PDA

View Full Version : Have I been hacked or ?



TravelGal
09-06-19, 02:02 PM
TravelGal needs help. Yesterday as I logged into the Aussie Specialist continuing education site, the name that prepopulated was Travelissexy2. While I agree, it's not my name. Mine is Travelgal99. I removed the other. My name was an option. I clicked it, it populated, the password populated and I was on my way to learn about Restaurants in Australia. I hoped against hope, silly I know, that it would "go away" but today when I went back to learn about Ultimate Winery Experiences, there was Ms. Travelissexy2 again. Have I been hacked? Has Tourism Australia been hacked? Has my server been hacked? Thoughts? Thanks.

SteveH
09-07-19, 07:43 AM
I can’t tell. I googled for Travelissexy2 and only got one return but that is for a tag of Travelissexy. Without 2. On this site https://deskgram.net/rasner/taggedin?next_id=1604491559917815724. I think it’s coincidental. If that log on was actually used and posts were made there would be evidence of its use.

You should log out of all the sites, then log in using your name and password. When presented with a dialogue box containing the logon name to chose, you can delete the Travelissexy2 logon. Those names and associated passwords are stored on your pc. So it does raise the question as to how they got in your system.

nrc
09-07-19, 08:12 PM
Yeah, that's the question. How did it get into your login/password history? What browser are you using? Do you use a password manager?

Has anyone else used your system that may have used it to login there (or anywhere, really) with that account?

TravelGal
09-08-19, 01:15 PM
To answer a couple of questions first. No one else uses this computer. I log out of every site I use immediately. I don't close the browser before I log out. The Travelissexy2 password is not saved. It is impossible to log in using that. When I open the website, that log in reappears. Maybe this will help? Sorry it's so long.

https://www.aussiespecialist.com/en-us

Click: Sign in

Pop up appears

WELCOME

Travelissexy2
Password (blank)

My password doesn?t sign in Travelissexy2 (maybe I shouldn?t have tried that?)

Clicking ?view saved logins?, I see my sign in: travelgal99
If I click show my password, it is correct. FYI, the last time I changed it was August 10, 2019, i.e., less than a month ago. This problem just started last week.

When I clear Travelissexy2, travelgal99 show ups on the drop down
I click that and the password (dots) autopopulates.

I click Sign in Now and I?m in. I sure hope someone else isn?t piggy backing off my answers because it takes about 50 hours to complete this course and I don?t want to be giving away my time!

I?ve run the Microsoft and Malwarebytes programs and found no infection.

I?ve been using Mozilla. Yeah, I know, but it?s quick. I also have Chrome installed but it takes almost a full minute to load on my computer (opens to www.google.com) and then 30 seconds for every web page to open. I can?t handle that.

However, I opened it for this experiment and both travelgal99 and my password (dots) autopopulated. I was able to sign in. The correct 16 courses are shown as completed with the correct 6 left to go so no one is doing any EXTRA work for me. LOL.

Is it that my Mozilla browser that?s infected somehow? We?re reaching the top of my pay grade here but I?d love to try to fix it if anyone can suggest how.

PS, no, I don?t use a password program. I look them up in my PAPER file if I can?t remember them. I have hundreds and hundreds and no two are the same so it?s not that although this is one of about half a dozen that I have saved on the computer. Perhaps of note, a few weeks ago I did get a spate of ?we know your password (one from years ago that I no longer use) and we?re coming to get your computer? emails. I read one, deleted it, and deleted the rest as they arrived.

Edit: Why are all my apostrophes and quotation marks suddenly showing up as question marks??? Another part of the problem?

nrc
09-08-19, 02:57 PM
Edit: Why are all my apostrophes and quotation marks suddenly showing up as question marks??? Another part of the problem?

The apostrophe thing is something that cropped up after I updated the forum a while back. Still haven't found the fix for it. Character sets are out of sync somewhere. I just found another possibility but it will require shutting down the forum so... later.

Did you happen to paste that message from somewhere else? That seems to be the thing that usually presents the issue. (Not that it shouldn't work fine.)

When you click "View Saved Logins" does it show both travelgal99 and travelissexy2, or just travelgal99?

If it doesn't show both then something other than the password manager is populating that field. Do you have any other Firefox add-ons running? If so, try disabling them and see if that makes a difference.

If travelissexy2 does show up in saved logins then you should be able to delete it, which will solve the immediate annoyance.

Do you use the Firefox sync feature to store your settings in their cloud? That's the only other way I can think of where this other account might get inserted into your settings by someone doing something nefarious.

TravelGal
09-08-19, 03:08 PM
BIG EDIT: BEFORE you read the following, IF you read the following. Working through Luxury Experiences and Iconic Australia modules today on Chrome, I SWEAR the page advanced more than once before I had clicked the right arrow. Really creeped me out. But also led me to believe it wasn't browser specific since all the other problems were on Firefox. Major surgery called for. Turned off the computer and rebooted both the modem and the router. Voila. Problem solved. Pop up window now shows only travelgal99 and the dots for my password on Firefox. Log in successful. Now, if I only I knew why.



Did you happen to paste that message from somewhere else? That seems to be the thing that usually presents the issue. (Not that it shouldn't work fine.)

Yes, from Word 2010

When you click "View Saved Logins" does it show both travelgal99 and travelissexy2, or just travelgal99?

Just travelgal99

If it doesn't show both then something other than the password manager is populating that field. Do you have any other Firefox add-ons running? If so, try disabling them and see if that makes a difference.

Uh. Oh oh. How do I see what add-ons I might also be running?

