RootsChat.Com
General => Technical Help => Topic started by: chris_49 on Thursday 12 October 17 09:10 BST (UK)
-
One for the techies in Admin, but not to go in "technical help" which is for basics. I've recently had some problems with fraud (which I needn't go into here) and now I get an email from Disqus, greeting to Chris_49, saying there has been suspicious activity on my account, and to change my Disqus password.
I'm pretty sure I don't have an account with Disqus, but I only use username chris_49 with Rootschat and one other site, and I can still log into both. Does Rootschat use Disqus, which is a blog comment hosting site, to store passwords at all? The link seems genuine in that it doesn't link to an unrelated website URL as phishing scams do, but offers no options other than password change.
I'll change my password, but just wondered.
Chris
-
Disqus was apparently hacked in 2012, but this seems a long interval before addressing the issue!
-
Chris,
I sorry to hear that you have had problems with fraud recently, and you are right to be vigilant.
In answer to your question, RootsChat does not use Disqus.
We do however allow instant logins logins for people who are also registered/logged into: Faceook, Twitter, Google, Linkedin, Yahoo, YouTube, OpenID, Wordpress, Blogger, StackExchange.
These instant logins don't transfer any passwords however, but it does bring across the username that you would use on one of them to here, if you logged in that way. It doesn't work the other way round though, so your username of chris_49 would not be passed back to one of those sites if you logged into one of them.
So it's not going to be that.
It's wise as you are unsure to change your Disqus password, but don't do it by clicking on the link in the email even if it does look genuine. Go to the site itself via your browser and do it that way.
Let us know how you get on :)
Trystan
-
Thanks very much Trystan.
I never login to Rootschat via another site for the very reason that I suspect it might make fraud easier. I'll wait for the other site to reply and if they don't need it I'll just ignore the Disqus email since I don't use that site.
Chris
-
One for the techies in Admin, but not to go in "technical help" which is for basics. I've recently had some problems with fraud (which I needn't go into here) and now I get an email from Disqus, greeting to Chris_49, saying there has been suspicious activity on my account, and to change my Disqus password.
I'm pretty sure I don't have an account with Disqus, but I only use username chris_49 with Rootschat and one other site, and I can still log into both. Does Rootschat use Disqus, which is a blog comment hosting site, to store passwords at all? The link seems genuine in that it doesn't link to an unrelated website URL as phishing scams do, but offers no options other than password change.
I'll change my password, but just wondered.
Chris
Do you still have the email?
If so, then try going View>Source
Look for Received: from .....and see if that says it was from them
-
Do you still have the email?
If so, then try going View>Source
Look for Received: from .....and see if that says it was from them
I'm not sure. I use Chrome, and right-clicking and choosing "View Page Source" gives a lot of HTML - the word Received does appear 14 times but mostly as some sort of Boolean flag (true or false) and never giving an email source.
Clicking the "DS" icon does give a Disqus email address but I suippose that is forgeable.
-
Yes you will get a lot of HTML and you will get Received a good few times, is there no
Received: from
??
-
No - only followed by True, False or "Time Stamp". Lots of "from" but usually deep in the code and never near a "received". I'm just going to ignore it
-
I experienced exactly the same this morning. I definitely have no account with Disquis nor have ever contacted them; so I just deleted it.
-
I definitely have no account with Disquis nor have ever contacted them; so I just deleted it.
This applies generally:
if you receive such suspicious e-mails from any company where you do not have an account,
then delete them immediately.
I regularly receive such e-mails, or e-mails saying "your account here at XXX ...", "a reply has been received. ..", "you have been contacted through .." etc, etc. in the header, from facebook, twitter, PayPal and many others, although I have no account with any of them !
I simply delete them without reading !
Bob
-
No - only followed by True, False or "Time Stamp". Lots of "from" but usually deep in the code and never near a "received". I'm just going to ignore it
Yes...if the First Received: From is not from Disquis, ignore it!!
The rest are to and from Google, or Satellite to Satellite etc.....