Any suggestions as to how this happened, or more importantly how I can avoid it occurring again?

    Best regards

    May 12, 2016 at 9:04 pm #988958
    John Ezra
    Member

    Hi there,

    Thanks for writing in and we apologize for this experience. However, our staff do not log into sites and make changes. We look into issues and give instructions as things could go wrong when making changes. And since we only have limited access, we have no way to revert changes – this is why we always give the instructions to users on what to do. As they will always have full access to their sites in case something goes wrong.

    The only possible ways it could have been taken from our forum is if the credentials were shared publicly, i.e. the user did not use a private reply to send the info to us.

    In the event that this happens, though, our team immediately turns the thread private (meaning it will only be visible to the user that created it and to us and advise the user to change the provided credentials. We do not log in using those provided credentials until the new ones are given. This is for security purposes on both sides.

    We also ask for login credentials of users in each thread when we need it. It is best to change or delete access provided to use once the issue has been resolved and create a new one for new issues.

    You don’t have that many threads or replies, so unless you publicly shared your credentials and then went back and edited it, I don’t think this is where they could have gotten it from.

    I have notified our main dev team as well so they can take any steps that may be necessary on our end to check on things. This forum is secure, the only place where info could have taken and used is if the credentials were shared publicly.

    Lastly, the only time that one of our staff would have accessed the site using the credentials provided was on March 4. The date of the last reply from our team. Our team goes trough several hundred to over a thousand posts a day, 2 months have passed. I can’t see a reason why anyone would try to login from our end a few hours ago.

    This is definitely something to look into and look out for. If you find any more info please do let us know as well. While the forum is secure, it wouldn’t hurt to learn more of possible causes.

    Thanks and hope this helps.

    May 13, 2016 at 5:14 am #989460
    Joao
    Moderator

    Hi Benjamin,

    I am from Zagreb / Croatia (250km from Pula) and I logged in on your website yesterday.

    I have not accessed your media library or anything similar.

    I logged in and clicked edit page with Cornerstone with Firefox and Chrome as described on this thread.

    I did not do any changes, created pages or saved any changes at your website.

    https://community.theme.co/forums/topic/cornerstone-will-only-load-in-skeleton-mode-2/

    I am writing you so you donĀ“t get worried about your website being hacked.

    Please check if you can find your images at your media library.

    If you have any questions,

    Please let me know.

    Joao

  • Author
    Posts
  • <script> jQuery(function($){ $("#no-reply-988647 .bbp-template-notice, .bbp-no-topic .bbp-template-notice").removeClass('bbp-template-notice'); }); </script>