Do you use the Firefox sync feature to store your settings in their cloud? That's the only other way I can think of where this other account might get inserted into your settings by someone doing something nefarious.

No. I try to keep technology at bay. LOL. Edit: If that's turned on, how would I know? Perhaps Firefox does it automatically?

See answers within quote

TravelGal
09-09-19, 01:28 AM
All is not well after all. When I logged in again this evening good ole Travelissexy2 was back. Same as before. It's beyond me.......... :(

nrc
09-09-19, 11:50 AM
Since this doesn't show in your remembered passwords the only other place I can think that the entry could be coming from would be the form filler that remembers form entries. Try following these instructions to turn off the automatic form filler, restart firefox and then see if it still does it.

https://support.mozilla.org/en-US/kb/control-whether-firefox-automatically-fills-forms

I would expect that form-filler would avoid filling in username fields but who knows.

To see what extensions you're running click the menu button, click ?Add-ons and select Extensions or Themes.

TravelGal
09-09-19, 11:45 PM
Since this doesn't show in your remembered passwords the only other place I can think that the entry could be coming from would be the form filler that remembers form entries. Try following these instructions to turn off the automatic form filler, restart firefox and then see if it still does it.

https://support.mozilla.org/en-US/kb/control-whether-firefox-automatically-fills-forms

I would expect that form-filler would avoid filling in username fields but who knows.

To see what extensions you're running click the menu button, click ?Add-ons and select Extensions or Themes.

I have 3 extensions. iGive, wikibuy and some style thing. I tried the link you gave. Of course, the instructions don't fit what is on the page. I changed the setting to "Never remember history" which of course meant I had to go look up my Offcamber password. :mad: Anyway, Travelissexy2 is gone at the moment. We'll see if it works after I turn off the computer for the night and fire it up again Tuesday. To be continued.

(almost had that Houston win. 2 seconds. sheesh. it ain't over til it's over)

TravelGal
09-10-19, 10:57 AM
Yesterday, upon the stair,
I met a man [log in] who wasn't there
He wasn't there again today
I wish, I wish he'd go away...

Next step is to go back to saving history and see if Miss Travelissexy2 reappears. This having to take so many extra steps to log into every site is getting old already.

SteveH
09-10-19, 12:36 PM
On the forums that you are logged on to, can you see other members? Here at OC, you can view the members list https://www.offcamber.net/forums/memberlist.php?page=2&pp=30&order=asc&sort=username&ltr=T

I wonder if your doppelganger (travelissexy2) is registered on any sites you visit. Not that it would do anything to fix your issue, probably just a rabbit hole, but it would be interesting to know.

TravelGal
09-10-19, 01:32 PM
On the forums that you are logged on to, can you see other members? Here at OC, you can view the members list https://www.offcamber.net/forums/memberlist.php?page=2&pp=30&order=asc&sort=username&ltr=T

I wonder if your doppelganger (travelissexy2) is registered on any sites you visit. Not that it would do anything to fix your issue, probably just a rabbit hole, but it would be interesting to know.

Steve: This sent me looking but there are pretty much only two choices--the Aussie Specialist site itself, on which I cannot see the members (you used to be able to but I suppose privacy concerns stopped that) and a closed Facebook page. I checked there but it has agents' real names and affiliations, not their log in name. It's an interesting avenue to explore. I'll ask the Specialist coordinator to look to see if they have that log in on record.

nrc
09-10-19, 03:29 PM
Yesterday, upon the stair,
I met a man [log in] who wasn't there
He wasn't there again today
I wish, I wish he'd go away...

Next step is to go back to saving history and see if Miss Travelissexy2 reappears. This having to take so many extra steps to log into every site is getting old already.

There may be a way to turn it on and delete individual form values. It's a little hard for me to say because I don't use Firefox. At a minimum you can delete all form history and at least then it will start remembering things from scratch.

datachicane
09-10-19, 05:22 PM
I've seen similar issues on a handful of sites over the years, and it was always a problem on their end. Shopping carts full of other folks' merchandise, logins prepopulated with their info, etc., etc., which, of course, means that your own info is almost certainly being exposed in the same manner. Contact their webmaster and let them know what you're seeing.

TravelGal
09-11-19, 12:43 PM
I've seen similar issues on a handful of sites over the years, and it was always a problem on their end. Shopping carts full of other folks' merchandise, logins prepopulated with their info, etc., etc., which, of course, means that your own info is almost certainly being exposed in the same manner. Contact their webmaster and let them know what you're seeing.

Really appreciate this comment. I've been leaning in that direction since I ran the virus scans after the initial panic. Nothing showed up on my end so it had to be on their end although I seem to have sent Travelissexy2 on vacation since clearing cache, cookies, and removing history retention for a day.

Since the problem has gone away, at least for the moment, I'll wait to include it on my list of comments/questions after I finish the course. (One and half units to go.) I know the Aussie Specialist Coordinator personally so I have some hope of a reply. If I get anything relevant, I'll let everyone know.

TravelGal
09-16-19, 07:08 PM
I just finished the course so wrote my usual evaluation letter. I send one whether they ask for it or not. :laugh: Then a separate email about the possible hack with date and time. No reply to the former but an immediate answer to the latter saying they had escalated it up from the education team to the technical team. To be continued.

Hard Driver
09-21-19, 07:04 PM
That doesn't sound like a virus. So I wouldn't worry about an infection, after your scans. Could have been a cookie, clear cookies in your browser and it might have gotten rid of the login, but would also do so for other sites you visit.