login about faq

A portion of a website I access is controlled by a username & PW. Recently I found myself automatically logged in under a username that was not mine. I am concerned this is a security risk, however am uncertain what steps to take to resolve. Rebooting did not resolve the problem.

asked Apr 19 '13 at 23:32

technote's gravatar image

technote
1112


It certainly could be a hacked website but in my experience, when people have this problem it's always been caused by someone else using the same computer to log into a website and clicking the option to “remember me” or “automatically log me in”.

This stores a cookie in the browser which means each time the website is visited from that computer using the same browser their account will be automatically logged in.

It’s a security risk for the other person because anyone else using the computer has access to their account. The risk to you is that you may inadvertently enter some of your personal data onto their account which they could then view next time they access it.

Rebooting the computer wont stop this.

There should be an option to log the person off from the website, this will stop them being logged in next time you or they visit the website.

This will not stop them from clicking "remember me" in future so you can also set the browser to delete all cookies on exit. This means that if they do the same thing again it won’t matter because the information will be automatically deleted when the browser is closed.

If you are aware of someone else using your computer it would be a good idea to set up a separate user account for them. If you are unaware then I would change my password to something stronger.

If it’s a shared computer such as at work then log the other person off and make them aware of what they are doing if you can find out who it is.

link

answered Apr 22 '13 at 11:13

Simon%20H's gravatar image

Simon H
5.0k62683

edited Apr 22 '13 at 12:04

personal computer not used by any other individuals. The user ID/pw is paid access to additional information on the website; i.e., listening to or watching audio or video files.

(Apr 26 '13 at 21:11) technote technote's gravatar image

It's not impossible for the website to actually have a BUG where you are given the same security token or cookie of a previous user. I've actually seen this happen on a few websites and it obviously caused a lot of privacy issues.

What I would do (in this order) is.

  1. Scan your PC with a quality Anti-Virus/Malware Tools
  2. Clear all your cookies and delete all history
  3. Email the website letting them know what happened. If it's a bug, they probably are getting emails from other users also so the more data they can get the better
  4. Keep reading groovyPost.com for more tips and tricks on security and privacy! ;)

Here's a good link to blow away browser cache and cookies etc....

http://www.groovypost.com/news/ccleaner-updated-support-windows-8-opera/

Really can't beat CCLeaner... it's free also.

link

answered Apr 26 '13 at 13:28

Steve's gravatar image

Steve
2.3k163055

thanks Steve. I ran a quick-scan; I think that cleared the cookies. my virus software does regular scans. I e-mailed the website & the response was that it was a cache problem they were aware of.

(Apr 26 '13 at 21:07) technote technote's gravatar image

Difficult to answer not knowing what type of website it is. Made by you with Dreamweaver, a Joomla 1.5, 2.5 or 3.0, Wordpress etc.?

I know that Joomla 1.5 websites, because they have stopped supporting them, have been vunerable to being hacked. Check with FTP to see if there is a "Hacked.php" file in the root. That is the hacker saying how clever he is! Don't bother to delete it rather change it to ....old and upload another harmless and uselss file called hacked.php. That does not really help but says to the hacker, "Hi!" :-)

A bit more information and perhaps someone will help more. I'm no expert but my J 1.5 website was hacked and they added several users.

link

answered Apr 20 '13 at 04:46

AitchB's gravatar image

AitchB
2656812

outside website, not one I created.

(Apr 26 '13 at 21:08) technote technote's gravatar image

Can we have the URL address of the website?

Your ID and PW are not needed :-)

link

answered Apr 27 '13 at 05:12

AitchB's gravatar image

AitchB
2656812

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:
    [text](http://url.com/ "title")
  • image:
    ![alt text](/path/img.jpg "title")
  • numbered list:
    1. Foo
    2. Bar
  • Code:
    • Within a paragraph:
      `code`
      surround code with grave accents (backticks)
    • Code snippet:
      Select the text and use the button on the icon of zeros and ones
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×14
×3

Asked: Apr 19 '13 at 23:32

Seen: 1,258 times

Last updated: Apr 27 '13 at 05:12

groovyAnswers © 2007 - 2011 All Rights Reserved | Privacy | Contact