Cheap thrills by watching visitors - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Cheap thrills by watching visitors

anyone keep an eye on logins?

too much information

2:24 pm on Sep 25, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I set up a login to two different web sites. On both I set up the login so that it records what people punch in, this way I can see what happens if they call and complain. (This isn't top secret stuff I'm protecting so this is not a security concern)

The most amaizing thing to me is what people punch into a random login on a web page. I get e-mail addresses for usernames and strange words for passwords which I am assuming is their password to their e-mail account. (I've never tried one to find out.)

I get random names entered into the login - ALL CAPS, all lowercase, SomE CAps, etc. Misspellings, and other wacky things.

I'm starting to think this is the most amusing thing I've ever set up! (At least for me)

What baffels me is the fact that people enter their e-mail and passwords. This is almost scary. Then again without exception all of these have come from one ISP. You all know which one. ;o) How can people be upset when their accounts are stolen, and credit cards charged up when they do such bone headed things like this.

It just makes me realize who my audience is. It's funny how much you can learn from people just by watching them.

Filipe

9:29 pm on Sep 26, 2003 (gmt 0)

10+ Year Member

Well, for the record, I believe that using e-mail addresses AS usernames is a very sensible and user-friendly approach at authentication.

Anyhoo, things like this give me cheap thrills also. On one of my sites, I was logging TONS of user activity information for the purpose of refining the site. One thing I watched closely was the search box I set up. People search for the funniest stuff sometimes.

txbakers

11:24 pm on Sep 26, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I log each login and logout to a database, not so much for cheap thrills, but for an audit trail.

My program deal with financial records and more than once I've been asked to reproduce that list on certain occasions to prove when so and so logged in.

It's been a valuable asset to have that data.

keyplyr

2:49 am on Sep 27, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

What really amazes me is, people think that just because their email address/password gets them into their ISP or their Bank, that it will work for my website - LOL, and how easily they surrender this highly sensitive information to a website they know nothing about.

I do not ask for email addresses anywhere on my website (have no use for them), but people keep submitting them anyway. This would be an easy way for Spammers to gather them up!

too much information

3:47 pm on Sep 30, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

What really amazes me is, people think that just because their email address/password gets them into their ISP or their Bank, that it will work for my website - LOL

that's exactly what I'm laughing at. it really is amaizing how often it happens.

it would be a fairly easy thing for a spammer to set up a legitamate looking site with a login form to grab e-mail addresses, or if they were more dirty, they could grab more info from the person by logging into their ISP and checking their assorted profiles.

the most dangerous thing to online security is the things these people do to them selves. but I'm guessing these are the people that buy things from phone solicitors and spam e-mails anyway. ;)