Script kiddies at my forum use a trick where they get members to click on external links. At these external sites, they use XSS to steal the forum cookies. They then log in as those users on the forums, effectively stealing the account.
They've done this several times, and the latest time -- it was me, the admin of the board. I, and a hacker were both logged into my account. While browsing the board - I saw a post by me that was not made by me.
There needs to be some fix for this. How can the sessions be made more secure to prevent stealing, or, is there a way to prevent multiple logins on the same username simultaneously? I need a quick fix!
They've done this several times, and the latest time -- it was me, the admin of the board. I, and a hacker were both logged into my account. While browsing the board - I saw a post by me that was not made by me.
There needs to be some fix for this. How can the sessions be made more secure to prevent stealing, or, is there a way to prevent multiple logins on the same username simultaneously? I need a quick fix!
Comment