Can surfcrest please confirm that an allegation made by Neal as captncrunch on gaybuttons forum that moderators on SGF can 'break in' to or access PM accounts and read private content is completely false?

I'm hoping and expecting that it is just another bitter outburst from Neal with no foundation. It seems he may be back in his "betrayal of trust" mode.

I would be most interested as to the veracity or otherwise of this astonishing claim made by the former owner of this Board.

He previously vehemently denied such a thing was possible.

Now, it seems, he is alleging /freely admitting/boasting it can in fact be done by using Admin/Moderators privileges to (as Newallan reports) break into a Members account and change the password - thus allowing access to the Members PM folders.

Anything is possible.
I can imagine one way of doing it.
Change the email address of a member and then force a new password request/generation that is sent to the changed email address and use the new password to log In and rea all their mail.

When you are done, put the email address back and push out a new password request/generation and post that the board is suffering a glitch and some may need to reset their password.

admin and moderators (moderators depending on their access level) have only access to the log in details, which are email, username, ip and such.
The password can NOT be seen, not even an xxxxxx, it is just an empty field.

However they can change the password, which will give them access, since now they can log in as the member they changed the password of.

However, since they never knew the old password, they can not set it back to the original password.

So, if suddenly you can not log in to your account, but are 100% sure the details are correct maybe something fishy happened.

In the forums/boards database where the passwords are stored (as all information), they are encryted.

Can Google see what's inside your Gmail account?

Of course Google and all other email providers can see everything, including BIG BROTHER (is watching you)

You people are all so paranoid, in my book that means you have something to hide. :laughing3:

If it is really so private, print it and after delete it.

If it is illegal, don't do it.

If it is really so private, print it and after delete it.

If it is illegal, don't do it.

Pretty much. If you're sending confidential information via the PM system on SGT (or any forum on the internet), then you're an idiot, and whether or not the admins can view your PM box is the least of your worries.

If you want to know what is on the net available about yourself, just Google your email address.

Makes you think twice about having a public email (if you have something to hide).

If you want to know what is on the net available about yourself, just Google your email address.
Makes you think twice about having a public email (if you have something to hide).
I did as you suggested and absolutely nothing of a personal nature came up. Just links to some threads I've posted on at Sawatdee and Gaybutton. Other than that ... no secret, personal, my-eyes-only stuff. Big deal ... both those message boards have my email address open to the public and always has been. If I had of left my email address on those sites strictly private (which is an option in the Control Panel) then I would expect hardly anything would have come up.

Like I said, IF you have something to hide, which most people have not

Can surfcrest please confirm that an allegation made by Neal as captncrunch on gaybuttons forum that moderators on SGF can 'break in' to or access PM accounts and read private content is completely false?

I'm hoping and expecting that it is just another bitter outburst from Neal with no foundation. It seems he may be back in his "betrayal of trust" mode.


Not difficult at all. It depends on the permissions of the different users (owner, administrator, etc.). What we as posters use is the live production model of this database (db). There are backups of this db and also development models of this db where the programmer (or possibly the owner) can work. When someone like a programmer/owner goes to the design mode he can see just about anything. Neal as owner I suspect had these rights but I seriously doubt he would have granted them to any administrators or subordinates.
Spoken as a retired programmer.

GB final paragraph is worth a second look. He says he has never done that and he never will.

I make it absolutely clear here that I absolutely believe him for several reasons.
1. He's not the type to be interested in other peoples private messages.
2. I would think it's a serious criminal offence both in his country and mine.

But it's clear that it can be done.

If there is one thing that really annoys me, it is when people try to divert an argument by use of the "what do you have to hide?" line - and it is no surprise at all that it is none other than Smooth Legs - Neal's apologist-in-chief (if not more) - who has trotted out the hoary old chestnut.

It is not a matter of "what do you have to hide" and the argument is too serious for it to be reduced to that level.
It is a matter of the possibility of deliberate infiltration of a Private Message system which members of this board were assured simply could not happen.
Indeed the previous Owner even threatened legal action if it was even to be suggested that he could read member's PMs under any circumstances.

