Digital Viper-X-
[H]F Junkie
- Joined
- Dec 9, 2000
- Messages
- 15,118
it seems that we have lost hte [H] Logo , so my bookmark changed to the vbulliten logo, so did my tab when browsing [H]!!
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Server outage for multiple days
- Thread starter sub.mesa
- Start date
- Status
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
Getting hacked sucks. My site was hacked a while back and they put advertisement code and crap in it. I have no idea how long it was that way for, I only noticed because the site it was trying to redirect to was down, and it was making the page not load, and I noticed it in the task bar. I do the same thing in a case like this, full reinstall and full reupload of all data. I always do changes on the local server then upload once they work, so my local site is always up to date with the online one other then the dynamic db content which is backed up daily.
Sad how there are so many people out there with too much time on their hands who have to do these things.
Sad how there are so many people out there with too much time on their hands who have to do these things.
Fortunately, a while back Kyle made us all switch to strong passwords, so dictionary attacks are useless.
I would not worry about your password being compromised, since it cannot be a simple password easily susceptible to dictionary attacks.
The most sensitive data, if you can call it that, is the listing of email addresses.
Even with encryption an easy way for a hacker would be to simply edit the php files and make it output all attempted logins details in plaintext to a server offsite or a txt file on the host to collect later. The downside is that you have to wait for a user to login after altering the files, but still.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
Even if someone does get your password, what's the worse that can happen? I use the same password for all forums (or most) but I do not use that password for anything else. Worse case scenario someone finds out what forums I go to and gets me banned by telling people off or doing stupid crap. Then I'd contact the admin of each forum to explain what happened. Would suck, but not like someone getting my credit card or something. For forums I admin/mod at, I use a different password.
Spammers getting my email on the other hand would suck too, but I already get like 100+ spam emails per day, and I only get one false negative per month, on average. I tweaked my spam filter quite well and whenever there is a false positive I figure out why it did not get marked, and edit the rules accordingly.
Spammers getting my email on the other hand would suck too, but I already get like 100+ spam emails per day, and I only get one false negative per month, on average. I tweaked my spam filter quite well and whenever there is a false positive I figure out why it did not get marked, and edit the rules accordingly.
MrGuvernment
Fully [H]
- Joined
- Aug 3, 2004
- Messages
- 21,847
either way, you shouldn't use the same password for multiple places if some of those places have important information you don't want leaking out.
People often have things like
Forums passwords
important info passwords
i dont care what happens passwords
et cetera
Glad it is back up [H], a nice format always makes things snappy again!
sirmonkey1985
[H]ard|DCer of the Month - July 2010
- Joined
- Sep 13, 2008
- Messages
- 22,414
lol im lazy i just use the same password for everything.. but important stuff i just change my login name which i dont use on anything else but those important sites.. a lot easier to remember a slightly modified user name then to remember 5 or 6 different passwords..
They don't need to convert anything, these databases already exist - for 90% - even 99%? - of people's passwords. They're just not complex enough. Which is why I feel that people should know whether this happen or not - even on this forum many would probably be vulnerable to being affected by it.
The worst? Some idiot that uses the same username/email/password everywhere (and, mind you, uses a 5-digit password the hash for which is publicly available) has crooks log in to his bank account, withdraw $20,000 & wire it to Russia, and then he goes to his lawyers, who of course blame someone other than him - like a site he registered for and posted twice on that got hacked two years after his last post. Such a scenario, while completely fucking stupid, is not impossible.
Last edited:
Cerulean
[H]F Junkie
- Joined
- Jul 27, 2006
- Messages
- 9,476
Solution: KeePass + KeeFox (for Firefox users) + Unique 24 character uber strengthed passwords for all accounts
![[Spectre]](https://cdn.hardforum.com/data/avatars/m/89/89728.jpg?1455675927){kind=avatar}
- Joined
- Aug 29, 2004
- Messages
- 22,753
Then maybe you should change your password?
It's a forum. I don't care if it's compromised, I want to be able to type it quickly and remember it easily.
The same may not be true for others using this board. Point was that apparently not everyone had "Kyle [make] us all switch to strong passwords."
Or the bigger point: users were potentially exposed and they should be informed.
Last edited:
- Joined
- Aug 29, 2004
- Messages
- 22,753
Oh well my point was, if you used a vulnerable password such as yours and are worried maybe you should change it.
MrGuvernment
Fully [H]
- Joined
- Aug 3, 2004
- Messages
- 21,847
and user names are usually easier to view as some sites your seen name is your username, it really isnt hard to have at least 1 or 2 different passwords, add some numbers, special character like
h@rdforums#2010
$myforumpassword$
either of those are not prone to dictionary attacks and would take some time to try and crack versus just
myforumpassword
NKDietrich
Supreme [H]ardness
- Joined
- Jul 25, 2004
- Messages
- 5,442
Yep. There are a ton of ways to create really complex passwords that are easy to remember using various memory aid. It would be impossible to figure out the pattern like that if someone only had one or two of your passwords, and of course they can't be dictionary'd.
One good one is to use the first or last letters of the words in a sentence, and then have a regular pattern for which you convert some letters and numbers into symbols. For example
#!TbHs1tW
This password has three elements to it.
1) No dictionary vulnerability. To anyone but me, it looks like a random bunch of letters numbers and symbols. Even if by some freak coincidence a single person got a hold of 10 of my passwords on 10 different sites, they'd still be hard pressed to figure out the pattern to compromise more sites.
2) Unique to this site. Even if it gets compromised, the damage cannot spread.
And 3, is the memory aid:
"HardOCP is the best hardware site in the world."
H I T B H S I T W
Then I remember that i's alternate between ! and 1's, and H's alternate between hashes and actual H's, as well as my pattern for lowercase/caps. It sounds complex but once you get used to the pattern you can easily make very long passwords that are seemingly completely random, yet easy to remember. There's really no excuse for a weak password unless you're perhaps an older person or a person with diminished capacity.
Last edited:
Seems like people still live in the past...
These days, dictionaries(rainbow tables) are not just made up of common words, the really large ones are made up of (close to) all possible ascii-chars(unicode is not that common, yet)...
And the "what's the big deal if my account is hacked / nothing bad will happen from it / the account is banned at worst case."
Well, if you have people that trust you on the forum... Social engineering is a powerful tool...
These days, dictionaries(rainbow tables) are not just made up of common words, the really large ones are made up of (close to) all possible ascii-chars(unicode is not that common, yet)...
And the "what's the big deal if my account is hacked / nothing bad will happen from it / the account is banned at worst case."
Well, if you have people that trust you on the forum... Social engineering is a powerful tool...
- Status