Блог пользователя im0qianqian

Автор im0qianqian, 6 лет назад, По-английски

I am sorry to bother you, my account has recently had some problems. It was stolen by someone else I didn't know and changed my password and email address. I don't know if I leaked my password, or just hacked by someone else. In short, I can't change my password and email address. I can use it temporarily because my account has not been logged out. I am afraid that he will take my account to do something unethical, such as stealing data from the gym, or deliberately deleting something I have now. I know that if this article is seen by him, it may bring more tragic things, but I can only pray that such things will not happen. I know his email, and I also contacted him through QQ, but I have never received a reply.

I also tried to contact MikeMirzayanov and asked him to change the email address and password for me. I have not received a reply yet. In addition, I want Codeforces to send email confirmations when modifying email addresses, which is more secure.

Finally, if you have recently seen me posting some weird comments, please let me know, my email address is: [email protected], thank you!


UPD 2018.08.25:

I don't know why, it has been four days, but I still haven't got my account back, I don't even get an administrator's reply. It made my recent plan very bad, and if I postpone it, the chances of getting my account back will be even smaller!


UPD 2018.08.29:

I just suddenly found out that my account was automatically logged out. I was shocked. I thought I could never use it anymore. But I successfully logged in with my original password, I thought it was changed by Mike for me. When I looked at talks, I found that the hacker left a letter for me. It turned out that he changed the password for me, so I should thank him or hate him? A fun joke. But I don't know what the hacker did with my account. If so, I hope he can tell me.

Thanks to my friend ohyooo for their recent concern, thanks to MikeMirzayanov and gKseni from Codeforces for their help, and the hacker reminding me that my password is too simple, thanks to everyone for their advice. I also hope that everyone can use strong passwords to prevent their accounts from being compromised.

  • Проголосовать: нравится
  • +131
  • Проголосовать: не нравится

»
6 лет назад, # |
Rev. 2   Проголосовать: нравится +18 Проголосовать: не нравится

Enable https in settings...

I once encountered a similar thing. I logged into my account by using "use gmail". Then changed email and password in settings section then saved and logged out. Most importantly that new email id was not registered anywhere(it was just i typed [email protected]). Then logged again using the new email and password and i was in.

You most probably had your account left logged in somewhere(not your local machine).

I have dual booted laptop(win10 and debian) and i have been logged in my codeforces account from both os at same time which should not happen ideally on a website like codeforces.

suggestion:- make it like codechef login page.

  • »
    »
    6 лет назад, # ^ |
      Проголосовать: нравится +24 Проголосовать: не нравится

    Enable https in settings...

    Question for codeforces admins. Why https not enabled by default?

  • »
    »
    6 лет назад, # ^ |
      Проголосовать: нравится +53 Проголосовать: не нравится

    "Enforce https" in user settings is a terrible "security" feature and prompting users to turn it on is a terrible advice.

    Upon typing "http://codeforces.com" your browser sends the session cookie. The server authenticates you, determines you have "Enforce HTTPS" on, and redirects you to "https://codeforces.com". By this time, your session cookie has already been transferred over insecure connection and is compromised.

    • »
      »
      »
      6 лет назад, # ^ |
        Проголосовать: нравится +8 Проголосовать: не нравится

      Your connection to www.codeforces.com is not a secure connection,hackers might be trying to steal your cookies and your active session can be compromised.

  • »
    »
    6 лет назад, # ^ |
      Проголосовать: нравится +8 Проголосовать: не нравится

    Thank you for your advice. I didn't log in anywhere except my own computer, so this assumption was excluded.

    I think there are advantages and disadvantages to allowing the same account to log in at different locations at the same time. It makes it easier for us to use codeforces, but it has some drawbacks, such as my inability to know my login history (historical location and ip) or how many sites are currently not logged out of my account.

    Of course, the unfair practice of multiple people using the same account during a contest has also been achieved.

  • »
    »
    6 лет назад, # ^ |
      Проголосовать: нравится +43 Проголосовать: не нравится

    Enable https in settings...

    A better idea is using HTTPS Everywhere

»
6 лет назад, # |
  Проголосовать: нравится +36 Проголосовать: не нравится

Hello, we see your problem, thinking about how to help you <3

»
6 лет назад, # |
  Проголосовать: нравится 0 Проголосовать: не нравится

im0qianqian nice but please post the screenshot of message if possible.what's the hacker's username as he sent you a message.

  • »
    »
    6 лет назад, # ^ |
      Проголосовать: нравится 0 Проголосовать: не нравится

    No, he didn't send me a message. He sent a message to someone through my account.

    • »
      »
      »
      6 лет назад, # ^ |
        Проголосовать: нравится 0 Проголосовать: не нравится

      Was your password that weak that he might have just bruteforced it?

      • »
        »
        »
        »
        6 лет назад, # ^ |
          Проголосовать: нравится 0 Проголосовать: не нравится

        Yes, my original password is really weak, and most people can easily guess it (but I didn't expect anyone to try it)

        • »
          »
          »
          »
          »
          6 лет назад, # ^ |
            Проголосовать: нравится 0 Проголосовать: не нравится

          If it's the same for jiangshibiao then at least that removes the chances of there being a serious vulnerability with codeforces.

          • »
            »
            »
            »
            »
            »
            6 лет назад, # ^ |
              Проголосовать: нравится 0 Проголосовать: не нравится

            About this we can ask lsmll.

          • »
            »
            »
            »
            »
            »
            6 лет назад, # ^ |
              Проголосовать: нравится 0 Проголосовать: не нравится

            But there is another thing worth paying attention to is how the hacker does not delete the original session after changing the password.

            • »
              »
              »
              »
              »
              »
              »
              6 лет назад, # ^ |
                Проголосовать: нравится 0 Проголосовать: не нравится

              That's a good point. I have been trying to recreate this somehow for the past 2 days with no success yet.

              One possibility is that he took over your session and changed the password from there.

              • »
                »
                »
                »
                »
                »
                »
                »
                6 лет назад, # ^ |
                  Проголосовать: нравится 0 Проголосовать: не нравится

                I think my location is different from the hacker, so my session should not be picked up by him.

      • »
        »
        »
        »
        6 лет назад, # ^ |
          Проголосовать: нравится 0 Проголосовать: не нравится

        rainbow tables