im0qianqian's blog

By im0qianqian, 4 weeks ago, In English,

I am sorry to bother you, my account has recently had some problems. It was stolen by someone else I didn't know and changed my password and email address. I don't know if I leaked my password, or just hacked by someone else. In short, I can't change my password and email address. I can use it temporarily because my account has not been logged out. I am afraid that he will take my account to do something unethical, such as stealing data from the gym, or deliberately deleting something I have now. I know that if this article is seen by him, it may bring more tragic things, but I can only pray that such things will not happen. I know his email, and I also contacted him through QQ, but I have never received a reply.

I also tried to contact MikeMirzayanov and asked him to change the email address and password for me. I have not received a reply yet. In addition, I want Codeforces to send email confirmations when modifying email addresses, which is more secure.

Finally, if you have recently seen me posting some weird comments, please let me know, my email address is: im0qianqian@gmail.com, thank you!


UPD 2018.08.25:

I don't know why, it has been four days, but I still haven't got my account back, I don't even get an administrator's reply. It made my recent plan very bad, and if I postpone it, the chances of getting my account back will be even smaller!


UPD 2018.08.29:

I just suddenly found out that my account was automatically logged out. I was shocked. I thought I could never use it anymore. But I successfully logged in with my original password, I thought it was changed by Mike for me. When I looked at talks, I found that the hacker left a letter for me. It turned out that he changed the password for me, so I should thank him or hate him? A fun joke. But I don't know what the hacker did with my account. If so, I hope he can tell me.

Thanks to my friend rainbows_ for their recent concern, thanks to MikeMirzayanov and gKseni from Codeforces for their help, and the hacker reminding me that my password is too simple, thanks to everyone for their advice. I also hope that everyone can use strong passwords to prevent their accounts from being compromised.

 
 
 
 
  • Vote: I like it  
  • +131
  • Vote: I do not like it  

»
4 weeks ago, # |
Rev. 2   Vote: I like it +18 Vote: I do not like it

Enable https in settings...

I once encountered a similar thing. I logged into my account by using "use gmail". Then changed email and password in settings section then saved and logged out. Most importantly that new email id was not registered anywhere(it was just i typed abc45@gmail.com). Then logged again using the new email and password and i was in.

You most probably had your account left logged in somewhere(not your local machine).

I have dual booted laptop(win10 and debian) and i have been logged in my codeforces account from both os at same time which should not happen ideally on a website like codeforces.

suggestion:- make it like codechef login page.

  • »
    »
    4 weeks ago, # ^ |
      Vote: I like it +24 Vote: I do not like it

    Enable https in settings...

    Question for codeforces admins. Why https not enabled by default?

  • »
    »
    4 weeks ago, # ^ |
      Vote: I like it +53 Vote: I do not like it

    "Enforce https" in user settings is a terrible "security" feature and prompting users to turn it on is a terrible advice.

    Upon typing "http://codeforces.com" your browser sends the session cookie. The server authenticates you, determines you have "Enforce HTTPS" on, and redirects you to "https://codeforces.com". By this time, your session cookie has already been transferred over insecure connection and is compromised.

    • »
      »
      »
      4 weeks ago, # ^ |
        Vote: I like it +8 Vote: I do not like it

      Your connection to www.codeforces.com is not a secure connection,hackers might be trying to steal your cookies and your active session can be compromised.

  • »
    »
    4 weeks ago, # ^ |
      Vote: I like it +8 Vote: I do not like it

    Thank you for your advice. I didn't log in anywhere except my own computer, so this assumption was excluded.

    I think there are advantages and disadvantages to allowing the same account to log in at different locations at the same time. It makes it easier for us to use codeforces, but it has some drawbacks, such as my inability to know my login history (historical location and ip) or how many sites are currently not logged out of my account.

    Of course, the unfair practice of multiple people using the same account during a contest has also been achieved.

  • »
    »
    4 weeks ago, # ^ |
      Vote: I like it +43 Vote: I do not like it

    Enable https in settings...

    A better idea is using HTTPS Everywhere

    • »
      »
      »
      4 weeks ago, # ^ |
        Vote: I like it +28 Vote: I do not like it

      Yeah i use it but sometimes codeforces becomes slow due to it

»
4 weeks ago, # |
  Vote: I like it +36 Vote: I do not like it

Hello, we see your problem, thinking about how to help you <3

  • »
    »
    4 weeks ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Can you help me modify my email or password? This way I can use my account normally.

    • »
      »
      »
      4 weeks ago, # ^ |
        Vote: I like it +8 Vote: I do not like it

      Please, check your email.

      • »
        »
        »
        »
        4 weeks ago, # ^ |
          Vote: I like it 0 Vote: I do not like it

        Yes, I confirm. If you can, please help me modify my email, thank you.

»
3 weeks ago, # |
  Vote: I like it 0 Vote: I do not like it

im0qianqian nice but please post the screenshot of message if possible.what's the hacker's username as he sent you a message.

  • »
    »
    3 weeks ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    No, he didn't send me a message. He sent a message to someone through my account.

    • »
      »
      »
      3 weeks ago, # ^ |
        Vote: I like it 0 Vote: I do not like it

      Was your password that weak that he might have just bruteforced it?

      • »
        »
        »
        »
        3 weeks ago, # ^ |
          Vote: I like it 0 Vote: I do not like it

        Yes, my original password is really weak, and most people can easily guess it (but I didn't expect anyone to try it)

        • »
          »
          »
          »
          »
          3 weeks ago, # ^ |
            Vote: I like it 0 Vote: I do not like it

          If it's the same for jiangshibiao then at least that removes the chances of there being a serious vulnerability with codeforces.

          • »
            »
            »
            »
            »
            »
            3 weeks ago, # ^ |
              Vote: I like it 0 Vote: I do not like it

            About this we can ask lsmll.

          • »
            »
            »
            »
            »
            »
            3 weeks ago, # ^ |
              Vote: I like it 0 Vote: I do not like it

            But there is another thing worth paying attention to is how the hacker does not delete the original session after changing the password.

            • »
              »
              »
              »
              »
              »
              »
              3 weeks ago, # ^ |
                Vote: I like it 0 Vote: I do not like it

              That's a good point. I have been trying to recreate this somehow for the past 2 days with no success yet.

              One possibility is that he took over your session and changed the password from there.

              • »
                »
                »
                »
                »
                »
                »
                »
                3 weeks ago, # ^ |
                  Vote: I like it 0 Vote: I do not like it

                I think my location is different from the hacker, so my session should not be picked up by him.

      • »
        »
        »
        »
        3 weeks ago, # ^ |
          Vote: I like it 0 Vote: I do not like it

        rainbow tables