466 Satisfied Customers!™
Posted on 03/16/2025 6:09:41 AM PDT by Lazamataz
I've noticed, over the years, that very old Free Republic accounts, accounts that have been inactive for months or years, suddenly reactivate.... but their politics are suddenly suspect.
Be they Zeeper-oriented (that is, super-favorable to Ukraine) or, conversely, super-favorable to Russia, or even suddenly-liberal... these accounts reactivate with a flurry of posts that are contrary to conservatism.
Are these real Freepers who have had a change of heart about their politics? Are these real Freepers who feel the need to jump on the forum with propaganda and support for one side or the other per the Ukraine/Russia war?
Or are these hijacked accounts?
People will recall some time back, quite a few accounts of active Freepers were hijacked. It created a bit of a problem. When all was said and done, the accounts were returned to their rightful owners, and the site owner (and his moderator crew) pointed out that their passwords were very easy to guess. He instructed people to have stronger passwords.
I also have a friend on Facebook who no longer participates in the forum, but still reads it, who has seen a Freeper posting who he happens to know has been dead for more than a decade.
The problem is, we have far too insecure a login process, and enemies of the forum have been exploiting that.
At the login page, you can attempted unlimited login attempts. This will allow simple brute-force password cracking.
Also, the Forget Password option sends an email with your password in clear text. Emails can easily be sniffed with the right techniques. Passwords can easily be cracked that way.
My suggestions to mitigate these critical security concerns are:
These relatively-simple security changes will stop account-hijacking.
This would explain what we both have been puzzled about.
Can you make this happen? You are a skilled developer, I know you can.
I wish they would start donating to Freepathons for me.
I’ve wondered the same thing, Laz.
Which means we likely have our answer.
Many of my conservative friends became liberals due to family issues or retiring and living on government money/disability. A few became gay.
Excellent suggestions.
My friends and coworkers all get scam phone calls and messages daily.There are many well organized criminals trying to steal our information.
IMO, some “new old timer post are from Woke children who came upon their parent’s login info.
I just tested out the brute-force method. I was able to attempt 15 manual tries in about 2 minutes. If I had a brute-force password cracker program, this would be child's play, to crack a password.
While this might happen -- while politics might change -- I still feel we need to tighten security. This is the single most insecure website I am active on.
First of all, MYOB! You stick to your lane and everybody else can stick to theirs. This forum has been a staunch advocate for Constitutional principles and dare I say your comments appear authoritarian and fanciest. I hope this is not the case. As a long time member, I will continue to opine on my terms and I encourage other to do the same.
True, but two-factor authentication would prevent even that. The odds of a child having access to their parents phone is much less than just simple password/username entry.
Which actually brings me to another point: Logins should expire. Right now, once you are logged in, you stay logged in forever. That cookie or certificate should be set to expire, say, once a month.
Haven’t there been some password manager breaches as well?
How about people die and nobody in their family reports it here. A family member or friend get on their puter or cellphone and just maybe they are leftist, or gay, or whatever.
They are triggered and decide it would be fun to take over for them.
As long as someone knows the password, they can get in here.
Some keep passwords at home in places.
First: I AM minding my own business. Free Republic is in my swim lane. I am a nonstop poster and steady participant.
Secondly, I am technical (very) and I am pointing out HUGE security holes.
Third, I am advocating for increased programmatic and technical security. Surely you cannot be against preventing password cracking and account hijacking???!?
Two-factor authentication would mitigate that, to some extent.
Some of us have gotten rid of their cell phones due to declining eyesight that renders them incapable of using cell phones. I am one of those, so I nix that proposal. 🤣
Thank you sir.
Sleeper accounts to be used when needed I would guess.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.