Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
can mods login to your account and spy on you ??
- Thread starter domain newbie
- Start date
- Joined
- Dec 26, 2007
- Messages
- 7,357
- Reaction score
- 223
What do you mean by seeing youself logged in?
The "who is online" is usually time based. If you log out, you still might see yourself in the "who is online" for a while (I don't know how long but some of my forums it's over 30 minutes).
If you have DNF up on more than one PC (I know I'm still logged on at home), if you log off one of them you'll still be logged onto the other (I could log off here @ work and still see myself logged in).
Did you log out, clear your cache, then when you went back to DNF you were still logged in? (This would be an issue with your cookies / cache cleaning - I'd run a malware check if this is the case).
As far as I know, moderators cannot log in as other members here but if someone has your password then they could. If its not too secure or you haven't changed it in a while, I'd advise you to change it (to something completely different) and see if it continues to happen (also log out and back in w/ the new password on any PC you use to check out DNF).
The "who is online" is usually time based. If you log out, you still might see yourself in the "who is online" for a while (I don't know how long but some of my forums it's over 30 minutes).
If you have DNF up on more than one PC (I know I'm still logged on at home), if you log off one of them you'll still be logged onto the other (I could log off here @ work and still see myself logged in).
Did you log out, clear your cache, then when you went back to DNF you were still logged in? (This would be an issue with your cookies / cache cleaning - I'd run a malware check if this is the case).
As far as I know, moderators cannot log in as other members here but if someone has your password then they could. If its not too secure or you haven't changed it in a while, I'd advise you to change it (to something completely different) and see if it continues to happen (also log out and back in w/ the new password on any PC you use to check out DNF).
- Joined
- Mar 13, 2005
- Messages
- 2,642
- Reaction score
- 1
hm, okay, maybe it's cache, so mods can't login to your acc, yea?
- Joined
- Dec 26, 2007
- Messages
- 7,357
- Reaction score
- 223
Unless you give one of them (well, any member) your password (which would be a violation of many rules and would get both members banned).
Run some good malware checks - SpyBot Search & Destroy, Ad-Aware etc..
Also, the "who's online" features aren't always 100% accurate. I've been on and not seen myself but on other forums I've seen myself online even though I'm logged out.
Run some good malware checks - SpyBot Search & Destroy, Ad-Aware etc..
Also, the "who's online" features aren't always 100% accurate. I've been on and not seen myself but on other forums I've seen myself online even though I'm logged out.
- Joined
- Mar 13, 2005
- Messages
- 2,642
- Reaction score
- 1
- Joined
- Dec 31, 2006
- Messages
- 4,689
- Reaction score
- 168
Anyone with direct access or shell access to any server can see anything they want, if they want to bad enough.. Just have to go look at the sql db and view the data directly. I seriously doubt mods have that kind of access though..
- Joined
- Mar 13, 2005
- Messages
- 2,642
- Reaction score
- 1
Last edited:
- Joined
- Dec 31, 2006
- Messages
- 4,689
- Reaction score
- 168
Perhaps. But again, if they have *direct* access to the server, they also have access to the hash. Or why bother when you could simply clone the database & application, put it on another server & just reset the users password then go in as them. The important things here are direct access, and how badly someone wants to see something.
Also, think of the server load to encrypt/decrypt *everything* all the time. Most developers just encrypt the passwords.
- Joined
- Oct 23, 2003
- Messages
- 241
- Reaction score
- 0
HTTP is not a persistent connection - it only knows the CLIENT is still connecting to the SERVER when the CLIENT makes a new request.
The CLIENT sends a request to the SERVER for information (usually a webpage), the SERVER processes the request and replies to the CLIENT, sending whatever is the relevant response (usually a webpage).
That is the end of the communication, and they do not communicate again until another request is sent by the CLIENT. Clicking a hyperlink is the most common type of request on the web.
Thus, the only option the SERVER has for figuring out when a CLIENT has left is to assume that the CLIENT has left the system after a certain amount of time has passed with no new request received. This is generally referred to as a "time to live".
