Regarding Security Notice

[Josh]

I haven't seen one yet, so at least there is only one or two users doing it. It could be worse and be like, a group of 20 doing it. Anyway, if that were the case you could just disable sigs for the main usergroups.

[xxMATTGxx]

I haven't seen one yet, so at least there is only one or two users doing it. It could be worse and be like, a group of 20 doing it. Anyway, if that were the case you could just disable sigs for the main usergroups.

Disabling signatures for the main user-groups would unhappy quite a lot of users, surely?

[Josh]

Disabling signatures for the main user-groups would unhappy quite a lot of users, surely?

So would masses of users getting hacked.

[xxMATTGxx]

So would masses of users getting hacked.

And this is not a problem on a daily basis, it isn't like this happens every single day at Habbox where some user trys and gets your account details by making sure a "login prompt" pops up on their screen. Plus, it would depend how many people would actually enter their login details into the box or just press cancel.

[Josh]

And this is not a problem on a daily basis, it isn't like this happens every single day at Habbox where some user trys and gets your account details by making sure a "login prompt" pops up on their screen.

Yes luckily. But as I said, that it probably worst case scenario.

[xxMATTGxx]

Yes luckily. But as I said, that it probably worst case scenario.

I rather not see signatures be disabled due to this, I would rather see a method of trying to prevent this from happening but allowing people to still have images in their signatures. (If possible at all) Removing a feature for everyone, wouldn't be ideal and they are used by many members on the forum.

[Hecktix]

We can usually swoop on these things pretty quickly so I don't think there's much to worry about - the security notice was posted as a both a notification for anybody fooled by this and a notice to warn users incase it happens again.

The user who had it in their signature has been banned.

It's worth noting we don't actually allow users to have signatures until they are out of the "Newly Registered Users" approval group - so that's 5 posts, so it was probably just some clever ass trying to get people's passwords 'cause people use the same as their Habbo password sometimes.

Few security tips:

- There are three places where you may be asked to type in your HabboxForum Password, they are:

• The Login box in the top-left of HabboxForum.com
• When changing your password in usercp
• On www.habboxforum.com/support - which is an official HabboxForum site.

You should not type your HxF password anywhere else.

[Josh]

I rather not see signatures be disabled due to this, I would rather see a method of trying to prevent this from happening but allowing people to still have images in their signatures. (If possible at all) Removing a feature for everyone, wouldn't be ideal and they are used by many members on the forum.

Of course only temporarily I mean. ;l

[Calvin]

Even not allowing .php wouldn't fix it because they can use .htaccess to make it appear under index.png or whatever. I don't think only allowing Habbox.com dynamic images would be a good idea because some users make their own such as Florx who made a few and hosted on his own server.

The user had basically set the login to send entered info to a .txt file, it doesn't happen all the time but happens now and again. I guess we'll just have to watch out for it.

[Jamesy]

Even not allowing .php wouldn't fix it because they can use .htaccess to make it appear under index.png or whatever. I don't think only allowing Habbox.com dynamic images would be a good idea because some users make their own such as Florx who made a few and hosted on his own server.

The user had basically set the login to send entered info to a .txt file, it doesn't happen all the time but happens now and again. I guess we'll just have to watch out for it.

This pretty much, bit of common sense like not entering your details into any strange boxes that pop up infront of you and just let one of the moderation / admins know. Problem sorted.