My mturkforum.com account has been hacked and this is my new username: shariqueahmer11 (formerly shariqueahmer). No wonder that mturkforum.com account was hacked since this site has absolutely no security certificate, encryption anything. Many people are in the habit of having the same username and password for different websites but never care whether the website has any security measures at all. Always check at the address bar whether the website has any security certificate and encryption before entering username and password. I don't care if my mturkforum.com account is hacked as long as my mturk.com account is safe. Unethical hackers are everywhere they just love to live off other people's hard earned money like Munawar. They do not have any conscience, death to them. I understand Munawar that it must have cost you so much time and money to earn than $150 and to make it worse, you're not allowed to work on any new hits. By any chance you had the same user name and password for mturk.com and mturkforum.com? My only advice to you that since you're a very hardworking person, you should look up for new avenues to earn money and I know that whatever avenue you choose, you will succeed in that as we already know that earning money on mturk.com is not an easy task.
Hi, I can change your pass/email on the old account if you shoot me a PM. Also, to be honest it is unlikely that a SSL cert would have prevented this issue, as it is likely a client-side issue. I suggest doing a scan on your computer as you may have a keylogger. Passwords are stored in MD5 encrpytion keys in the database, so your password is actually not visible to anyone besides yourself, even in the database. I think a keylogger or email account compromise is a feasible reason for your issue.
But what about password and username travelling between my computer and your server. That is where most of the data is captured and used unethically by hackers. The instances of a gmail or yahoo account password being captured is very rare since they have encruption facility. And they are aware of the issue and so have encruption for data transfer between computers. You might have a world class database storage facility but has it been delivered to your servers safely? Storage as well as data transfer security is what makes data completely safe.
Emails can easily be compromised by guessing password security questions, but if you are still able to access your email then you are correct and that is probably not the case. I can look into adding a cert, but honestly it isn't industry standard for forums (I don't know any 3rd party forums that have certs). Always be wary of how you connect to the site, what type of connection (public access etc). And yes, it is a good idea to use different passwords, of course.
It might not be an industry standard for forums but so many people never care about where they are entering their username and passwords. In fact so many people are so much used to entering their password into their gmail and yahoo account, that they have taken it for granted that any website that has a username and password field is secure and that is why phishing attacks have grown exponentially nowadays. It's a very serious matter, since so many people have a lot of confidential info in their accounts. The best you can do is post a message on the log in page saying, "This website doesn't have any measures against eavesdropping, your data may be compromised while moving between your computer and our server and if it does get compromised, tough"
Do you even have a password recovery option on your website where I can enter my email address and my password will be reset?
Basically, what i'm saying is that I have a huge doubt as to whether an SSL certificate would have prevented your account intrusion. The only thing an SSL does is encrypt your packets. 99.99999999% of forum intrusions are not due to packet sniffing, they are due to client issues such as keyloggers, email intrustion, etc. But for people who don't know how they work, etc SSLs definitely provide customers with "ease of mind", etc, which is why most major payment gateways and payment websites make use of them. Here is the link to reset passwords: http://mturkforum.com/login.php?do=lostpw To say we don't have any measures against eavesdropping would be false. Not trying to be a bully here - but you should really read up on how forum accounts can be compromised and then maybe you would understand why SSL or lack of is really not an issue (as it is 99.9% likely that your account would/could have been compromised with/without SSL). And note that i'm only being the devils advocate here because you are basically throwing the blame on the lack of an SSL certificate here, which I disagree with and thus why I am defending the security measures that are in place. For this to be an SSL issue, you would 1) Have to be on a WIFI connection of someone 2) Who has actively set up packet sniffers 3) To take the data that you are trying to pass through the router or vic versa in relation to my server. ... eg: very unlikely scenario.
How could you be so sure that packet sniffing is not the reason behind passwords being compromised and also it's the 0.000000001% people who have their passwords being compromised and not everybody, so there is a chance and that's why big companies like Google and Yahoo have encryption on their site. And don't you find it a little strange that my password for only this website which doesn't have a encryption facility has been compromsied and not my Gmail, Yahoo and ODesk password. If there had been a keylogger on my computer than it would have screwed all my accounts and not only this one.
Then you can suggest to all the big multinationals to take out the encryption facility on their website since it wouldn't serve them any purpose. You yourself admit that data will be captured by somebody who has actively set up packet sniffers which clearly means that data can be stolen in transit and so how many people you know who don't use a Wifi connection at home, colleges or offices.
Whatever the case, All of the IP addresses used to access your account are showing up as originating in Mambai. The last recorded login from your account is 8 hours after your last post. Are you sure you didn't change the password
It's been a very long discussion and I want to end it by only saying that those unethical hackers will never stop, and the only thing that you can do is to use the latest security measures even if you have a personal computer or running a website
There has been so many phising attempts and I regularly get emails from idiots asking me to log into their websites using my Gmail and Yahoo credentials. I don't know them and they don't even have encryption and only the feeble minded fall for their trap. Encryption must be costing a lot since so many websites chose not to have it.
But that surely reduces the risk than not having encryption at all or else they wouldn't have bothered to have encryption in the first place.
Symantec, the Antivirus company charges $2695 per annum for providing encryption to a single website. That might not be much but for a small firm, it might pinch them a little to shell out that amount of money.
GoDaddy SSL's are $4.99 a year. There are actually FREE SSLs as well, since all it is is encrpytion. You do understand that... If you submit your password on a site with encryption, the person who owns the site will still have access to your password right? The only time it is encrypted is during the transfer. EG: A Hacker can set up a phising site with SSL and if you put your password in a box and hit submit, he will have it...
I am clueless.I do not make any specualtions.Whatsoever i have been looted in two ways 1.The hacker used 150$ from my payments account and ordered a gift.Though Amazon blocked the order upon my timely intervention and re-instated back my account theyr are not quite willing to credit it back to me 2.and secondly when i try to update my Mturk address using Amazon webpage this is the notification I see This functionality has been disabled for your account. Please contact-us to know more As a result i cant yet verify my identity and strt working on Mturk as before :/ May be this is bekoz Amazon has kept restrictions to prevent further unauthorized use of my account but I am almost fed up contacting Amazon and Mturk regarding this but in vain
Data theft, identity theft etc are a very serious concern and what gives me complete nightmare is to wake up someday and see that my bank account has been wiped out clean by an anti-social element. I always use that virtual keygboard while logging into net-banking but who knows the smart hackers might crack that also someday.