Jump to content
Announcement: It is with regret... ×

Changes to the PM System and Security Advice


[Co...]

Recommended Posts

Hi all,

 

As some of you have already noticed, there is now no limit on the size of your PM (Personal Message) inboxes.

 

More than a year ago, the (now defunct) benzowithdrawal.com forum had the passwords to some of its member accounts cracked. At the same time, similar cracking attempts occurred with some of our member accounts and all of our team.

 

Subsequently, some of the private communications from BW.com were published by a loon with a blog and an unfathomable grudge against BW.com and its members. As a precaution, we closed down the PM system, and when we returned functionality, we limited member inboxes to a count of just 20 PMs (in the event of an account being cracked, the potential damage would be limited by the limited number of PMs).

 

Secretly, the blogger had help from the unhinged owner (Donna) of a small - so-called - support forum (I'll call it BE), with many common members to BW.com (it was advertised as a safe haven to BW). We know that Donna helped the blogger (she has even admitted to this - she was even the original registrant of the blog domain) and we also know that she passed along membership details from her own forum to the blogger. It would seem highly likely that she passed along information that helped enable the accounts at BW to be compromised. I'm getting a bit off subject now, but members deserve to know that Donna is secretly behind a new forum (I'll call it BW.org - this should be enough for members to identify the forum and avoid it). Although Donna denied being involved with the new forum, it was recently revealed at a third-party blog (and confirmed by a BW.org admin) that she is indeed responsible for the new site/forum.

 

Since the cracking of member accounts at BW.com (and the attempts here), we have taken on board two techs; they have made extensive security upgrades to our systems. We have also carried out a review of the potential 'threat'. We have decided that, although no system is ever 100% secure, the benefits to members of returning normal PM operations (no limit to the size of your inboxes) outweigh the potential risks.

 

To better ensure your security here and other websites, I strongly suggest the following advice:

  • The password to your e-mail account should be long, a random string of characters, and should not be used for logging into anywhere except your e-mail account.
     
     
  • Do not use 'secret question' functions, where the website will suggest a list of possible questions (such as, 'what was your mother's maiden name', or 'what was the name of your first pet'). Such alternative login systems are inherently unsecure, where the answers are either within the public domain, or easily guessable. If you are forced to use such a system by a website, I suggest that you use a long random string of characters as the answer (because such systems are usually case insensitive are restricted to letters and numbers) and that you write down the answer on a piece of paper. We modified the SMF forum code to remove this unsafe function from BenzoBuddies.
     
     
  • Your BB password should be unique to this site. Your BB password should consist of a random string of at least 9 characters (numbers, upper and lower case letters, and special characters). You might also elect to change your password every few months.
     
     
  • Do not join the website/forum with which Donna is associated. It would be advisable to not even visit her website, as any information that might be collected cannot be considered safe from abuse.
     
     
  • For similar reasons, avoid the loon's blog, and certainly do not comment there. If you visit the blog or BW.org, I strongly suggest the use of an anonymising proxy.
     
     
  • Do not share your personal information with other members through the PM system (despite the blocks we have put in place, the blogger and one or two helpers continue to attempt to join this community). In particular, do not share your Facebook or other social network identity.

 

Ultimately, members have the responsibility to secure their own online activities. We have put in place all reasonable security measures, and then some. If you do not need to retain a particular PM, delete it. Be especially careful of requests to share contact information away from BB. If you receive a suspicious or otherwise worrisome PM, do not delete it; instead please use the 'Report This PM' link at the foot of the PM in question and we will investigate it for you.

 

We will shortly update the information in the PM area to reflect the changes to the inbox limit and the information contained within this post.

 

Thank you.

 

 

Edit: additional bullet point.

Link to comment
Share on other sites

Thank You, Colin.

 

Should I change my email password?  How can my email password be compromised my a hacker from this site?  I have been using the same password for a long time. 

Link to comment
Share on other sites

Thank You, Colin.

 

Should I change my email password?  How can my email password be compromised my a hacker from this site?  I have been using the same password for a long time. 

 

In the unlikely event that someone were to hack into your account here, they would then have your email address as it appears in your profile. From there, if your email password isn't secure (easily guessed), they could gain entry to your email account. You may want to also have a separate email account for BB. If your email password and/or your BB account password is easy to guess, it should be changed to a more secure password as described by Colin above. This isn't specific to this website. This is just good internet security practice.

 

It's better if your password doesn't consists of actual words. Some hackers have programs (a dictionary based attack) that will run through all words until it comes across words that might be part of your password. If your password looks like this: (*n1%gfndkj&#$22, there is zero chance it will be found out in that way. Naturally you should never share your password with anyone.

Link to comment
Share on other sites

Thank You, Colin.

 

Should I change my email password?  How can my email password be compromised my a hacker from this site?  I have been using the same password for a long time. 

 

In the unlikely event that someone were to hack into your account here, they would then have your email address as it appears in your profile.