Now we have him shouting his mouth off on another Board that it would have been a simple matter to infiltrate the PM system on this Board.
Something denounced by him as "impossible" and as a "libelous" suggestion only a few weeks ago turns out in fact to have been not only "possible" all along - but highly accurate as far as the possibility is concerned. The post has now been edited by GB - but I have screenshots of the original.

Arsenal, the part about "not having done that and never will" appears to be a comment from GB rather than "CaptnCrunch" as it's written in italics like the rest of his editorial comments - but since it is not GB's integrity that worries me, I find it of no relevance whatsoever.

No my dear SG as usual you have it ass backwards. Why I threatened legal action was because you "said I had" and that is how I deleted your messages. What I contrdicted you was to say that I had NOT and I never did to anyone. I said that there is a board feature that allows me to EMPTY your outgoing PM box without going into your account and I sent you screen shots. You were PMing people that I had. Had you tried to login to your account you would have seen that your password still worked just fine.As the post has been removed by GB if anyone wishes to contact me to get a copy, please do.

As your justification for emptying my entire Outbox you said that whilst you DID do that - it was impossible that you could under any circumstances have READ them - you even had Butterflyforever confirm this and as you know I accepted that explanation in good faith

What concerns (not only) me is that you have now posted on GB that you could indeed have read any members PMs had you wanted to do so, by taking advice from a 3rd party still on this board. No doubt he may have something to say on the matter also.

Whether you took that advice and did it or not is immaterial to me - you have now said you COULD have if you wanted to, which is a direct contradiction of your earlier statement.

I wil not be arguing the toss with you or replying to you any further via any medium whatsoever - these are your own words published on GB board and of which I have screenshots.

Why you are still being allowed to post here escapes me.

Nope Nope Nope my dear Sg. First of all not your inbox but your outbox was emptied and could be without going into your account. Your iutbox could be read by using that backhanded way that this person said to do it and again remember that that ONLY means that a password gets CHANGED and the user would know somthing was wrong. Again had you logged into your account, which you had, you would have seen that your password was still working. I might suggest that you speak to the person that was giving out instructions on how to do it. Again if anyone wants to understand this please feel free to contact me at the other board. Oh and yes, Butterfly stood up knowing that your password had not been changed and how I deleted your OUT going messages.

Final response to you - yes the dispute was over the disappearing contents contents of my OUTBOX (typo now corrected) and I accepted your assurances (and those of Butterfly) in good faith on the basis you had no access to any other folders.

However, YOU have now stated on GB board that you could have had access to anybodys PM folders had you wanted to but you just didnt want to - so now I'm wondering.

The password changing scenario means nothing to me - you did not even specify it on your GB post - it was another poster on this board who gave that as a possible mechanism.

I cant send you a pm SG (LOL) but you are correct. You password shows as ********. If I wanted to I could change it to anythig I wanted so I was told as I said but I never chose. Had I changed your password to anything I knew I could have logged in as you but where I was told I would be fucked was that since I did not know your passord, there was no ability to change it back.

Now Surfie don't you wish you deleted me before?

Now Surfie don't you wish you deleted me before?

No, absolutely not.....you provide great entertainment for our members.

Surfcrest

http://i3.photobucket.com/albums/y69/Surfcrest/Dragged_by_a_horse.jpg

H├й, Scotty ...

Enough of your crap towards me. Every post I make you always have to become nasty.
I know you are a "big know it all" A..HOLE, but you don't know any freaking F**KING FACTS.
Only the lies and crap from BitchQueen, :3some: aka Uncle.Albert, aka Prissy.Paul, aka Piss.Elegant, aka who knows???

So shut up and leave me alone !!! Guess to bad you can't delete me now as you did, when you where moderator and people did not agree with Big Mr. Know It All :bootyshake:

Leave it on the Bitch Board where you also are and more belong. :snorting:

The end.

admin and moderators (moderators depending on their access level) have only access to the log in details, which are email, username, ip and such.
The password can NOT be seen, not even an xxxxxx, it is just an empty field.

However they can change the password, which will give them access, since now they can log in as the member they changed the password of.

However, since they never knew the old password, they can not set it back to the original password.

So, if suddenly you can not log in to your account, but are 100% sure the details are correct maybe something fishy happened.

