Websleuths is active 24 hours a day - in fact, lately we have more people on at the slowest times than we used to average during the day just a year or two ago. While we generally can work on things without taking the Boards offline, there are a couple of tasks that require us to do so.

Currently the boards are backed up every night at 3:00 AM Central US time. The procedure is automated and takes a few minutes. As it completes fairly quickly, if you are on at the time you may notice a slowdown or an inability to make a new post. Just try again, it should work. We have decided to leave the Boards running during the backup as the inconvenience is minor and clears itself when the backup is done.

There has been a rash of "breakins" to vBulletin based boards lately. The vBulletin folks have found a potential problem: There was nothing to prevent a user from setting his/her password to be the same as their user name. Some jerk has written a program that goes through the user lists of vBulletin boards and tries to log on as every person on the list, using the user name as a password. If this succeeds they send out obnoxious PMs and generally act like, well, jerks.

To fix this problem, the vBulletin people have released a new version of the software. In addition to not allowing new users to set a password identical to their name, applying the update will lock out all current users whose password is the same as their user name. Here is the announcement from vBulletin:

vBulletin 3.7.3 and 3.6.11 to be Released Next Week

In line with our new scheduled maintenance release policy, a new release for 3.6 and 3.7 will be made on Tuesday, August 26th.

These releases will contain bug fixes, but will also address a situation related to users that use their username as their password. In 3.6.11 and 3.7.3, this will be completely disallowed. Users affected by this will be forced to change their password on their first login. Additionally, a tool will be provided to email affected users with a new password. Please be aware of these potential compatibility changes when upgrading.

This release will be mentioned in the security bulletin sent out to customers today, but we will not send a further notification next week when 3.7.3 and 3.6.11 are released. Watch your Admin CP News, or the latest version check in the Admin CP to see when the new version is available. Alternatively, keep an eye on this forum for the 3.7.3 and 3.6.11 announcements.


We cannot see your password, as it is saved in an encrypted form. What the update will do is encrypt your user name and see if it gets the same result as your stored password. This is why we cannot tell you in advance if this will be a problem for you.

We are going to apply this update when it is available next week. This is the type of maintenance that DOES require us to take the Boards off line, probably for less than an hour. If you are not sure about your passord, there's no harm in resetting it - as a bonus, the procedure will double check that the email address you have on file works!

Again, we cannot check your passwords for you. If you can log in now and your email address is current, you do not need our help to set a new password.

Thank you all for your attention!

OK, we tested the upgrade on a backup of the board and it went fine - but there are 77 of you with passwords set the same as you user name still. Unfortunately I can't see who you are, but when we upgrade the real live board you will be automatically sent an email about the situation. If your email address is not current, you will be locked out and will need to get in touch with one of the staff to fix the problem.

Since the Board now seems to be busy 24/7 we're going to just pick a time and do it - you will get a notice if you try to read while we're working on it. Shouldn't take more than 30 minutes.

Those of you with your password set to be the same as your user name will get an email like this:

Dear {username},

A vulnerability has been found with your password at Websleuths Crime Sleuthing Community. Some passwords are vulnerable to exploitation which may allow a third party to hijack your account.

This may lead to your account being used without your knowledge or permission, and actions being performed under your name.

Vulnerable accounts can also be bad for the board as a whole as they may enable access for automated tools to spam both the forums and other user accounts,
using your username.

As such we have had to reset your password.
You can find your new login details below.

Username: {username}
Password: {new random password}

If you want to change your password, login with the above details at the following location:
http://www.websleuths.com/forums/profile.php?do=editpassword


We apologize for any inconvenience this may cause and appreciate your understanding.



All the best,
Websleuths Crime Sleuthing Community

I don't know if this is the place to post this, but lately, when I am posting a quick reply, I get a box that comes up that says something like "redirecting, you will now be taken to your post. Click here if your browser does not automatically redirect you". What does that mean? Am I doing something wrong? It it a new feature? It doesn't happen all the time but more often lately.

I don't know if this is the place to post this, but lately, when I am posting a quick reply, I get a box that comes up that says something like "redirecting, you will now be taken to your post. Click here if your browser does not automatically redirect you". What does that mean? Am I doing something wrong? It it a new feature? It doesn't happen all the time but more often lately.

Sometimes this happens if you've been idle for a while, it's part of the vBulletin security. I get it, too.

Idle? Idle? Is anyone ever idle when they are on WS? LOL. Thanks adnoid. I haven't had it happen in a few days.