Please take everything in this thread with a grain of salt because I'm not 100% sure on everything.
Also please note that this guide was made before https was implemented so this may be completely outdated and useless. I also had no idea if it worked in the first place.Want to make sure you don't get hijacked? Me too. From what I can tell, the hijacker is using Session ID cookies to get into old users accounts. This is a security flaw with the "Always stay logged in" Check button on the login screen. When you check it, it leaves a session cookie that remains for
six years. That is how the hijacker is using session ID cookies to get into the accounts of old and inactive users, due to the long life of the cookie.
So, how do I protect myself?
1. First of all, Log out.
2. On the login page, make sure this box is UNCHECKED.
3. When you log back in, press F12. (chrome users)
4. Click the cookies tab.
5. Then go to the forum.blockland.us tab, and look at the cookies.
You want to look at the PHPSESSID cookie that is NOT labeled as "Session" for expiration date. Check the expiration date on the second cookie. It should be dated today, 60 minutes from now. If it's anywhere years later, (remember the PHPSESSID cookie only. Not the one that says "session" the one printed with an actual date.) Make SURE you delete it.
If it's dated 60 minutes from now, delete it as well. You should be left with a cookies tab similar to the one in the screenshot.
6. You should be safe if I'm correct. Leaving the session expiring one will make it expire when you close the page, logging you out. If you want to be extra safe, just keep off the forums until it's sorted. You'll have clean cookies this way.
I have no idea if this is effective. Use at your own risk.