In the forums/boards database where the passwords are stored (as all information), they are encryted.
SmoothLegs makes a great deal of sense with his post, although I haven't thought of the password vulnerability until he mentioned it. Thank you very much for that, you clearly know what you are talking about.

No, Moderators and Administrators cannot break into your PM box or view your PMтАЩs.

The moderator controls and the administration controls are in two separate areas of the site. Everything I do and everything jinks does is recorded in the moderator logs. I wouldnтАЩt allow jinks to violate your privacy in any way and I would hope that he would stand up and say something to the membership if he ever caught me at it. There is nothing to be gained by us and for the board by breaking anyoneтАЩs trust.

One thing you need to know though, is when your Inbox is full and someone is sending you a PM, it may be rejected and bounce back to us as one of those Mailer Dameon emails. We probably wouldnтАЩt notice it in the amount of spam we are cleaning out on a daily basis, but I have seen at least one. Please make sure you leave room in your Inbox for incoming mail and room in your Sent box for outgoing mail or adjust your settings to delete the oldest mail to allow new to arrive.

Next point is that we do have the ability to empty your Outbox. If, for example you were a member using our PM system to solicit members to a different board, I might empty your Outbox before revoking your PM privileges just to ensure more damage does not occur in the PMтАЩs that were sent, but not read yet. I might also do the same thing if you were a hydra, like CaptnCrunch and canadien. When I do empty your Inbox, those PMтАЩs donтАЩt come back to usтАж.they are deleted with all your PMтАЩs never to be seen again.

I hope this answers the primary question and dispels any subsequent fears someone who knows better, is trying to put in our heads. If you have any concerns with any of this, please let me know.

Surfcrest

The whole Billy Bunter/Scottish Lad dialogue reminds of that old song
You put your Outbox in
You put your Inbox out
You do the hokey cokey
And you shake it all about

Now you were old about it? :sign5: I knew it might take you a few minutes to think what to say. But yes you know mods have access to that same panel as Admin and its because the ***** they cant see the password. You would ask him to stand up and own to it? :pukeright:

Surfcrest,

I have designed many website and a number of boards in my time for many different businesses/people in many different countries.

The only way to know what your moderators have access to, is you as FULL Admin (so you have 100% access to all) can check and test their access in the admin area.

Every single little thing can be set in permission, so the standard 3 moderator "partial access" setups are all different and also all permission can be set per user (moderators are also user).

Do a search for anything you want to know at www.phpbb.com (http://www.phpbb.com), which this board is based on.
You can join them and ask questions, which will be answered in detail or be referred to already answered topics.

Now Surfie don't you wish you deleted me before?

No, absolutely not.....you provide great entertainment for our members.

Surfcrest

I have a winner for the "my putting a smile on my face award". Thank you Surfcrest. :love4:

Now Surfie don't you wish you deleted me before?

No, absolutely not.....you provide great entertainment for our members.

Surfcrest

I have a winner for the "my putting a smile on my face award". Thank you Surfcrest. :love4:

I only came back a week or so ago, after a while away, have to agree with the above!

Woooo... Bitchfest TWO!

Not meaning to offend but I reckon you two guys are both arguing over your own stupidity or paranoia to be honest... and both have a habit of flying off the handle without checking details/scenarios first.

I've not had admin access to any board for a few years and never operated one on phpBB but my understanding is that you CAN access a member's account but if you do, they will likely find out because they will find they can't get back into their own account without a password change. So as long as your password hasn't changed, you're fine. If it has, well maybe it's caused by admin accessing your account, or maybe something else.

Scottish... You should know by now that Neal is hopeless with details, accuracy, honesty and consistency. I didn't get to read whatever flap he posted on GBT but I suspect this whole ruckus was caused by him leaving out a critical detail in his claim - the fact that admin can't access your PMs without changing your password (and thereby alerting you).

Having said that, I wouldn't be surprised if you were taking the opportunity to "re-hang" him anyway.

Now... let's see if Newalaan2's thread can out do Lonely's thread. Bravo Newalaan... Bravo... :ura1:

moderators on SGF can 'break in' to or access PM accounts and read private content is completely false?

I'm hoping and expecting that it is just another bitter outburst from Neal with no foundation. It seems he may be back in his "betrayal of trust" mode.