Forums (and most membership systems for HTTP) operate on SESSIONS, which store information about your user account on the server, and are stored on your local computer as a cookie (text file) with a SESSION ID that is your ticket back into your SESSION on the SERVER (your account, basically), without LOGGING IN everytime you want to access a page.
So if the "time to live" variable is set to 30 minutes, you will appear in the "logged in users" displays for 30 minutes after your last request on that website.
The only exception to this is if you specifically LOGOUT. With this request, you are specifically telling the server to close your session as you are finished using the system.
Just to add a note about passwords
Passwords are mostly encrypted using what's called a one-way hash - the SHA1 algorithm more recently, earlier the MD5 (wikipedia for more on that). These hashes will produce everytime the same hash of a given password. The one-way is a means by which they are practically impossible (really really really ridiculously tough) to un-hash. So, even if an administrator looks at the database all they see are a bunch of password hashes (ab23jfak3f39fksixiw03, something to that effect). When you submit your password to a user system, it will hash your password and compare it to the hash in the database.
That's not to say an evil administrator couldn't store your unencrypted password somewhere, if they wanted to. However, unless they're hoping you use the same password at every site so they can login elsewhere, it's pointless as they can view everything that gets posted to the site by direct server access anyhow.
Moderators and other users on the other hand, wouldn't have any way to access this information unless the administrator specifically gave them access.
So in short, use different strong passwords for every separate place on the web that's important to you (Paypal, Banking, Registrars, etcetera).
Hope that helps
The CLIENT sends a request to the SERVER for information (usually a webpage), the SERVER processes the request and replies to the CLIENT, sending whatever is the relevant response (usually a webpage).
That is the end of the communication, and they do not communicate again until another request is sent by the CLIENT. Clicking a hyperlink is the most common type of request on the web.
Thus, the only option the SERVER has for figuring out when a CLIENT has left is to assume that the CLIENT has left the system after a certain amount of time has passed with no new request received. This is generally referred to as a "time to live".
Forums (and most membership systems for HTTP) operate on SESSIONS, which store information about your user account on the server, and are stored on your local computer as a cookie (text file) with a SESSION ID that is your ticket back into your SESSION on the SERVER (your account, basically), without LOGGING IN everytime you want to access a page.
So if the "time to live" variable is set to 30 minutes, you will appear in the "logged in users" displays for 30 minutes after your last request on that website.
The only exception to this is if you specifically LOGOUT. With this request, you are specifically telling the server to close your session as you are finished using the system.
Just to add a note about passwords
Passwords are mostly encrypted using what's called a one-way hash - the SHA1 algorithm more recently, earlier the MD5 (wikipedia for more on that). These hashes will produce everytime the same hash of a given password. The one-way is a means by which they are practically impossible (really really really ridiculously tough) to un-hash. So, even if an administrator looks at the database all they see are a bunch of password hashes (ab23jfak3f39fksixiw03, something to that effect). When you submit your password to a user system, it will hash your password and compare it to the hash in the database.
That's not to say an evil administrator couldn't store your unencrypted password somewhere, if they wanted to. However, unless they're hoping you use the same password at every site so they can login elsewhere, it's pointless as they can view everything that gets posted to the site by direct server access anyhow.
Moderators and other users on the other hand, wouldn't have any way to access this information unless the administrator specifically gave them access.
So in short, use different strong passwords for every separate place on the web that's important to you (Paypal, Banking, Registrars, etcetera).
Hope that helps
Last edited:
- Joined
- Mar 13, 2005
- Messages
- 2,642
- Reaction score
- 1
yea, i actually specifically loggin out and it would say- all cookies are cleared
so i would think there are spies, but heck, they wont find anything there anyways :undecided:
i don't mind admins doing that for whatever reasons, but don't want any mods being able to do that
- Status
Similar threads
The Rule #1
Do not insult any other member. Be polite and do business. Thank you!
Sedo - it.com Premiums
Premium Members
Spread the Word!
New Threads
-
-
-
appraise JustDiscovered.com, CurrentlyCool.com- Started by warnerms
- Replies: 0
-
-
Our Mods' Businesses
*the exceptional businesses of our esteemed moderators