Password breach discussion.
Moderators: FranklinDM, Lootyhoof
Password breach discussion.
The passwords were clear text. Since phpBB uses Bcrypt, I don't think I or anyone else has anything to worry about. What's your server logs say? See anything suspicious? My password is created with PWD Hash and is at least 16 characters long. With that Bcrypted there's a snowball chance in hell it's been discovered.
I like how that site recommends Last Pass. That asinine cloud-based crap was hacked twice.
Edit- So reading further, it appears some of these were dehashed.
I like how that site recommends Last Pass. That asinine cloud-based crap was hacked twice.
Edit- So reading further, it appears some of these were dehashed.
Last edited by Moonchild on 2018-01-05, 09:56, edited 5 times in total.
Reason: unfiltered
Reason: unfiltered
Re: Please change your password.
tl;dr There was no breach here.. Just gonna state that because people will ask.. But if your password here is one you use elsewhere.. You might want to change it.
Last edited by New Tobin Paradigm on 2018-01-04, 14:54, edited 1 time in total.
Re: Please change your password.
I use a highly complex and sophisticated password, so I doubt that it's been compromised. At the same time, it's amazingly easy to remember, since it's the same one I use for my luggage!
https://www.youtube.com/watch?v=a6iW-8xPw3k
https://www.youtube.com/watch?v=a6iW-8xPw3k
Re: Please change your password.
Is it used in more than one location? If so it might be in the 42gb database.
Re: Please change your password.
@John Connor: what part of "precautionary measure" didn't you understand? Not everything posted is about you. If you use good secure measures already, great! Then this is N/A and you can move right along your merry way.
If your password is currently:
There has been an increase in password guessing attempts both on our forum and on our mail server since December. This database is actively being used to guess user's passwords.
If your password is currently:
- Not unique for your user name to this forum
- Used on ANY other website than this forum
- Very similar to a user name/password combination you use elsewhere (e.g. just a number different)
- Short
- A dictionary word
- Easily guessed
There has been an increase in password guessing attempts both on our forum and on our mail server since December. This database is actively being used to guess user's passwords.
Last edited by Admin on 2018-01-04, 16:09, edited 3 times in total.
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
- Night Wing
- Knows the dark side
- Posts: 5173
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: Please change your password.
Just curious (as always).Admin wrote:There has been an increase in password guessing attempts both on our forum and on our mail server since December.
1) Did any of the password guessers' get lucky?
2) The password guessers doing the guessing, did you ban their IP address since I'm going to guess you can see it.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Re: Please change your password.
God I hope not. I HATE Two-Factor Authentication.dark_moon wrote:@Admin:
It is possible to add 2FA to this forum?
Re: Please change your password.
Why? It increase your account security a lotNew Tobin Paradigm wrote:dark_moon wrote:@Admin:
God I hope not. I HATE Two-Factor Authentication.
Re: Please change your password.
Nah dood.dark_moon wrote:Why? It increase your account security a lotNew Tobin Paradigm wrote:dark_moon wrote:@Admin:
God I hope not. I HATE Two-Factor Authentication.
Re: Please change your password.
1) not that we know of, becauseNight Wing wrote:1) Did any of the password guessers' get lucky?
2) The password guessers doing the guessing, did you ban their IP address since I'm going to guess you can see it.
2) that's automatic.
Anything is possible. But most cases of "2FA" that are going around these days are not, actually, 2-factor. They are just a "more inconvenient 1-factor" and no, it does not significantly improve your security in that case. Marginally, at best. Strong, unique credentials are a much better improvement of your security than any "2FA".dark_moon wrote:@Admin:
It is possible to add 2FA to this forum?
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Re: Please change your password.
Done...............................
Re: Please change your password.
Can someone enlighten me as to why the words asinine and crap in my post were asterisked? Are we that fragile? I could have used the F word. LOL
Re: Please change your password.
That is a GOOD FUCKING QUESTION, actually... Shit dude, why would anyone censor crap? It is a socially acceptable word in most circumstances.. Also asinine, adjective, "extremely stupid or foolish", isn't even a curse word PERIOD.. What a pain in the ass eh? Seems someone is abusing the Admin account and that pisses me off slightly.John connor wrote:Can someone enlighten me as to why the words asinine and crap in my post were asterisked? Are we that fragile? I could have used the F word. LOL
Last edited by New Tobin Paradigm on 2018-01-05, 07:33, edited 5 times in total.
Re: Please change your password.
New Tobin Paradigm,
I'm sure you can guess the identity of Admin. Check the writing style.
I'm sure you can guess the identity of Admin. Check the writing style.
Re: Please change your password.
Admin does not always mean Moonchild. It does mean official though..
Last edited by New Tobin Paradigm on 2018-01-05, 08:23, edited 1 time in total.
Re: Please change your password.
I can see crap... I guess. But the word asinine? Please.
Re: Password breach discussion.
John; this was a global announcement and a special case because of high visibility. Having your response to it be immediately spitting venom and flinging crap and being extremely aggressive was uncalled for.
It's now split off, and you can (dis)cuss all you want. I even unfiltered your initial response, so there.
It's now split off, and you can (dis)cuss all you want. I even unfiltered your initial response, so there.
Last edited by Moonchild on 2018-01-05, 10:11, edited 1 time in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Password breach discussion.
From now on, we'll make global announcements by default locked to prevent undesired need for editing when responses are not necessarily palatable enough for the entire forum to have on top of every board.
P.S.: John, don't assume anything based on writing style - you are likely going to be wrong.
P.S.: John, don't assume anything based on writing style - you are likely going to be wrong.
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Re: Password breach discussion.
Admin wrote:
P.S.: John, don't assume anything based on writing style - you are likely going to be wrong.
Yeah, BS. The word asinine isn't profanity. Just because I can't stand LastPass and expressed myself well, doesn't mean you need to silence me.
Last edited by John connor on 2018-01-05, 14:05, edited 1 time in total.