I can't prove it but a past owner did in fact break into my PM's by changing the pass word. Unfortunately for him I had an idea that he might just do this so the day before I deleted all my PM's. He was after a PM he had sent to jinks about me and sent it to my account by mistake. When I tried logging in I thought I had been banned because my password would not work. I posted the PM meant for jinks on SGT and it was quickly deleted and set of a discussion about revealing PM's was then started. The then owner has never let anyone reveal PM's on the board except for himself of course. That was the reason I stopped posting on SGT, because I felt I could not trust the then owner. I do not think jinks had anything to do with it or even knew anything about it and trust him 100%..I also think that the current owner is 100% trustworthy.

I got to agree with Surfcrest. Total entertainment from start to finish.

Time to go for a while Neal. Remember..."Always leave them hungry" :argue:

And I am still waiting for my bloody invitation to this new and exclusive members posting club.

Now... let's see if Newalaan2's thread can out do Lonely's thread. Bravo Newalaan... Bravo...
I assume this is a bit of petty revenge for my questioning that "Beachlover" might not be all he makes out himself out to be on these forums? If so I'm delighted it's getting a "response" out of you...THAT lets me know JUST how 'sensitive' you are to little pokes..............You can never resist a response can you, just can't help yourself......great! Continue BL!......please dont let me stop you from showing even more of your hand.....whoever you REALLY are.


Oh where oh where did my little post go, oh where oh where did it go...? Denial denial denial
Funnily enough Neal that is the very refrain echoing around these hallowed chambers over the last 2 years or so during your dictatorship, but got significantly louder over the last 12 months. I take it you don't like your little posts disappearing? Oh dear, how annoying that must be for you.

But you do need to take care Neal, despite this miraculous window of improvement in your health where you are managing to race around at least 3 forums we know about with multiple ID's as well as helping start another forum...........krazy4thai angrily scolded us for hounding you because it might impact on your stress levels. He didn't confirm if it was physical or mental health that could be affected, although one would need to be stable in the first place before any claims of mental 'deterioration' could be made.

Now... let's see if Newalaan2's thread can out do Lonely's thread. Bravo Newalaan... Bravo...
I assume this is a bit of petty revenge for my questioning that "Beachlover" might not be all he makes out himself out to be on these forums?

I think that you have misread this. It looked a positive comment to me, and you have been rather ungracious in your response.

krazy4thai angrily scolded us for hounding you because it might impact on your stress levels.

I wonder how Krazy's stress levels are at present, now that the real Neal has exposed himself.

And I wonder if he still finds Neal
to be most jovial and convivial.

Far from the sad invalid he portrays himself as, Neal has suddenly found a new lease on life and is posting all over the place, looking for an audience. He is now posting as Neal on the Bitchboard, telling all and sundry how he cleaned up SGT. This is the same guy whose vitriol on the board has become legendary.

Neal, shouldn't you be home getting some rest?? I mean, you ARE incapacitated by your illness, aren't you?

Woooo.......Bitchfeast TWO!...>>>>>>>Now let's see if Newalaan2's thread can out do Lonely's thread. Bravo Newalaan... Bravo


think that you have misread this. It looked a positive comment to me, and you have been rather ungracious in your response.
Brad!! you mean you did'nt link the start and end of his post? He's a shit-stirrer extraordinaire, and has hyped up the "Bitchfest" part of all the recent threads where possible........even where there has been a great deal of genuine dialogue. I didn't mean the reply to be as complimentary as 'ungracious'. Brad I'm sorry to tell you that you have been deceived.

Don't inject any "what's on the surface logic" into threads linked to beachlover, these and BL don't mix and it's going to spoil my fun here. You will find through time, although i'm a bit surprised you haven't picked up on it already, that any supposed or genuine praise you read into responses from BL is either part of subtle sarcasm or to try and catch you offguard.......both should be treated as 'highly suspect' and are probably both in play here.

But Brad really! I'm outraged, shocked and taken-aback even at your naivety, you're old school here, almost a Prefect. Where's your..... BL booklet "stop, assess information presented, think, remember it's BL...... then post!" a caution issued to all when BL first "appeared on the radar". Remember BL is a veteran of 5000+ posts and goodness knows how many hundreds of 'cosy' PM's and he didn't rack up that many through being complimentary without an agenda.

