when i logged on at school today i got a messege come up a couple of times asking for my username and password. i thought it was just because i was on a school computer. now i'm home and i have got it again. the messege is like this:

"he server ssl-connection.********** at www.virtualteen.org login to continue viewing this page. requires a username and password.

Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection)."

i'm assuming its some bug to steal usernames and passwords. i was wondering if there is any way to block that? if not i would like to suggest an announcement advising members not to give out those details like that.

To be honest it doesnt sound like anything you should worry about if its virtualteens server giving that message, it is most likely wanting an administrative password but there obviously is an issue if its doing that on the homepage.

I haven't had this message to be honest, but it does sound like a bug that's designed to take your information. Your best bet though would be to check with Ant

Edit: Stephen, "ssl-connection.**********" Has a Trojan attached to it, I just typed into my browser URL bar and a warning came up in the corner. "Trojan Program Trojan-Clicker.JS.Agent.mt".

Alright it seems like someone either in a post or signature had a link to an invisible image which would force that login box to pop up. It was not originating from virtualteens server. I'm not sure if it was a way to steal passwords or not. Either way through I censored the URL so it no longer will pop up.

If you entered anything in there it might be worth changing your password as a precaution.

One of the users that caused the problem was banned however I think that if any one else encounters it, make sure you somehow report it to a staff member so the account can be banned.

Alright it seems like someone either in a post or signature had a link to an invisible image which would force that login box to pop up. It was not originating from virtualteens server. I'm not sure if it was a way to steal passwords or not. Either way through I censored the URL so it no longer will pop up.

If you entered anything in there it might be worth changing your password as a precaution.

ok, thanks boss. :)

The login to this site isn't ecrypted anyhow; there's no https://.
True, the hashes are here, but the stuff for that is on the server. So unless someone gained ftp access, that shouldn't be a problem. Perhaps your browser was just over-cautious with login forms.

Don't bump old threads this is beyond solved. :locked: