!!ATTENTION!! - Please Secure Your Passwords!

We sure do have a lot of rules and guidelines threads - find them all here, and please make sure you've read them! Also, community-wide announcements (that aren't major ZDoom News) go here as well.

!!ATTENTION!! - Please Secure Your Passwords!

Postby wildweasel » Tue May 24, 2016 5:33 pm

You might have noticed, while logging into the forums, a message to the effect of "Too many login attempts," and asked to solve the forum's CAPTCHA question. If you've seen this message, your account is one of the apparent many that was involved in a recent attempt to brute-force passwords to the ZDoom Forums. Your account may or may not have been accessed, and a handful of old, abandoned accounts have been used...pretty much just to post stupid crap. If you have never seen this message, then you should assume that your password has been compromised and it is only a matter of time before your account is hijacked for shit posting.

Whether you've had this happen to you or not, it is highly recommended to change your passwords and secure them. I recommend a very long one, going by this guide, and testing your password's strength against known cracking algorithms with this tester. If any other accounts use the same password as your ZDoom Forums account, please change those as well, preferably to something different.

Further information can be found in these threads:
viewtopic.php?f=7&t=51994
viewtopic.php?f=4&t=52158

If you are a returning user and find that you have been warned or banned for something you did not do - OR if you are getting a message that your account has been "deactivated" - you may email me about it at wild PERIOD weasel ATSIGN gmail PERIOD com (you should know what to replace those all-caps words with, I hope).
User avatar
wildweasel
「お前はもうトースト」[you are already toast.]
Moderator Team Lead
 
Joined: 15 Jul 2003

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Graf Zahl » Tue May 24, 2016 5:54 pm

wildweasel wrote:and testing your password's strength against known cracking algorithms with this tester.


That's not particularly good, ranking 'Password' higher than 'grmblfxgrrr' (Disclaimer: I do not use either as a password! :mrgreen:
User avatar
Graf Zahl
Lead GZDoom Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby wildweasel » Tue May 24, 2016 6:00 pm

Graf Zahl wrote:
wildweasel wrote:and testing your password's strength against known cracking algorithms with this tester.


That's not particularly good, ranking 'Password' higher than 'grmblfxgrrr' (Disclaimer: I do not use either as a password! :mrgreen:

Any suggestions for better ones would be welcomed. I wouldn't want to lead our user base astray.
User avatar
wildweasel
「お前はもうトースト」[you are already toast.]
Moderator Team Lead
 
Joined: 15 Jul 2003

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Coraline » Tue May 24, 2016 6:27 pm

Ah, this explains a lot. I was hoping it wasn't just to attack/spam EDGE -- has it happened in other unrelated threads?
User avatar
Coraline
3DGE Developer
 
Joined: 15 Aug 2012
Location: California

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Big C » Tue May 24, 2016 6:29 pm

Yes, yes it has. The Hideous Destructor club has been dealing with it for longer than we'd like at this point.
User avatar
Big C
 
Joined: 19 Oct 2010

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby IdiotBitz » Tue May 24, 2016 6:36 pm

Good thing I saw this, I don't log into my account much, so I could've lost this account without me even knowing.
User avatar
IdiotBitz
yes
 
Joined: 18 Apr 2014
Discord: IdiotBitz#1639

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Marrub » Tue May 24, 2016 6:38 pm

Apparently my password was changed. Not sure if that's my own fuck-up or related, but I had to reset my password to change it again. :P
If it's possible for a moderator to check this, could they? I would appreciate the peace of mind.
User avatar
Marrub
Xevv Va Rkvyr
 
 
 
Joined: 26 Feb 2013
Discord: Marrub#5455
Twitch ID: marrubdaskuleion

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby BouncyTEM » Tue May 24, 2016 6:39 pm

Yeah, I just changed mine, to be on the safe side.

Yikes, though.
User avatar
BouncyTEM
All Caps Guy, Maker of Sir Belfin Dramatic Reading Series.
 
Joined: 24 Aug 2003
Location: 2280 Lol Street: The Calamitous Carnival (formerly Senators Prison)

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby wildweasel » Tue May 24, 2016 6:42 pm

Marrub wrote:Apparently my password was changed. Not sure if that's my own fuck-up or related, but I had to reset my password to change it again. :P
If it's possible for a moderator to check this, could they? I would appreciate the peace of mind.

Looks like the only entries about password changes in your User Notes all came from your own IP, so you're good.
User avatar
wildweasel
「お前はもうトースト」[you are already toast.]
Moderator Team Lead
 
Joined: 15 Jul 2003

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby InsanityBringer » Tue May 24, 2016 6:45 pm

hmm, I'm suddenly extra glad that despite its age, phpbb3 still has sane password standards and accepts 30 char passwords with most of the options enabled in Keepass's password generator. I'd recommend keepass if anyone's looking for password vaults
User avatar
InsanityBringer
 
Joined: 05 Jul 2007
Location: opening the forbidden box
Discord: InsanityBringer#9908

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Marrub » Tue May 24, 2016 6:47 pm

Oh, good, so I am just a dumbass. :D
It greatly amuses me that someone was motivated enough to do a mass brute force (presumably with a generic phpbb skiddie brute forcer, or maybe they actually took the time and effort to make such a program) just to shitpost with the subject of Brutal Doom. Seriously.
User avatar
Marrub
Xevv Va Rkvyr
 
 
 
Joined: 26 Feb 2013
Discord: Marrub#5455
Twitch ID: marrubdaskuleion

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Big C » Tue May 24, 2016 6:53 pm

Marrub wrote:Oh, good, so I am just a dumbass. :D
It greatly amuses me that someone was motivated enough to do a mass brute force (presumably with a generic phpbb skiddie brute forcer, or maybe they actually took the time and effort to make such a program) just to shitpost with the subject of Brutal Doom. Seriously.


Honestly this is about the level of behavior I expect from Sarge's little fan club (as opposed to the part of the Brutal DooM fanbase that actually remembers how to play nice, like johnny), so it scarcely surprises me at all.

At any rate, glad this is getting taken care of one way or another. I just hope the trolling/hacking peters out sooner rather than later.
User avatar
Big C
 
Joined: 19 Oct 2010

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Graf Zahl » Tue May 24, 2016 6:54 pm

It's probably some ban-evader that already got flushed and is not wasting some other accounts to do his shit. I guess when looking through the recent bans it may even be possible to take a good guess who it is.

No idea how much scripting skill is needed to brute-force this stuff, but I wouldn't be surprised if he just got the list of user names and now goes through it with a list of common passwords, Chances are high that some fools are still using 'password' and other insecure words.
User avatar
Graf Zahl
Lead GZDoom Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Soul Sucka » Tue May 24, 2016 7:02 pm

Thanks for heads-up. Just changed my password.
Soul Sucka
 
Joined: 04 Apr 2010

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby enderkevin13 » Tue May 24, 2016 7:23 pm

Wait, what have the trolls been doing lately? Posting nudity? Spam threads?
User avatar
enderkevin13
Official abbadon of ZDoom
Banned User
 
Joined: 07 Jul 2015
Location: :noiƚɒɔo⅃

Next

Return to Rules and Forum Announcements

Who is online

Users browsing this forum: No registered users and 2 guests