ALAMAK
Member Login Singapore USA Chat Australia Chat Malaysia
Free Chat Singapore USA Chat Australia Chat Malaysia
Sections
Front Page
FreeHome
Info & Help
Games
Guestbooks
Downloads

Games
CyberMyst
BlackJack
Tharsis Gate
Galactic Conq
Hangman
Mine Sweeper

Members
Join
Renewal
Security
Offices
Guide
Acct Manager
Chng Passwd
Nick Changes

Help
Chatting
Membership
FreeHome
Guestbooks
Contact Us

Mirrors
USA Chat
Australia Chat
Malaysia

INFO & HELP
 Chat  Members  Misc  Contact Us
Introduction
Commands
Chat Rules
FAQ
Hints & Tips
Color List
Free Speech
Disclaimer
Ban Logs
Introduction
Office Locations
Membership Policy
Ops' Guide
Op Commands
Op Levels
Security
Alamak HomePages
Sending Files
Alamak Hacked
Login Problems
Browser Support
IRC Support
FreeHome
Portal
Classifieds
Guestbooks
Committee
Abusive Chatters
Billing
Passwords
Login Probs
News
Complaints
Web Page
ALAMAK Operator Security

Change Passwords
Use the Account Manager to change your passwords or other account information.
Ops Password Security

DO NOT give your password out by Email, CMAIL or ON THE CHAT to anyone.

Be careful. It is not unknown for people to set up FALSE LOGIN PAGES, FALSE EMAIL ACCOUNTS, FALSE STAFF NICKNAMES, or PROMISE YOU WONDERFUL THINGS if you give them your password. The only thing you will get is a hacked account and it could take a couple of days before admin can fix it.

If our staff needs to verify account information, they will not need your password to confirm ownership. On the rare occasions when it is necessary, you may be given a new password and asked to supply the old password on the Contact Us Page to verify account ownership.

The only places you should type your password is on the Alamak Contact Page the Alamak Change Password Page and the Alamak Operator Application, these are all on our server at ( alamak.com.sg or alamak.com.sg )!

In the next Fake Example, if we ever had any sort of problem with your account we'd first change your password for you and send you an email with new password and then give you a link to the Contact Page if you had any problems.

There is no way we would loose your account information, we keep daily backups and our systems are secure.


Fake Email Example

FAKE EMAIL

Date: 13 Aug 00 22:01:09 MDT
From: Alamak Administration 
To: youremail@somewhere.com
Subject: Alamak Administration Query

Dear Alamak Operator,

        We have some distressing news at Alamak today to pass along to certain
operators.  We have recently upgraded our chat servers to improve performance
on both the chat part and c-mail of Alamak Chat.  We had the usual problems
with the switch but everything seemed to had gone ok.
        The thing that didn^Òt go correctly is a major problem.  When we switched to
our new servers we had a small window of about three hours where all our stuff
would be insecure and vulnerable to attack.  We planned for this and did it
when the number of people on the server was low.  We thought this was an
acceptable risk because it would only be for three hours and no one would know
except for the Alamak Staff.
        We have since found out that part of our server that holds the accounts
including passwords and logins was compromised.  We are thus taking this time
to contact the certain accounts that were attacked during our down time.  The
faster we get this done the sooner we can get everything back to normal and
keep Alamak going as one of the strongest chats on the Internet.
        We will need the following information to confirm you are the true owner of
your Alamak Account.  This is the same information you used when you signed up
as long as nothing has changed.  If we do not hear back from you within TWO
days from opening this e-mail we will then assume you are not the real owner
and your account will be SUSPENDED.

Account Specifics
----------------------
Nickname:
Desired Password:
Retype Password:
Desired Perm Password:
Retype Perm Password:


Account Addition Information
-------------------------------------
Full Name:
E-mail Address:
Phone Number:
Street Address:
City/State/Country:
Postal Code:


Cardholders Required Information
------------------------------------------
Cardholders Name:
Cardholders E-mail:
Phone Number:
Street Address:
City/State/Country:
Postal Code:
Credit Card Number:
Exp Date:


        We are sorry to have to have done this.  But this is the only way we can be
assured for our sake and yours that you are the true owner of your account. 
As a gift once we receive your information and if it^Òs correct we will give
you one month free OPs!  It will not show up when you logon but once your
account runs out it will automatically run another month.

We thank everyone for their support!
Alamak Administrator

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1


Real Contact Us Reply From Alamak

REAL ALAMAK CONTACT REPLY

I can't help you unless you fill out the form
completely and include everything I need to know
to fix your account. Do not expect me to remember
the email you sent last time when I deal with 100's
a day. Pls follow the following instructions and
I will do my best to help you.

Please fill out the Ops contact us for completely
with all of the information you have or else we
can not process this request!

If you can, use the secure contactus to send Ops
information securely.

Secure:
https://alamak.com.sg/contact.phtml

Otherwise use the non-secure form.

Non-Secure:
http://alamak.com.sg/contact.phtml

Select - Operator Billing / Info / Password / Login Problems

Fill it out completely! USE THE FORM!!! Plain typed
emails are harder to read and take us more time so I
will just keep sending you this reply till you fill out
the form!

The information must match what we have in our database
or will will ignore your request!

Thanks!


Don't Reveal the Session ID

DO NOT COPY YOUR CHAT PAGE SOURCE TO ANYONE

The chat is designed so that there is a random session id created when you first login to the chat. This session id is how the chat knows who you are. It is impossible for anyone to guess the session id, but if you reveal it then someone could take over your chat session.

Normally you would not know if a person had taken over your session unless they posted a message. However, they would receive any private messages sent to you, see your conversation if you are in a private room, and have access to your /mail.

The best advice is not to do anything not normally intended by the chat program. If you are just clicking on links and submitting forms you will always be safe, but if you start picking the source code and pasting it to other users, then you have to expect something is going to happen.

Secure Login

OPERATORS USE THE SECURE LOGIN

A secure login is available for Operators to protect your login password from packet snooping during login.

If you use a proxy with secure login, you may have a problem if your proxy setting for https or secure is different from your http proxy setting. To the chat server, it will look like you are changing your IP address when it switches from secure to non-secure server. The chat server prevents IP switching and, if it detects a change in your IP address, it will kick you out.

In most cases, the problem arises because users have entered a http proxy setting but have left the https or secure field blank. The solution is to enter your http proxy setting into the https or secure field as well. Dont' forget to fill in the port number too.

Server SG uses a self signed certificate which must be changed once a month. You must accept this certificate to use the secure pages on alamak.com.sg. If you accept the certificate "until it expires", then when it does expire you will get a connection error when you try to access the secure server again. If this happens, go under your web browser security section, look for web site certificates, and delete any that say alamak. Then access the secure server again and accept the new certificate.

Alamak Security

All our servers are protected by a double firewall. Password transfers are either by an internal local area network or pgp encryption.

We do not reveal users' passwords.

Office administration forms for Operator accounts have several layers of security to prevent access by unauthorized persons. Account passwords are not displayed in the account modification fields. Passwords can be changed by the office but not viewed by this method.

No Proxy For / Ignore Proxy Settings

Also make sure you don't have something funny in your no proxy for settings. For example on server SG many chatters will put in a proxy setting and to get faster response from Singapore web sites will set a NO PROXY FOR ... sites ending in '.sg'. What might this do on Alamak?

First you login with a '.sg' ending which will not use the proxy then if the chat server switches you to an IP address like alamak.com.sg it will not match the '.sg' ending, proxy will be engaged, and you'll get an ip switching error.

The easiest solution would be to remove all your 'no proxy for' settings. Another solution would be to add the IP address alamak.com.sg in the no-proxy-for settings.

The best advice, don't put any no-proxy-for settings, many people have been unable to access sites, including Alamak, due to corrupted no-proxy-for setting.

Double Password System

Alamak uses a double password system to reduce cases of account hacking.

Every Op account has two passwords, a login password and a permanent password. The login password is used to login to all of Alamak servers and services. The permanent password is used to change the login password.

If an unauthorized person manages to get your login password, they will not be able to reset your permanent password. To lock the person out of your account, use your permanent password and change your login password.

To change you password, use the Account Manager.

If you have any problems, you can ask us to reset your passwords. Use the appropriate section of the Contact Us Page to request that we reset your passwords.