On 06/05/14 04:21, Nusenu wrote: > Karsten, thanks for taking the time to answer these questions. > >> AFAIK, there's no way to find out whether an account has been >> compromised, other than asking users to log in and see if their password >> still works. > > Ok, I thought that might be possible by looking into <auth > backend>/trac/apache logs to see if an existing account was registered > again (or more than once).
You're right, that might work. I don't have access to those logs, so I'll leave it to Erinn to decide whether she wants to investigate this more. To be honest, it's rather unlikely that somebody would have compromised an account with no special privileges and left the developer and admin accounts untouched. And we already made sure that none of the latter has been compromised by asking people. All the best, Karsten > https://trac.torproject.org/projects/tor/ticket/11545#comment:3 > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