Still it's quite cute and endearing that someone might actually find him capable of having lapses that could lead to any agendaless-ness.

....to bad you can't delete me now as you did, when you where moderator ...
Leave it on the Bitch Board where you also are and more belong. :snorting:...

1. I do not think I ever deleted you - but you will have to disclose which ID's you were using at that time for me to be definitive on that

2. I am not a member of BitchBoard

Have a nice day.


EDIT: Now I think about it, I don't think I actually deleted ANYBODY - I don't think I ever had those privileges.

I can't prove it but a past owner did in fact break into my PM's by changing the pass word. Unfortunately for him I had an idea that he might just do this so the day before I deleted all my PM's. He was after a PM he had sent to jinks about me and sent it to my account by mistake. When I tried logging in I thought I had been banned because my password would not work. I posted the PM meant for jinks on SGT and it was quickly deleted and set of a discussion about revealing PM's was then started. The then owner has never let anyone reveal PM's on the board except for himself of course. That was the reason I stopped posting on SGT, because I felt I could not trust the then owner. I do not think jinks had anything to do with it or even knew anything about it and trust him 100%..I also think that the current owner is 100% trustworthy.
Fuck... That's a pretty explosive claim there. Who are you referring to when you say "past owner"?



Now... let's see if Newalaan2's thread can out do Lonely's thread. Bravo Newalaan... Bravo...
I assume this is a bit of petty revenge for my questioning that "Beachlover" might not be all he makes out himself out to be on these forums? If so I'm delighted it's getting a "response" out of you...THAT lets me know JUST how 'sensitive' you are to little pokes..............You can never resist a response can you, just can't help yourself......great! Continue BL!......please dont let me stop you from showing even more of your hand.....whoever you REALLY are..
LOL... that was a genuine compliment, you knob.

But actually, you found a nice way to thank me... I love it when Newalaan gives my smooth bubble butt a neurotic, long-winded spanking. :rolling:

Your last post above is both hard to make sense of and exquisitely neurotic... Well and truly over-analysing my posts to the max. I love it... bravo again, Newalaan... bravo my lovably deranged posting buddy LOL.

Most off topic deleted. Open again UNTIL...... stay on subject.
Also, I can't and don't want to access your PM's.

....to bad you can't delete me now as you did, when you where moderator ...
.

1. I do not think I ever deleted you - but you will have to disclose which ID's you were using at that time for me to be definitive on that

.................

EDIT: Now I think about it, I don't think I actually deleted ANYBODY - I don't think I ever had those privileges.

You don't think that you ever deleted anyone!! You surely would remember that, it's hardly long ago!

Brad I'm sorry to tell you that you have been deceived.
.

Our posts are probably not a full replication of who we are in real life to a greater or lesser extent. Therefore I take posters as the characters that their comments represent, without usually getting too hung up on the rest. In the case of Beachlover, he is articulate and his posts make sense, and I often enjoy them. He can sometimes post too much, imho, but let him who never has done that cast the first stone..........

I know that there has been a long running campaign to prove he isn't who or what he says he is, but despite best endeavours no one has made that case, so I'm happy to continue to think of him as real. If you have some reasonably conclusive evidence to the contrary, please let us have it. If not.....

Under Surfcrest's plans he is happy to investigate and deal with posters posting under multiple names.................

moderators on SGF can 'break in' to or access PM accounts and read private content is completely false?

I'm hoping and expecting that it is just another bitter outburst from Neal with no foundation. It seems he may be back in his "betrayal of trust" mode.

I can't prove it but a past owner did in fact break into my PM's by changing the pass word. Unfortunately for him I had an idea that he might just do this so the day before I deleted all my PM's. He was after a PM he had sent to jinks about me and sent it to my account by mistake. When I tried logging in I thought I had been banned because my password would not work. I posted the PM meant for jinks on SGT and it was quickly deleted and set of a discussion about revealing PM's was then started. The then owner has never let anyone reveal PM's on the board except for himself of course. That was the reason I stopped posting on SGT, because I felt I could not trust the then owner. I do not think jinks had anything to do with it or even knew anything about it and trust him 100%..I also think that the current owner is 100% trustworthy.
Hmmmm..................it's a bit of a can of worms this issue, it's something I would never have thought could happen because any talk on any of the forums about PMs.......the owners/moderators of the different forums all seemed to say that PM accounts could only be accessed by the account owner. I had said before that the issue about members revealing PMs they received from others didn't bother me as I only sent PMs with 'sensitive' content to those I knew I could trust and the rest I couldn't care less about, most stuff in PMs I would have been quite happy to discuss on the open forum anyway. It's the fact that an unscrupulous owner/moderator 'could' access the sensitive stuff that I'm sure will bother some now in view of these revelations.

I wonder if I've ever sent a PM to the wrong member?....ooops!

Yeah... I'm curious about Giggsy's claim too.


I wonder if I've ever sent a PM to the wrong member?....ooops!
I was quite touched by your love letter to Scottish... :rolling:

I have no interest in joining this great bitch fest. However, there does seem to be some naivety about the technical issues.

Irrespective of what a mod or administrator with whatever permissions can, or cannot, access whilst logged on the the backend of phpBB, ultimately the whole content of the site is stored in a database, usually in plain text. Anyone who has access to the main server running the site or it's admin control panel can access the database using a database management tool like phpmyadmin for example. All the database access credentials (i.e username and password) are stored in the site's main config.php file so even if you don't know them, they're easy to get if you have full server access.

Using phpmyadmin you can browse any part of the database and read its contents, or dump the entire thing as a plain text file which is searchable to find what you want.

Whilst it's technically feasible to encrypt parts of the database, it would degrade the performance for no obvious benefit. After all, any tech savy person with admin access would be able to tell what encryption method was used, and have access to the encryption key so they could still read whatever they want. Just means a little more work. Also, a tech savy person could knock up a little php utility to read PMs quite easily if they wanted too.

In case you are wondering, yes, the passwords are stored in the database too. BUT, they are hashed, which is a one way mathematical process. It is not possible to recover the password from what is stored in the database. i.e. the comments above about admins not being able to read passwords are correct.

Bottom line is, whilst a mod or admin might not be able to access PMs through the normal phpBB software, a tech savy sys admin certainly can. The fact is, it's all about do you trust the sys admin? In this case I have no intention of commenting either way, my purpose was only to point out the technical realities.

P.S. if anyone needs help with technical stuff on php websites you can always contact me at www.bontong.com (http://www.bontong.com/)

Of course Google and all other email providers can see everything, including BIG BROTHER (is watching you)

You people are all so paranoid, in my book that means you have something to hide. :laughing3:

If it is really so private, print it and after delete it.

If it is illegal, don't do it.


i agree with you, people are so paranoid.

But some people record sometimes too much private information.
How stupid can you be on Facebook to display your personal info like address and so and then you display a photo of you sitting somewhere on the beach followed with a timestamp
When accidently a wrong person will note this, it is likely when you are coming home you had already some visitors.

I am growing up with Internet, as my first experience was a xt desktop , on dos platform phoneline with a modem of 2,4 kb speed , from the begining i was very aware with sending info over the net.



Unfortenattely delete is not always delete , the record gets a flag thats it is deleted.

How far can can you access information :

Depence all on the skills of the persons who wants your information. and also the protection of your files by the webhost.

Remember one thing : Nothing is100% on the world wide web. BIG BROTHER CAN WATCH YOU ALWAYS


All my information that circles around the www has no sectrets.





But if you have nothing to hide you have nothing to fear.

1. So is the simple answer that your PMs can only be acccessed by system moderator etc if they change your password?

2. Once/if they have done that, they have no way of returning your log in details to the original because they can't reset your password to the original one, because they have no way of finding out what that was?

3. So next time you try to log in you can't, because your account now has the changed password not the original one?

All just in normal circumstances(ie no genius hackers involved)

4. Although how does it work if you need to be reminded of your password, and "the system" sends you out a reminder?

Brad, 1, 2 & 3 are correct. As for 4, no idea.

What BonTong said above though should be reiterated. I have no idea what any of you have to hide, but don't be putting confidential information on the internet. Whether that's through SGT's PM system, Gmail, Yahoo, Hotmail, Skype, or any other medium where a 3rd party server handles / saves the data. If you do, and someone else gets that information, you only have yourself to blame, and nobody else.

For example, it's now been reported that if you send a URL via Skype chat (especially one that begins with HTTPS), it's going to be automatically crawled by Microsoft bots. Microsoft says it's just scanning the sites for malware / viruses, but testing from 3rd parties proves that to be probably untrue, and nothing more than a shady excuse. What they're scanning for or using the data for, who knows -- but it's probably more than just scanning for malware.

1. So is the simple answer that your PMs can only be acccessed by system moderator etc if they change your password?

2. Once/if they have done that, they have no way of returning your log in details to the original because they can't reset your password to the original one, because they have no way of finding out what that was?

3. So next time you try to log in you can't, because your account now has the changed password not the original one?

Brad you summed it up perfectly and this I think is what happed to me. Now, has anyone else tried logging in to find that their password does not work or was it just done to me? This was the explanation given at the time by the past owner,

"I see that you have successfully logged in and will close the ticket.
Please note that once a user is banned they cannot be re-activated. Therefore this should confirm that your account was never deactivated or banned."

My account was not deactivated or banned just the password changed. It does not take a genius to work out why.

....You don't think that you ever deleted anyone!! You surely would remember that, it's hardly long ago!

Oh it was some months ago Brad and SGT has never been the most pressing thing I have going on my life and thus the most memorable- I just don't want to say something definitively when I'm only 99.9% sure and not 100%.

I'm 100% certain I did not delete "SmoothLegs" and I'm 99.9% sure I did not delete anybody at all.

Brad, 1, 2 & 3 are correct. As for 4, no idea.

Not sure if thats entirely true...

All one has to do is clone the site and its DBs to a temporary dev site... (or clone the etire Virtual machine if the site is "cloud" based)

You can then reset the passwords of every single user and read their PMs

As you are working on a copy of the site nobody would ever be aware that their passwords had been reset

Where i work our infrastructure team would do this kind of thing all the time (not to read PMs... to test upgrades against a copy before upgrading the production site)

I would estimate that this is no more than 20-30 mins work for a competent devops/admin person.

colmx, true enough. I said that because Brad mentioned "All just in normal circumstances(ie no genius hackers involved)", and judging from the posts in this thread, simply knowing what phpMyAdmin is would be enough for most to consider you a "genius hacker".

But yeah, you and BonTong are totally correct. All the PMs are just sitting in the database in plain text, and any 10 year old with an interest in computers and server access has the necessary knowledge to browse through them. You need to take personal responsibility for your online security. Expect others to be reading whatever you send over the internet, regardless of site / provider.

I'm technically speaking, illiterate. So wouldn't have a clue how to go about "hiding" what I do online. Since nothing I do online is illegal, I'm not that worried about it. I could never outfox the tech brains at Google or whoever anyway.

Joe, I normally see eye-to-eye with you - but frankly you need to think this through m8.

It's absolutely nothing to do with saying/doing anything illegal - it's about people potentially infiltrating your PMs without your knowledge.

Irrespective of the content of those PMs it simply cannot be right that somebody reads them without your permission!!

I'm technically speaking, illiterate. So wouldn't have a clue how to go about "hiding" what I do online. Since nothing I do online is illegal, I'm not that worried about it. I could never outfox the tech brains at Google or whoever anyway.I transact most of my banking online, check my pay slips, discuss Thai politics - all legal but I'm damn certain I'm worried about others tracking it down which is why I use proxies, VPNs etc - whatever it takes to cover my tracks (which by the way makes Surfcrest's claim to hunt down the hydras an empty threat). I'm as certain as I can be, for example, that this post is routed through a server in a country that's not my own.

which by the way makes Surfcrest's claim to hunt down the hydras an empty threat
Most of the Hydras on here can't even remember the traits of their personalities from day to day... not to mention using a proxy to obfuscate their posts... (for instance look at neals latest chernobyl like fuck up on the GB board: http://gaybuttonthai.com/viewtopic.php? ... e49a261e3f (http://gaybuttonthai.com/viewtopic.php?f=3&t=5703&sid=8b0ae9ba3ddafdfa07d1c5e49a261e3f) )
Luckily most hydras are dumb and trip themselves up pretty easily!

