hi
someone change my drupal account's password and email and i can't logged in to drupal by my main account.
this case was happened when i was writing a post in there:
http://groups.drupal.org/node/48578
and after i view this profile:
http://groups.drupal.org/user/95368
may be this is a bug in drupal.org
please help me.
my drupal id:esmailzadeh
my email: locall127001@yahoo.com
best regards
esmailzadeh

Comments

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Title: my drupal account was hacked » My Drupal account has been hacked
Status: Active » Postponed (maintainer needs more info)

May you report the email address that you used when you create your account? If you prefer, you can send it to me using my contact tab.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Title: My Drupal account has been hacked » my drupal account was hacked
Priority: Critical » Normal
Status: Postponed (maintainer needs more info) » Fixed

I double checked {users}.init and confirmed that 'locall127001@yahoo.com' was the original e-mail used to create the account.

@esmailzadeh: You should now be able to use the 'Request new password' at http://drupal.org/user. Also make sure to not use your old password and change your CVS password as well.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Title: my drupal account was hacked » My Drupal account has been hacked

If you'd like we can block the newer account you created once you have control back of your original account.

esmailzadeh’s picture

esmailzadeh commented

thanks for quick answer.
problem was fixed.
best regards
esmailzadeh

esmailzadeh’s picture

esmailzadeh commented

thanks all things is all right now.
is this possible that attacker uses xss attack or anything like this? (if true is this possible for attacker to use this exploit again?)
i think attacker did not use brute force attack because this happened in a few seconds.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

mohammad_esmeailzadeh’s picture

mohammad_esmeailzadeh commented
Component: User account problem » Policy
Issue summary: View changes

please remove this comment it was also published by the hacker:
https://groups.drupal.org/node/48578#comment-128478

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Component: Policy » User account

I deleted the comment on g.d.o.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented