PLEASE READ: Forum/site password strength
- xavier
- OGRE Retired Moderator
- Posts: 9481
- Joined: Fri Feb 18, 2005 2:03 am
- Location: Dublin, CA, US
- x 22
PLEASE READ: Forum/site password strength
Hello Ogre users,
I've just had to go through and delete a bunch of posts by a particular user who likely had their account compromised; it appeared that a bot had edited a bunch of their posts from the past as well as posted a bunch of recent garbage, plus also changed their account profile information (email address, sig, etc.).
For your sake and the sake of the Ogre site and forums, please make sure you are not using trivial passwords for your Ogre site and forum accounts (for instance, using your username as your password, or using simple dictionary words for passwords).
This sort of attack is easily thwarted with a little bit of diligence on the part of the community, so we thank you in advance for your cooperation!
Xavier
I've just had to go through and delete a bunch of posts by a particular user who likely had their account compromised; it appeared that a bot had edited a bunch of their posts from the past as well as posted a bunch of recent garbage, plus also changed their account profile information (email address, sig, etc.).
For your sake and the sake of the Ogre site and forums, please make sure you are not using trivial passwords for your Ogre site and forum accounts (for instance, using your username as your password, or using simple dictionary words for passwords).
This sort of attack is easily thwarted with a little bit of diligence on the part of the community, so we thank you in advance for your cooperation!
Xavier
- haffax
- OGRE Retired Moderator
- Posts: 4823
- Joined: Fri Jun 18, 2004 1:40 pm
- Location: Berlin, Germany
- x 7
- Contact:
- SpaceDude
- Bronze Sponsor
- Posts: 822
- Joined: Thu Feb 02, 2006 1:49 pm
- Location: Nottingham, UK
- x 3
- Contact:
If, like me, you don't fancy remembering 100 different passwords for different websites you can use something like KeePass ( http://keepass.info/ ) to store all your passwords in a database with 1 master password to unlock it.
- nullsquared
- Old One
- Posts: 3245
- Joined: Tue Apr 24, 2007 8:23 pm
- Location: NY, NY, USA
- x 11
Or, you know, just useSpaceDude wrote:If, like me, you don't fancy remembering 100 different passwords for different websites you can use something like KeePass ( http://keepass.info/ ) to store all your passwords in a database with 1 master password to unlock it.
- DanielSefton
- Ogre Magi
- Posts: 1235
- Joined: Fri Oct 26, 2007 12:36 am
- Location: Mountain View, CA
- x 10
- Contact:
I store my passwords in my PDA. Got about 250 of them, all random alphanumeric and at least 10 characters long. Not much chance of anyone guessing mine.
phpBB2 has completely ceased development now. So if an exploit is found, it'll never be fixed.
This really should be considered soon. There are tonnes of security flaws in phpBB2, and bots attack it all the time. phpBB3 is a lot more secure and literally bot-free.Any plans for PHPBB 3 ?
phpBB2 has completely ceased development now. So if an exploit is found, it'll never be fixed.
- syedhs
- Silver Sponsor
- Posts: 2703
- Joined: Mon Aug 29, 2005 3:24 pm
- Location: Kuala Lumpur, Malaysia
- x 51
Err in a few days from now, Firefox 3 will be officially released.nullsquared wrote:Or, you know, just useSpaceDude wrote:If, like me, you don't fancy remembering 100 different passwords for different websites you can use something like KeePass ( http://keepass.info/ ) to store all your passwords in a database with 1 master password to unlock it.
A willow deeply scarred, somebody's broken heart
And a washed-out dream
They follow the pattern of the wind, ya' see
Cause they got no place to be
That's why I'm starting with me
And a washed-out dream
They follow the pattern of the wind, ya' see
Cause they got no place to be
That's why I'm starting with me
- danharibo
- Minaton
- Posts: 997
- Joined: Sat Feb 25, 2006 8:14 pm
- Location: Wales, United Kingdom
- Contact:
- DanielSefton
- Ogre Magi
- Posts: 1235
- Joined: Fri Oct 26, 2007 12:36 am
- Location: Mountain View, CA
- x 10
- Contact:
Eww.danharibo wrote:phpBB? pfft We use SMF
Don't get me wrong, SMF is a powerful piece of forum software. (Especially the modding system.) It just seems a bit too... Basic and unprofessional. But that's my opinion.
