A portion of a website I access is controlled by a username & PW. Recently I found myself automatically logged in under a username that was not mine. I am concerned this is a security risk, however am uncertain what steps to take to resolve. Rebooting did not resolve the problem.
asked Apr 19 '13 at 23:32
It certainly could be a hacked website but in my experience, when people have this problem it's always been caused by someone else using the same computer to log into a website and clicking the option to “remember me” or “automatically log me in”.
This stores a cookie in the browser which means each time the website is visited from that computer using the same browser their account will be automatically logged in.
It’s a security risk for the other person because anyone else using the computer has access to their account. The risk to you is that you may inadvertently enter some of your personal data onto their account which they could then view next time they access it.
Rebooting the computer wont stop this.
There should be an option to log the person off from the website, this will stop them being logged in next time you or they visit the website.
This will not stop them from clicking "remember me" in future so you can also set the browser to delete all cookies on exit. This means that if they do the same thing again it won’t matter because the information will be automatically deleted when the browser is closed.
If you are aware of someone else using your computer it would be a good idea to set up a separate user account for them. If you are unaware then I would change my password to something stronger.
If it’s a shared computer such as at work then log the other person off and make them aware of what they are doing if you can find out who it is.
It's not impossible for the website to actually have a BUG where you are given the same security token or cookie of a previous user. I've actually seen this happen on a few websites and it obviously caused a lot of privacy issues.
What I would do (in this order) is.
Here's a good link to blow away browser cache and cookies etc....
Really can't beat CCLeaner... it's free also.
answered Apr 26 '13 at 13:28
Difficult to answer not knowing what type of website it is. Made by you with Dreamweaver, a Joomla 1.5, 2.5 or 3.0, Wordpress etc.?
I know that Joomla 1.5 websites, because they have stopped supporting them, have been vunerable to being hacked. Check with FTP to see if there is a "Hacked.php" file in the root. That is the hacker saying how clever he is! Don't bother to delete it rather change it to ....old and upload another harmless and uselss file called hacked.php. That does not really help but says to the hacker, "Hi!" :-)
A bit more information and perhaps someone will help more. I'm no expert but my J 1.5 website was hacked and they added several users.
answered Apr 20 '13 at 04:46
Can we have the URL address of the website?
Your ID and PW are not needed :-)
answered Apr 27 '13 at 05:12