ClassCreator.com | Blockbuster sites, amazing reunions

Share Tips

New Topic Subscription Options  

Brad, please look at this soon; I think I got hacked?

Forums: Class Connection Bugs
Created on: 03/21/14 07:34 PM Views: 1177 Replies: 9
Friday, March 21, 2014 at 7:34 PM

Brad, what do you make of this? This is new “classmate” I think, that just joined the class creator site as well as Class Connection. Take a look at “he / her” profile at our site of www.anadarkohs1961.com. I have verification turned on, and didn’t even get an email to notify me. Nor does the system show a “need” for verification. This is the 2nd email of 2, I am sending number 2 shortly.

From: Ruth McPherson Williams [mailto:noreply@AnadarkoHS1961.com]
Sent: Friday, March 21, 2014 3:38 PM
To: admin@AnadarkoHS1961.com
Subject: On you Class Connection


   Anadarko High School, Warriors
Class Of 1961

From:    Ruth McPherson Williams
Email:    ruthwilliams@hiphop.com


I have penetrated your security easily. I is clearly NOT safe to use!

Sender's IP Address: 96.58.189.95

View the geographic location of this IP Address

Click here to report this as spam

This message has been sent to you from ruthwilliams@hiphop.com. You cannot reply directly. Click here if you wish to start a new email to ruthwilliams@hiphop.com.

Reply
Edited 03/21/14 7:37 PM
Friday, March 21, 2014 at 7:35 PM - Response #1

The second email; Should I get this shutdown asap, and how best to do that. There is no Hildatown, AL, and zip code 33313 is Florida, not Alabama.

Ruth McPherson (Williams) has joined!

For your records, data originally input which has been changed is highlighted in red below.
Information   Original   New Value
First Name   Ruth    Ruth
Last/Maiden Name   McPherson    McPherson
Married Last Name   Williams    Williams
Primary Email       ruthwilliams@hiphop.com

Street Address   ??    17 Hip Hop Drive
City   Tulsa    Hildatown
State   OK    AL
Zip/Postal Code   74117    33313
Country       USA

Email Ruth

View Profile

Edit This Warrior Here

Reply
Edited 03/21/14 7:50 PM
Friday, March 21, 2014 at 8:17 PM - Response #2

Brad, soon as you have chance to look at this, I want to eliminate this member record as joined, and get him off my Home Page for New and Profile Update. Just tell me how to do it with minimal impact. Do I just DELETE the classmate, and put back the REAL Ruth?

PROFILE UPDATES

•    Ruth McPherson Williams 3/21
•    Pat Patterson Couts 3/16
•    Cherry Beverage Marquez 3/7
•    Derrell Pulis (60) 2/22
•    Jim Cussen 1/20

Reply
Friday, March 21, 2014 at 9:30 PM - Response #3

All right, first of all, relax, as everything is normal here. Nothing has been penetrated.

1) The first message sent: That's just coming from your Contact Us form. Considering that's open to the public and anyone can fill it out, I'm not overly impressed he was able to penetrate that. Smile There's no issues here at all.

2) Next the person joined using an unused name on your class list. This happens sometimes... They were able to change the values of the account because for all intents and purposes they were now Ruth. The real Ruth could have done the same had she joined.

3) Are you saying Ruth never showed up as pending verification? All you need to do now is delete Ruth entirely, then add her name back to your class list. Problem solved.


Reply
Friday, March 21, 2014 at 9:36 PM - Response #4

There is also an option at the bottom of the MANAGE CLASSMATES, ENTER EDIT, Profile page where you can delete without having to re-add her. Choose the option "Un-Verify this person and reset their account" and it will effectively delete all the information that was added, keeping her yearbook photo and admin entered information.


Reply
Friday, March 21, 2014 at 9:46 PM - Response #5

Very good point Kyle, thanks.


Reply
Friday, March 21, 2014 at 10:24 PM - Response #6

Thanks Brad, thanks Kyle:

Oh, yeah, I freaked out as I have never had something like this occur. I guess bottom line, why wouldn't I have gotten a notice of Verification. Nothing ever came. In fact, I ask the system to show me any UNVERIFIED classmates and it said none.

Is there any way to tell if this guy joined Class Creator first, and Class Connection second, or the Opposite. Something, somewhere needs looked at to assure the Verification process stops everything in the waiting room until I verify them. Also, was he actually in 'waiting room' status, or was he fully joined so that he could look at anyone's Profiles, etc. Verification status stops the flow of information, and we need to make absolutely sure that anyone joining either Class Creator, or Class Connection moves in to Verify.

Reply
Friday, March 21, 2014 at 11:25 PM - Response #7

Did you delete that account? If not we're all set here, you can do so now.

The act of merging using the "easy join" link removed him from the verification list and that's why you didn't see him there. Made an update so that can never happen again. Anyone who joins the site, then the app, will be on the unverified list in both environments until you click into that account and verify. All set here.


Reply
Saturday, March 22, 2014 at 12:00 AM - Response #8

Good (and thanks) Brad. At least something good and productive came out of this, versus scaring me. Smile

Just to clarify, I totally understand, and agree, if classmate already member of Class Creator site, then no Verification needed since using "easy join". HOWEVER, down the line a ways from now, exactly how does the classmate that has never been in Class Creator, just join at the Class Connection? I would assume the original adding the Class Connection APP and find class and year. Can we be assured that the person ORIGINALLY joining JUST the Class Connection, that I would get the expected Verification?

Would it be more secure and beneficial if no one allowed to do Initial join on Class Connection. They would first join Class Creator, THEN use the "easy join" in Class Creator to join Class Connection. I would have to think about that, but I might prefer that process. Too late at night, so I will mull this tomorrow.


P.S. - Yes, I deleted that account here.

Brad Switzer wrote:

Did you delete that account? If not we're all set here, you can do so now.

The act of merging using the "easy join" link removed him from the verification list and that's why you didn't see him there. Made an update so that can never happen again. Anyone who joins the site, then the app, will be on the unverified list in both environments until you click into that account and verify. All set here.

Reply
Edited 03/22/14 12:02 AM
Saturday, March 22, 2014 at 1:03 AM - Response #9

Nope. No need. If somebody just goes directly to the app link (apps.facebook.com/classconnection) and they join, they'll be awaiting verification there too. By "there" I mean waiting verification in general. i.e. if the classmate only joins the app, and you log into your regular class web site, you can verify the person right there. Or if you log into the app you could verify the person there. It's all the same thing. Just two different places you can do the exact same stuff.

I know it seems a little complex at first when you're first into the app and you're figuring out how it all plays together. It won't be long before this is second nature. Again it's all the same functions happening in both places. Verification status, and anything else in the entire system, is all the same to the database. Where you do something, where a classmate joins first, etc., it all really makes no difference whatsoever.


Reply
New Topic  
Subscription Options: Have all new forum posts sent directly to your email.
Subscription options are available after you log in.