Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Old Freeper Accounts Hijacked?
Original Content | 03/16/2025 | By Laz A. Mataz

Posted on 03/16/2025 6:09:41 AM PDT by Lazamataz

I've noticed, over the years, that very old Free Republic accounts, accounts that have been inactive for months or years, suddenly reactivate.... but their politics are suddenly suspect.

Be they Zeeper-oriented (that is, super-favorable to Ukraine) or, conversely, super-favorable to Russia, or even suddenly-liberal... these accounts reactivate with a flurry of posts that are contrary to conservatism.

Are these real Freepers who have had a change of heart about their politics? Are these real Freepers who feel the need to jump on the forum with propaganda and support for one side or the other per the Ukraine/Russia war?

Or are these hijacked accounts?

People will recall some time back, quite a few accounts of active Freepers were hijacked. It created a bit of a problem. When all was said and done, the accounts were returned to their rightful owners, and the site owner (and his moderator crew) pointed out that their passwords were very easy to guess. He instructed people to have stronger passwords.

I also have a friend on Facebook who no longer participates in the forum, but still reads it, who has seen a Freeper posting who he happens to know has been dead for more than a decade.

The problem is, we have far too insecure a login process, and enemies of the forum have been exploiting that.

At the login page, you can attempted unlimited login attempts. This will allow simple brute-force password cracking.

Also, the Forget Password option sends an email with your password in clear text. Emails can easily be sniffed with the right techniques. Passwords can easily be cracked that way.

My suggestions to mitigate these critical security concerns are:

  1. -- Limit login attempts to five, after which the account is suspended until unlocked. What unlocking consists of can be anything. One suggestion is that the account is auto-disabled for a day. That means a hacker will only get five brute-force attempts in any given 24 hour period.
  2. -- Install two-factor authentication, in which a text number is sent to a phone the user possesses.
  3. -- Emails for Forget Password should not send the actual password, but instead, a link to a page on FR that allows a reset of the password.

These relatively-simple security changes will stop account-hijacking.


TOPICS: Chit/Chat; Conspiracy; Weird Stuff
KEYWORDS: bitchassstalker; comingafterustalker; cowardlystalker; diekeywordstalker; doxthestalker; freerepublic; hereiskeywordstalker; iwillfindustalker; karensunite; keywordstalker; keywordstalkerbitch; keywordstalkerpunk; keywordstalkers; nobodyshacked; papersplease; peoplegettignold; punkstalker; seeyourpapers; showyourselfstalker; stalkeriscoward; stupidvanity; yournextstalker
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 341-357 next last

1 posted on 03/16/2025 6:09:41 AM PDT by Lazamataz
[ Post Reply | Private Reply | View Replies]

To: Sidebar Moderator

This would explain what we both have been puzzled about.


2 posted on 03/16/2025 6:10:19 AM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: John Robinson

Can you make this happen? You are a skilled developer, I know you can.


3 posted on 03/16/2025 6:11:00 AM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz

I wish they would start donating to Freepathons for me.


4 posted on 03/16/2025 6:13:15 AM PDT by Kudsman (Democrats' brand is FRAUD. Elections, biology, climate, journalism, auto pen, peace, life and God. )
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz

I’ve wondered the same thing, Laz.

Which means we likely have our answer.


5 posted on 03/16/2025 6:14:03 AM PDT by 9YearLurker
[ Post Reply | Private Reply | To 1 | View Replies]

To: TheOldLady; Cyber Liberty; CatherineofAragon; melissa_in_ga; Slings and Arrows; ...
The Official Lazamataz Sometimes-Funny, Sometimes-Disturbing Ping List
466 Satisfied Customers!™


6 posted on 03/16/2025 6:14:14 AM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Lazamataz

Many of my conservative friends became liberals due to family issues or retiring and living on government money/disability. A few became gay.


7 posted on 03/16/2025 6:15:03 AM PDT by AppyPappy (If Hitler were alive today and criticized Trump, would he still be Hitler?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz

Excellent suggestions.

My friends and coworkers all get scam phone calls and messages daily.There are many well organized criminals trying to steal our information.


8 posted on 03/16/2025 6:15:42 AM PDT by hoosierham (Freedom isnt free)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz

IMO, some “new old timer post are from Woke children who came upon their parent’s login info.


9 posted on 03/16/2025 6:15:46 AM PDT by stars & stripes forever (Blessed is the nation whose GOD is the LORD. Psalm 33:12)
[ Post Reply | Private Reply | To 1 | View Replies]

To: 9YearLurker
Which means we likely have our answer.

I just tested out the brute-force method. I was able to attempt 15 manual tries in about 2 minutes. If I had a brute-force password cracker program, this would be child's play, to crack a password.

10 posted on 03/16/2025 6:15:51 AM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: AppyPappy
Many of my conservative friends became liberals due to family issues or retiring and living on government money/disability. A few became gay.

While this might happen -- while politics might change -- I still feel we need to tighten security. This is the single most insecure website I am active on.

11 posted on 03/16/2025 6:17:48 AM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Lazamataz

First of all, MYOB! You stick to your lane and everybody else can stick to theirs. This forum has been a staunch advocate for Constitutional principles and dare I say your comments appear authoritarian and fanciest. I hope this is not the case. As a long time member, I will continue to opine on my terms and I encourage other to do the same.


12 posted on 03/16/2025 6:20:36 AM PDT by 7thOF7th (Righteousness is our cause and justice will prevail!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: stars & stripes forever; John Robinson
IMO, some “new old timer post are from Woke children who came upon their parent’s login info.

True, but two-factor authentication would prevent even that. The odds of a child having access to their parents phone is much less than just simple password/username entry.

Which actually brings me to another point: Logins should expire. Right now, once you are logged in, you stay logged in forever. That cookie or certificate should be set to expire, say, once a month.

13 posted on 03/16/2025 6:20:46 AM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Lazamataz

Haven’t there been some password manager breaches as well?


14 posted on 03/16/2025 6:23:06 AM PDT by 9YearLurker
[ Post Reply | Private Reply | To 10 | View Replies]

To: Lazamataz

How about people die and nobody in their family reports it here. A family member or friend get on their puter or cellphone and just maybe they are leftist, or gay, or whatever.

They are triggered and decide it would be fun to take over for them.

As long as someone knows the password, they can get in here.
Some keep passwords at home in places.


15 posted on 03/16/2025 6:23:14 AM PDT by dforest
[ Post Reply | Private Reply | To 1 | View Replies]

To: 7thOF7th
First of all, MYOB! You stick to your lane and everybody else can stick to theirs.

First: I AM minding my own business. Free Republic is in my swim lane. I am a nonstop poster and steady participant.

Secondly, I am technical (very) and I am pointing out HUGE security holes.

Third, I am advocating for increased programmatic and technical security. Surely you cannot be against preventing password cracking and account hijacking???!?

16 posted on 03/16/2025 6:23:50 AM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 12 | View Replies]

To: dforest
As long as someone knows the password, they can get in here.

Two-factor authentication would mitigate that, to some extent.

17 posted on 03/16/2025 6:24:33 AM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Lazamataz
-- Install two-factor authentication, in which a text number is sent to a phone the user possesses

Some of us have gotten rid of their cell phones due to declining eyesight that renders them incapable of using cell phones. I am one of those, so I nix that proposal. 🤣

18 posted on 03/16/2025 6:25:13 AM PDT by Robert DeLong
[ Post Reply | Private Reply | To 1 | View Replies]

To: hoosierham
Excellent suggestions.

Thank you sir.

19 posted on 03/16/2025 6:25:35 AM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Lazamataz

Sleeper accounts to be used when needed I would guess.


20 posted on 03/16/2025 6:25:47 AM PDT by Nextrush (FREEDOM IS EVERYBODY'S BUSINESS-REMEMBER REV. NIEMOLLER)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 341-357 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson