Author Topic: the bloxcity predicament - gamefandan's & darkhawk accounts compromised?? (Read 50195 times)

EcstaticEggplant · April 16, 2016, 10:39:29 AM

Quote from: Gytyyhgfffff on April 16, 2016, 09:52:38 AM

ok so visolator and i just tested something and you can hijack session ids and steal accounts with them. if this guy is stealing session ids, i suggest you all log off and log back in every 5 minutes or so that they won't have a chance to do a lot of damage to your account if they somehow get your session ids

then how did they hijack accounts that had been inactive for years?

Ad Bot · Advertisement

Trymos · April 16, 2016, 10:40:30 AM

Quote from: EcstaticEggplant on April 16, 2016, 10:39:29 AM

then how did they hijack accounts that had been inactive for years?

miga had been lurking in the past week or so.

so not really inactive. any other "inactive" accounts?

c · April 16, 2016, 10:40:45 AM

Quote from: EcstaticEggplant on April 16, 2016, 10:39:29 AM

then how did they hijack accounts that had been inactive for years?

if you have remember my password checked you might still have a session id?

Otis Da HousKat · April 16, 2016, 10:40:50 AM

Quote from: EcstaticEggplant on April 16, 2016, 10:39:29 AM

then how did they hijack accounts that had been inactive for years?

When you click the stayed logged in forever button it generates a session ID cookie that is valid for like 6 years.

Gytyyhgfffff · April 16, 2016, 10:41:33 AM

smf exploit
i swear it's some form of smf exploit that's going around and i don't know how to counter that so i just regurgitated the standard "if you got hijacked do this" advice

Gytyyhgfffff · April 16, 2016, 10:42:26 AM

Quote from: Otis Da HousKat on April 16, 2016, 10:40:50 AM

When you click the stayed logged in forever button it generates a session ID cookie that is valid for like 6 years.

this too my session id right now is valid until 2022

Col. Burton · April 16, 2016, 10:42:53 AM

Can someone trace the IPs that have been posted and "do something" about them?

Mr Noobler · April 16, 2016, 10:43:21 AM

Quote from: MrLoL� on April 16, 2016, 08:55:40 AM

this guy's avatar changed, might prove he was online a few minutes/seconds ago

WaterOre · April 16, 2016, 10:43:30 AM

This whole thing better be on that blf timeline by the time it's done

Ipquarx · April 16, 2016, 10:43:40 AM

Quote from: Akio- on April 16, 2016, 12:39:15 AM

Bloxcity video made entirely out of morse code:
https://www.youtube.com/watch?v=rZJeiAsh_co

Warning: this video is pretty creepy.

the morse says "HATS HATS"
idk if its already been decoded but im not looking through 10 pages im too lazy
so uh
thats that lol

Meta_KnightX · April 16, 2016, 10:43:45 AM

Quote from: Col. Burton on April 16, 2016, 10:42:53 AM

Can someone trace the IPs that have been posted and "do something" about them?

Badspot is taking action, don't worry. He's probably collecting IPs now.

c · April 16, 2016, 10:44:46 AM

Quote from: Gytyyhgfffff on April 16, 2016, 10:42:26 AM

this too my session id right now is valid until 2022

Definitely session IDs then. Make sure your session ID cookie expires in 60mins/whenever you want and not years from now to protect your account.

EcstaticEggplant · April 16, 2016, 10:46:07 AM

Quote from: Otis Da HousKat on April 16, 2016, 10:40:50 AM

When you click the stayed logged in forever button it generates a session ID cookie that is valid for like 6 years.

owow. so if i log off and untick stay logged on, will that session ID be deleted?

Trymos · April 16, 2016, 10:47:49 AM

lets face it he isn't gonna do stuff to me

i know exactly what to do (log off) when he tries his stuff on me.

Otis Da HousKat · April 16, 2016, 10:48:35 AM

Quote from: EcstaticEggplant on April 16, 2016, 10:46:07 AM

owow. so if i log off and untick stay logged on, will that session ID be deleted?

If you log off on any device or browser you were logged into it will invalidate your session ID. When you log in again you will have a new one set to whatever timeout you selected.