this post was submitted on 19 Jun 2023
6 points (100.0% liked)

Technology

39873 readers
330 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
6
Lemmy user list (lemmy.ninja)
submitted 2 years ago by MrEUser@lemmy.ninja to c/technology@beehaw.org
3 comments fedilink hide all child comments
 

I used a tool to see how many users my site had. Once I saw the count was larger than expected, I wondered who these users were. I checked the database table and saw a huge list. I know for a fact that all these users are not on my instance. I was able to confirm that the database includes email address and password hash. This SHOULD mean that if someone tries to login, and their authentication information is sitting in my database, they can login at my site locally, correct? I only ask because I did not find an entry anywhere that lists a “home” instance for them to log in to. Am I correct in understanding that accounts are distributed like communities are?

you are viewing a single comment's thread
view the rest of the comments
[–] Kerb@discuss.tchncs.de 1 points 2 years ago* (last edited 2 years ago)

That reminds me of an incident we had.
On of our customers sites suddenly had hundred's of new signups.

It turns out a hacker tried to fuzz the site,
and since there was no captcha/spam protection in the signup form he created hundred's of accounts.