 

Or, if you register somewhere untrustworthy, they might cream off your password from your account there, and if you use the same password at another site or (worse) your e-mail account, they could compromise your privacy and security. It should be remembered, the owner of BE passed along all kinds of information to the blogger. We know of instances of member e-mail account (address) information being used by the blogger that were used exclusively for BE membership.

 

To better inform members, I will shortly write more about those involved in the systematic abuse of our members and the wider benzodiazepine support community.

Link to comment
Share on other sites

Thank you Colin and those on your team that protect us with the security that you provide on this forum.  This is so beyond my thinking, especially while going through recovery, so I truly appreciate your taking the precautions that you have.

 

May your problems be few and your rewards plentiful 2013,

Sally Stillbelieving we heal  :angel:

Link to comment
Share on other sites

Thank You, Colin.

 

Should I change my email password?  How can my email password be compromised my a hacker from this site?  I have been using the same password for a long time. 

 

In the unlikely event that someone were to hack into your account here, they would then have your email address as it appears in your profile. From there, if your email password isn't secure (easily guessed), they could gain entry to your email account. You may want to also have a separate email account for BB. If your email password and/or your BB account password is easy to guess, it should be changed to a more secure password as described by Colin above. This isn't specific to this website. This is just good internet security practice.

 

It's better if your password doesn't consists of actual words. Some hackers have programs (a dictionary based attack) that will run through all words until it comes across words that might be part of your password. If your password looks like this: (*n1%gfndkj&#$22, there is zero chance it will be found out in that way. Naturally you should never share your password with anyone.

 

Thanks Hope!  That is a good idea to change my password to something to that nature example: ( *&9(%4#ngh% )  What a great idea!  I use my email account for work and would be a horrible thing if it were to be hacked into. 

 

-SkyZone-

Link to comment
Share on other sites

Thank You, Colin.

 

Should I change my email password?  How can my email password be compromised my a hacker from this site?  I have been using the same password for a long time. 

 

In the unlikely event that someone were to hack into your account here, they would then have your email address as it appears in your profile.

 

Or, if you register somewhere untrustworthy, they might cream off your password from your account there, and if you use the same password at another site or (worse) your e-mail account, they could compromise your privacy and security. It should be remembered, the owner of BE passed along all kinds of information to the blogger. We know of instances of member e-mail account (address) information being used by the blogger that were used exclusively for BE membership.

 

To better inform members, I will shortly write more about those involved in the systematic abuse of our members and the wider benzodiazepine support community.

 

Thanks, Colin!

Link to comment
Share on other sites

I edited my opening post to include the following bullet point:

  • Do not use 'secret question' functions, where the website will suggest a list of possible questions (such as, 'what was your mother's maiden name', or 'what was the name of your first pet'). Such alternative login systems are inherently unsecure, where the answers are either within the public domain, or easily guessable. If you are forced to use such a system by a website, I suggest that you use a long random string of characters as the answer (because such systems are usually case insensitive are restricted to letters and numbers) and that you write down the answer on a piece of paper. We modified the SMF forum code to remove this unsafe function from BenzoBuddies.

Link to comment
Share on other sites

  • 5 weeks later...
  • 1 year later...

How di I send a PM? Tried to respond to one but didn't succeed. Sorry.

 

Constanthope

 

click on the member's name and you will see send a pm  :)

Link to comment
Share on other sites

  • 1 month later...

Hi Colin,

I'm not sure how to use the site to post a message.  I did register as a Member & received a notification via my email to say I'm registered.  At that time I did receive some messages but have written a number in my own message board & pressed post - but no replies.

 

In desperation last week I went into 'ticket' & sent a request for help with my proposed taper - but I ended up receiving a message from the Moderators Team to say I need to have posted this on the Forum & not the Help Desk.

 

What on earth am I doing wrong - can you please give me some technical guidance so I can ask for particular help?

 

Your reply would be greatly appreciated.  I live on East Coast of Australia.

 

Blessings,

Mmoo

Link to comment
Share on other sites

Hi Colin,

I'm not sure how to use the site to post a message.  I did register as a Member & received a notification via my email to say I'm registered.  At that time I did receive some messages but have written a number in my own message board & pressed post - but no replies.

 

In desperation last week I went into 'ticket' & sent a request for help with my proposed taper - but I ended up receiving a message from the Moderators Team to say I need to have posted this on the Forum & not the Help Desk.

 

What on earth am I doing wrong - can you please give me some technical guidance so I can ask for particular help?

 

Your reply would be greatly appreciated.  I live on East Coast of Australia.

 

Blessings,

Mmoo

 

Oh, we're so sorry, Mmoo!  Where would you like to start posting?  Do you know where the main board is to the forum with the topics to choose from?

 

I'll send you a PM as well...

Challis  :)

Link to comment
Share on other sites

  • 3 years later...

For some odd reason I can reply to any of my messages

 

Hello,

 

The team is looking into this and we'll get back to you with a response as soon as possible. Thanks.

 

pianogirl

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...