Did the website get hacked?
-
[quote name=“chrisj” post=“53476” timestamp=“1390171722”]
I will find out what happened. It might just be a simple error or a DDoS, in which case there would be no cause for alarm.Also you should check out password managers, I use this one https://lastpass.com/
[/quote]thanks for sharing ;D
-
I posted a notice on my blog just in case users who aren’t very active on the forums are aware.
-
I had changed my password following the recent hack on here added a security question etc, shortly after I was logged out and the password I had changed to no longer worked. Forcing me to change my password yet again to be able to log in regardless of just changing it and logging in.
Any information on this? As now I can see there is no available staff, moderators, or admins on the site logged in at all.
I’m starting to check every account associated with my email on this website to make sure nothing else was compromised, will give an update shortly. -
Hey, I’ll mention it to Bush
-
my went to website maint then i clicked refresh 2 days later and was back in here just fine. I just notice i do not see a chatbox option and i miss that. I am really not concered as far as the password goes as it only goes for a porn website lol so they can enjoy IF it was hacked lol :P
-
[quote name=“DARKANGEL6415” post=“54339” timestamp=“1390490499”]
my went to website maint then i clicked refresh 2 days later and was back in here just fine. I just notice i do not see a chatbox option and i miss that. I am really not concered as far as the password goes as it only goes for a porn website lol so they can enjoy IF it was hacked lol :P
[/quote]The website was hacked, the database is being sold online, no one has been forced to change their passwords, and the forum was downgraded because PHP makes security REALLY hard to do correctly.
Suffice to say, the news isn’t good.
-
[quote name=“Kevlar” post=“54341” timestamp=“1390490692”]
[quote author=DARKANGEL6415 link=topic=7028.msg54339#msg54339 date=1390490499]
my went to website maint then i clicked refresh 2 days later and was back in here just fine. I just notice i do not see a chatbox option and i miss that. I am really not concered as far as the password goes as it only goes for a porn website lol so they can enjoy IF it was hacked lol :P
[/quote]The website was hacked, the database is being sold online, no one has been forced to change their passwords, and the forum was downgraded because PHP makes security REALLY hard to do correctly.
Suffice to say, the news isn’t good.
[/quote]We have a Change Password thread http://forum.feathercoin.com/index.php/topic,7031.msg53495.html#msg53495
As far as I understand attackers can’t just log in using the database entries without bruteforcing the passwords.
-
as long as they wasn’t using md5 i think most of the password should be safe from decryption.
-
[quote name=“chrisj” post=“54348” timestamp=“1390492214”]
[quote author=Kevlar link=topic=7028.msg54341#msg54341 date=1390490692]
[quote author=DARKANGEL6415 link=topic=7028.msg54339#msg54339 date=1390490499]
my went to website maint then i clicked refresh 2 days later and was back in here just fine. I just notice i do not see a chatbox option and i miss that. I am really not concered as far as the password goes as it only goes for a porn website lol so they can enjoy IF it was hacked lol :P
[/quote]The website was hacked, the database is being sold online, no one has been forced to change their passwords, and the forum was downgraded because PHP makes security REALLY hard to do correctly.
Suffice to say, the news isn’t good.
[/quote]We have a Change Password thread http://forum.feathercoin.com/index.php/topic,7031.msg53495.html#msg53495
As far as I understand attackers can’t just log in using the database entries without bruteforcing the passwords.
[/quote]Since the database is now available offline, brute forcing can happen offline, in a distributed environment, unchecked. Weak passwords will crumble in seconds, stronger passwords will take a while, but ultimately all are vulnerable.
GPU Cracking makes this trivial.
For 8 characters of ASCII non-control characters, that’s 1,235,736,291,547,681 possibilities. On a CPU, doing a sha256() of that would take about 195 years. On a GPU, 3.4 days.
You know those GPU mining farms? What do you think they would be REALLY well suited for?
You want to really worry? Three words for you: salted rainbow tables.
-
lol
-
I just looked at the code… you know what the salt for the password is?
The username. It’s right there in the database. You know, the same one with your password in it.
-
Good job I changed my user name?
-
[quote name=“wrapper” post=“54476” timestamp=“1390518039”]
Good job I changed my user name?
[/quote]Well I…
Yes, actually. Since you did that, you don’t need to change your password. ???
-
[quote name=“chrisj” post=“53476” timestamp=“1390171722”]
I will find out what happened. It might just be a simple error or a DDoS, in which case there would be no cause for alarm.Also you should check out password managers, I use this one https://lastpass.com/
[/quote]Nice!
I use this one, it has primitive GUI, is slow as f*** but overall works pretty well:
[img]http://www.publicdomainpictures.net/pictures/20000/nahled/pencil-and-paper.jpg[/img]