ClassCreator.com | Blockbuster sites, amazing reunions

Share Tips

New Topic Subscription Options  

Hijackings

Forums: General Discussion
Created on: 01/13/09 11:28 AM Views: 1868 Replies: 8
Tuesday, January 13, 2009 at 11:28 AM

Good Morning Fellow Site Administrators ~ SmileShockedVery HappyCoolLaughing

I just wanted to share with you that our site was recently the victim of a hijacking. The scammer registered into our site as a classmate and once he did, he contacted one of our classmates claiming that he was an attorney and that a relative of hers left millions of dollars unclaimed.... Once I was notified of this, I immediately deleted his fake profile and activated the feature on our site where all new members must now go through a verification process prior to gaining access.

That was a few weeks ago.... Last night after reviewing our Classmate Profiles, I found three more bogus profiles lurking out there that have been considered "Active Classmates" for months already! So, for the sake of all your classmates who trust your site as being secure, I would highly recommend that you activate the new member verification feature on your site if you haven't already. To verify a new member doesn't usually require much more than just seeing if they entered any personal information on their profile page. If not, chances are they're not legitimate; and if they are and they return to your site at a later time and can no longer access their profile because you blocked them from joining... well, they'll let you know. In the meantime, I urge all of you to err on the side of caution so as not to exploit the personal information of your classmates and their trust in you as administrator of their site.

Better safe than sorry ~
Sandie Confused

Reply
Edited 01/13/09 11:29 AM
Tuesday, January 13, 2009 at 12:03 PM - Response #1

Where do I go to activate this feature?

Reply
Tuesday, January 13, 2009 at 12:20 PM - Response #2

Click on Preferences under Admin Functions. Then scroll down to New Classmate Access Rights and click on the radio button that says DO NOT ALLOW. I would also recommend going through your current Classmate Profiles to weed out any bogus ones that may already be lurking there. Rolling Eyes

Reply
Tuesday, January 13, 2009 at 2:16 PM - Response #3

I sent out an e-mail warning classmates about possible hijacking of profiles. Turns out that e-mail ferreted out a hijacker. I am much more careful now. Along with the e-amil that is automatically sent, I send a personal message to the people. I upload a black and white picture from the yearbook and then ask for a color one if they have it. I pretty much always get a reply. We have a relatively small class, so I can do that.

Reply
Tuesday, January 13, 2009 at 2:34 PM - Response #4

Good advice folks. That's exactly why we built the Anti Hijacking feature. Now you can ensure that your Classmates are actually your Classmates.


Reply
Edited 01/14/09 5:23 PM
Wednesday, January 14, 2009 at 5:09 PM - Response #5

I have put a notice on our homepage (we are still in the process of getting everyone registered) letting them know that we will be requiring verfication from them, so hopefully that will discourage any hijackers.

Vicki

Reply
Sunday, March 15, 2009 at 1:45 PM - Response #6

I had a classmate contact me today about a suspicious email he received through the site. I did notice that he had his profile visibility box unchecked, meaning that outsiders and search engines could see his profile. I experimented by sending him an email with a bogus name and my other email address, after logging off and Googling his name. He did received that email.
I am wondering if we can confirm that it came via a search engine rather than from a prankster on the site.
Any thoughts?
Thanks. Tam

Reply
Sunday, March 15, 2009 at 2:13 PM - Response #7

i didn't want to resort to that, we have had one incident and if we don't stop it in it's tracks i have no doubt it will be a much larger problem...

it is always better to errr on the side of caution and in these times it is better to have a little more hassle for the alumni to sign in than to leave the gate open.
especially after your site has been up and running for a period of time...my assistant administrator and i discussed this and we decided not to do this, however NOW I'm going to toggle that on now, right now...did i say now! Sad

keep in mind if they want to get in, no matter what, (even if you toggle it, the more assertive will gain entry) they most likely will and IMHO i feel we need to protect the integrity of the others who are not aware of these ongoing
experiences from the less sophisticated spammers & scammers

that case you reference to is just low, low, low
Evil or Very Mad
Exclamation**NOTEExclamation
Just went to shut the pearly gate and CC has a script pop up saying it is better to do this through the preferences tab...which it is, now they will have to be scrutinized by you the root administrator...again, more hassle but better than having those sort of problem on your site..
(prefrences is on the bottom of your panel
IMHO

       DO NOT ALLOW new subscribing Classmates to view password protected areas of the web site, access any restricted Classmate Profiles, post messages in message forums, and hide Profile information from other Classmates until the new Classmate's identity has been verified and confirmed. (Note: If you select this option, a new "Verified" field will appear in the Classmate's Profile area that only you, the Site Administrator, can see. When a new Classmate joins your site and the Classmate's identify has been confirmed, toggle the "Verified" field to "yes". The default will remain "no" until you do this. Once toggled to "yes" the new Classmate will be granted access to restricted areas of your site.

Reply
Edited 03/15/09 2:26 PM
Sunday, March 15, 2009 at 4:07 PM - Response #8

Tamson Will wrote:

I had a classmate contact me today about a suspicious email he received through the site. I did notice that he had his profile visibility box unchecked, meaning that outsiders and search engines could see his profile. I experimented by sending him an email with a bogus name and my other email address, after logging off and Googling his name. He did received that email.
I am wondering if we can confirm that it came via a search engine rather than from a prankster on the site.
Any thoughts?
Thanks. Tam

If he forwards the email to us we can see if we can determine if it came from a bot or a real life prankster.


Reply
New Topic  
Subscription Options: Have all new forum posts sent directly to your email.
Subscription options are available after you log in.