I never liked phpBB2 either, but phpBB3 has come on leaps and bounds. It's truly flawless, and the revamped ACP is great to work with.
- nullsquared
- Old One
- Posts: 3245
- Joined: Tue Apr 24, 2007 8:23 pm
- Location: NY, NY, USA
- x 11
Good point - I wanted to post the icon instead, but didn't find a suitable size, nor did I feel like manually resizing the gigantic vector-generated one I found on the internet. Have you pledged to the official FireFox Download Day on the 17th? I havesyedhs wrote:Err in a few days from now, Firefox 3 will be officially released.nullsquared wrote:Or, you know, just useSpaceDude wrote:If, like me, you don't fancy remembering 100 different passwords for different websites you can use something like KeePass ( http://keepass.info/ ) to store all your passwords in a database with 1 master password to unlock it.
- Frenetic
- Bugbear
- Posts: 806
- Joined: Fri Feb 03, 2006 7:08 am
I probably will, even though I use Opera mostly.nullsquared wrote:Have you pledged to the official FireFox Download Day on the 17th? I have
One of the main reasons I support Firefox is because it is the anti-IE. As anyone who develops for the Web should know, IE isn't actually software, but an entity forged from pure evil.
- DanielSefton
- Ogre Magi
- Posts: 1235
- Joined: Fri Oct 26, 2007 12:36 am
- Location: Mountain View, CA
- x 10
- Contact:
You can say that again. IE7 was a massive improvement though. Still not perfect, but compared to IE6, it's like bliss. Oh goodness, the horrors. It took twice as long to get your site to work in both FireFox and IE6 than it did to actually create the website.Frenetic wrote:One of the main reasons I support Firefox is because it is the anti-IE. As anyone who develops for the Web should know, IE isn't actually software, but an entity forged from pure evil.
- SpaceDude
- Bronze Sponsor
- Posts: 822
- Joined: Thu Feb 02, 2006 1:49 pm
- Location: Nottingham, UK
- x 3
- Contact:
Sure you can store passwords in firefox or other web browser. But there are several problems with this:
1- This is not very secure at all, they can be viewed by anyone with access to your computer through Tools -> Options -> Show Passwords...
2- You may want to remember passwords which are not linked with a particular website, e.g. password to MSN Messenger.
3- If you need to access your passwords from another computer or PDA there isn't an easy way to transfer them across.
4- It's quite easy to lose all your stored passwords by re-installing your web browser and forgetting to backup.
1- This is not very secure at all, they can be viewed by anyone with access to your computer through Tools -> Options -> Show Passwords...
2- You may want to remember passwords which are not linked with a particular website, e.g. password to MSN Messenger.
3- If you need to access your passwords from another computer or PDA there isn't an easy way to transfer them across.
4- It's quite easy to lose all your stored passwords by re-installing your web browser and forgetting to backup.
- nullsquared
- Old One
- Posts: 3245
- Joined: Tue Apr 24, 2007 8:23 pm
- Location: NY, NY, USA
- x 11
... -> Show Passwords -> Enter Master Password -> ... -> ProfitSpaceDude wrote:Sure you can store passwords in firefox or other web browser. But there are several problems with this:
1- This is not very secure at all, they can be viewed by anyone with access to your computer through Tools -> Options -> Show Passwords...
Fair point.2- You may want to remember passwords which are not linked with a particular website, e.g. password to MSN Messenger.
Fair point.3- If you need to access your passwords from another computer or PDA there isn't an easy way to transfer them across.
Rofl, I hard-rebooted and didn't close FireFox in the process - it reset to complete defaults, including the removal of all of my saved passwords4- It's quite easy to lose all your stored passwords by re-installing your web browser and forgetting to backup.