Old Freeper Accounts Hijacked?

Original Content | 03/16/2025 | By Laz A. Mataz

[Lazamataz]

I've noticed, over the years, that very old Free Republic accounts, accounts that have been inactive for months or years, suddenly reactivate.... but their politics are suddenly suspect.

Be they Zeeper-oriented (that is, super-favorable to Ukraine) or, conversely, super-favorable to Russia, or even suddenly-liberal... these accounts reactivate with a flurry of posts that are contrary to conservatism.

Are these real Freepers who have had a change of heart about their politics? Are these real Freepers who feel the need to jump on the forum with propaganda and support for one side or the other per the Ukraine/Russia war?

Or are these hijacked accounts?

People will recall some time back, quite a few accounts of active Freepers were hijacked. It created a bit of a problem. When all was said and done, the accounts were returned to their rightful owners, and the site owner (and his moderator crew) pointed out that their passwords were very easy to guess. He instructed people to have stronger passwords.

I also have a friend on Facebook who no longer participates in the forum, but still reads it, who has seen a Freeper posting who he happens to know has been dead for more than a decade.

The problem is, we have far too insecure a login process, and enemies of the forum have been exploiting that.

At the login page, you can attempted unlimited login attempts. This will allow simple brute-force password cracking.

Also, the Forget Password option sends an email with your password in clear text. Emails can easily be sniffed with the right techniques. Passwords can easily be cracked that way.

My suggestions to mitigate these critical security concerns are:

1. -- Limit login attempts to five, after which the account is suspended until unlocked. What unlocking consists of can be anything. One suggestion is that the account is auto-disabled for a day. That means a hacker will only get five brute-force attempts in any given 24 hour period.
2. -- Install two-factor authentication, in which a text number is sent to a phone the user possesses.
3. -- Emails for Forget Password should not send the actual password, but instead, a link to a page on FR that allows a reset of the password.

These relatively-simple security changes will stop account-hijacking.

[Blurb2350]

C’mon you have to admit Laz is one of our fanciest posters. There’s no denying it.

[redfreedom]

I’ve been around since the late 90’s when I had a different user name that got lost in an absence from FR. Generally since the late 90’s up to about 10 years ago or so there was always a general consensus among all comments and posts that were quite patriotic and conservative.

Beginning about with the Biden regime there have been many posting what appears to be lib views. The most obvious are the Zeepers. They are so obvious because they are supporting a piano playing pervert that was installed much the same way Biden the pervert was installed. And their goals are the same, endless wars. Endless wars that get the rich and powerful more rich and powerful while good people get killed at the expense of tax payers.

So yes, I can see older accounts being hacked into and taken over.

[Lazamataz]

I can live with 2-factor to email addresses. Less secure than phones, but better than nothing.

[Lazamataz]

C’mon you have to admit Laz is one of our fanciest posters. There’s no denying it.

Sir, you wound me. I have NEVER embraced fanciestism or any sort of fancypants politics.

[bankwalker]

zotting has all but disappeared ...

[DoodleBob]

THEY had two-factor authentication.

[bankwalker]

I think it started when Jim got sick. Maybe just a coincidence ...

[Openurmind]

Tell you what... Two-factor authentication that requires a phone number and there will be a whole bunch leave here including myself.

This is a direct form of real personal physical identification including full name and physical address. Very few with any knowledge of how it actually works will use a site with 2FA. You don’t want your phone number in ANY database... Anyone who does is foolish and just asking for even more security risks.

And no... There is no system on the planet that is secure and can claim that this data will never be breached. This site is now in the Cloud and on servers in the old world who demands that data is turned over whenever requested. While the FR domain might not, their host just might and probably without notice.

[dljordan]

“I’ve noticed, over the years, that very old Free Republic accounts, accounts that have been inactive for months or years, suddenly reactivate.... but their politics are suddenly suspect.”

I’ve commented on it for years. Probably the government.

[Laslo Fripp]

…as eggs run…

[central_va]

Laz IMO there are lobbyists, ( pro EV, pro Free Trade ) using old accounts. They probably use simple password breaking software to get into accounts. It is a big problem.

I hate it.

[Wilderness Conservative]

Can you show us on the doll where you were hurt?

[Albion Wilde]

A practical post with good ideas. Thanks, Laz.

[dforest]

Chill out. It is a discussion.

[Karliner]

I peruse once a day for over twenty years now( lurked another five when not allowed social media). Made some cool friends and had very little riff-raff problems.
Thanks, hope this gets cleared up.
Sounds like what trolls/hackers do on FB.

[central_va]

Sorry, too many of have noticed the pattern. Freep account is dormant for years, decades. Then all of a sudden it is active, it is liberal and it is in your face.

[madison10]

Agree.

[CaptainK]

You forgot to mention getting into a relationship with a liberal woman. It happened to two consecutive men in my family.

[miniTAX]

‘I just tested out the brute-force method. I was able to attempt 15 manual tries in about 2 minutes. If I had a brute-force password cracker program, this would be child’s play, to crack a password’

---

It never works like this (except in films). Supposing a brute force password script (you can find it in Python everywhere) can try 10 passwords per minute. The number of combinations for a 6 letters pwd is 36^6 (26 letters + 10 numbers) and would require centuries to get the right pwd. And most sites don’t let you try indefinitely by restricting incrementally your access.

FR passwords may (or may not) have been stolen and the most probable way is via emails hacks.

[central_va]

I love FR, but the whole platform is stuck in the 1990s.

That is what makes it good.