Jump to content
groovyPost Forums

Invalid automatic login


Recommended Posts

A portion of a website I access is controlled by a username & PW. Recently I found myself automatically logged in under a username that was not mine. I am concerned this is a security risk, however am uncertain what steps to take to resolve. Rebooting did not resolve the problem.

Link to comment
Share on other sites

Difficult to answer not knowing what type of website it is. Made by you with Dreamweaver, a Joomla 1.5, 2.5 or 3.0, Wordpress etc.?

I know that Joomla 1.5 websites, because they have stopped supporting them, have been vunerable to being hacked. Check with FTP to see if there is a "Hacked.php" file in the root. That is the hacker saying how clever he is! Don't bother to delete it rather change it to ....old and upload another harmless and uselss file called hacked.php. That does not really help but says to the hacker, "Hi!" :-)

A bit more information and perhaps someone will help more. I'm no expert but my J 1.5 website was hacked and they added several users.

Link to comment
Share on other sites

It certainly could be a hacked website but in my experience, when people have this problem it's always been caused by someone else using the same computer to log into a website and clicking the option to “remember me” or “automatically log me in”.

This stores a cookie in the browser which means each time the website is visited from that computer using the same browser their account will be automatically logged in.

It’s a security risk for the other person because anyone else using the computer has access to their account. The risk to you is that you may inadvertently enter some of your personal data onto their account which they could then view next time they access it.

Rebooting the computer wont stop this.

There should be an option to log the person off from the website, this will stop them being logged in next time you or they visit the website.

This will not stop them from clicking "remember me" in future so you can also set the browser to delete all cookies on exit. This means that if they do the same thing again it won’t matter because the information will be automatically deleted when the browser is closed.

If you are aware of someone else using your computer it would be a good idea to set up a separate user account for them. If you are unaware then I would change my password to something stronger.

If it’s a shared computer such as at work then log the other person off and make them aware of what they are doing if you can find out who it is.

Link to comment
Share on other sites

It's not impossible for the website to actually have a BUG where you are given the same security token or cookie of a previous user. I've actually seen this happen on a few websites and it obviously caused a lot of privacy issues.

What I would do (in this order) is.

  1. Scan your PC with a quality Anti-Virus/Malware Tools
  2. Clear all your cookies and delete all history
  3. Email the website letting them know what happened. If it's a bug, they probably are getting emails from other users also so the more data they can get the better
  4. Keep reading groovyPost.com for more tips and tricks on security and privacy! ;)

Here's a good link to blow away browser cache and cookies etc....

http://www.groovypost.com/news/ccleaner-updated-support-windows-8-opera/

Really can't beat CCLeaner... it's free also.

Link to comment
Share on other sites

It's not impossible for the website to actually have a BUG where you are given the same security token or cookie of a previous user. I've actually seen this happen on a few websites and it obviously caused a lot of privacy issues.

What I would do (in this order) is.

  1. Scan your PC with a quality Anti-Virus/Malware Tools
  2. Clear all your cookies and delete all history
  3. Email the website letting them know what happened. If it's a bug, they probably are getting emails from other users also so the more data they can get the better
  4. Keep reading groovyPost.com for more tips and tricks on security and privacy! ;)

Here's a good link to blow away browser cache and cookies etc....

http://www.groovypost.com/news/ccleaner-updated-support-windows-8-opera/

Really can't beat CCLeaner... it's free also.

 

thanks Steve. I ran a quick-scan; I think that cleared the cookies. my virus software does regular scans. I e-mailed the website & the response was that it was a cache problem they were aware of.

Link to comment
Share on other sites

Difficult to answer not knowing what type of website it is. Made by you with Dreamweaver, a Joomla 1.5, 2.5 or 3.0, Wordpress etc.?

I know that Joomla 1.5 websites, because they have stopped supporting them, have been vunerable to being hacked. Check with FTP to see if there is a "Hacked.php" file in the root. That is the hacker saying how clever he is! Don't bother to delete it rather change it to ....old and upload another harmless and uselss file called hacked.php. That does not really help but says to the hacker, "Hi!" :-)

A bit more information and perhaps someone will help more. I'm no expert but my J 1.5 website was hacked and they added several users.

 

outside website, not one I created.

Link to comment
Share on other sites

It certainly could be a hacked website but in my experience, when people have this problem it's always been caused by someone else using the same computer to log into a website and clicking the option to “remember me” or “automatically log me in”.

This stores a cookie in the browser which means each time the website is visited from that computer using the same browser their account will be automatically logged in.

It’s a security risk for the other person because anyone else using the computer has access to their account. The risk to you is that you may inadvertently enter some of your personal data onto their account which they could then view next time they access it.

 

Rebooting the computer wont stop this.

 

There should be an option to log the person off from the website, this will stop them being logged in next time you or they visit the website.

This will not stop them from clicking "remember me" in future so you can also set the browser to delete all cookies on exit. This means that if they do the same thing again it won’t matter because the information will be automatically deleted when the browser is closed.

If you are aware of someone else using your computer it would be a good idea to set up a separate user account for them. If you are unaware then I would change my password to something stronger.

If it’s a shared computer such as at work then log the other person off and make them aware of what they are doing if you can find out who it is.

 

personal computer not used by any other individuals. The user ID/pw is paid access to additional information on the website; i.e., listening to or watching audio or video files.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...