P.S. if anyone needs help with technical stuff on php websites you can always contact me at www.bontong.com (http://www.bontong.com/)
Thank you very much, a very insightful post....and a very nice site.

As I stated before, тАЬI wouldnтАЩt allow jinks to violate your privacy in any way and I would hope that he would stand up and say something to the membership if he ever caught me at it. There is nothing to be gained by us and for the board by breaking anyoneтАЩs trust.тАЭ IтАЩm not sure how frequently members have password problemsтАжI havenтАЩt received any yet. Hopefully we will give you no reason to believe your password problems are related to a breach in your PMтАЩs. Both jinks and I barely have the time of day to do the daily chores to keep this sight up to date, let alone would have time for espionage.


You need to take personal responsibility for your online security. Expect others to be reading whatever you send over the internet, regardless of site / provider.
More great advice, thank you very much cdnmatt.


[(which by the way makes Surfcrest's claim to hunt down the hydras an empty threat). I'm as certain as I can be, for example, that this post is routed through a server in a country that's not my own.
Please appreciate a few things. I am not using anyone's individual personal information to filter out hydras. Most people would only think of themselves and their own tracks.
I won't go into detail on how I filter hydras as I want this process to work at its optimum. I canтАЩt catch them all, but I have caught some and it will require a great deal more work to get away with the hydra game from here on in.

Surfcrest

Please appreciate a few things. I am not using anyone's individual personal information to filter out hydras. Most people would only think of themselves and their own tracks.I won't go into detail on how I filter hydras as I want this process to work at its optimum. I canтАЩt catch them all, but I have caught some and it will require a great deal more work to get away with the hydra game from here on in.
Speaking about Hydras.........this term/word Hydra(s) is bandied around all the gay thailand forums nowadays usually as an insult. But is there a generally accepted understanding of what exactly defines a Hydra? Surfcrest is only concerned here with SGF Hydras, that is a member here who has more than one ID/handle on this one specific Board....is it?

Many use it as if having different ID's across different Boards also makes them a hydra head. Everybody used to say LMTU was a Hydra, he had various ID's.... LMTU, Heygay, R&R were three I knew him as on SGF, gaythailand and gaytingtong respectively. Along the way he got banned from so many forums he had to re-join with new ID's...so were these classed as Hydras? even though not used live/concurrently on a single Board? On SGF he changed to mothersruin when LMTU handle was banned, so that's not being a Hydra...is it? If it's not, why do so many always describe him as a hydra?

I have always incorporated the 'name I am known by' in my handles because it's not my real name. My parents named me after a line of family members with the same name which became confusing, so with no middle name I 'took on' a name as a very young boy from a famous footballer of that time which was Alan Gilzean of Dundee FC (later spurs). I use it for email and other accounts on the interenet, but its not my 'passport' name. So it isn't always possible to 'claim' a specific handle as most times allen, allan, alan are not available so I have to use alaan or something. So one handle i am known as has morphed to other handles on different boards...does that make me a Hydra?

I know the owner is concerned about multi ID's on this forum, but what is his or other former owners/moderators definition? More than one ID on one board or more than one ID across different boards? What definition do other members here use to describe a Hydra?

I know the owner is concerned about multi ID's on this forum, but what is his or other former owners/moderators definition? More than one ID on one board or more than one ID across different boards? What definition do other members here use to describe a Hydra?
post273849.html#p273849 (http://www.sawatdee-gay-thailand.com/forum/post273849.html#p273849)


If you believe someone is using a hydra to the detriment of this forum, please let me know!

Thank you for your inquiry, I trust this clarifies or defines what a hydra is to us. The concern is multiple identities on this forum.
Information from another forum may be used to have a look at a SGT member.
See;
post274228.html#p274228 (http://www.sawatdee-gay-thailand.com/forum/post274228.html#p274228)

Surfcrest

Entirely possible and maybe already happened as a simple Google search shows http://www.theadminzone.com/forums/show ... hp?t=49751 (http://www.theadminzone.com/forums/showthread.php?t=49751)