!!ATTENTION!! - Please Secure Your Passwords!

We sure do have a lot of rules and guidelines threads - find them all here, and please make sure you've read them! Also, community-wide announcements (that aren't major ZDoom News) go here as well.
User avatar
wildweasel
Posts: 21706
Joined: Tue Jul 15, 2003 7:33 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): A lot of them
Graphics Processor: Not Listed

!!ATTENTION!! - Please Secure Your Passwords!

Post by wildweasel »

You might have noticed, while logging into the forums, a message to the effect of "Too many login attempts," and asked to solve the forum's CAPTCHA question. If you've seen this message, your account is one of the apparent many that was involved in a recent attempt to brute-force passwords to the ZDoom Forums. Your account may or may not have been accessed, and a handful of old, abandoned accounts have been used...pretty much just to post stupid crap. If you have never seen this message, then you should assume that your password has been compromised and it is only a matter of time before your account is hijacked for shit posting.

Whether you've had this happen to you or not, it is highly recommended to change your passwords and secure them. I recommend a very long one, going by this guide, and testing your password's strength against known cracking algorithms with this tester. If any other accounts use the same password as your ZDoom Forums account, please change those as well, preferably to something different.

Further information can be found in these threads:
http://forum.zdoom.org/viewtopic.php?f=7&t=51994
http://forum.zdoom.org/viewtopic.php?f=4&t=52158

If you are a returning user and find that you have been warned or banned for something you did not do - OR if you are getting a message that your account has been "deactivated" - you may email me about it at wild PERIOD weasel ATSIGN gmail PERIOD com (you should know what to replace those all-caps words with, I hope).
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 49183
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Graf Zahl »

wildweasel wrote:and testing your password's strength against known cracking algorithms with this tester.
That's not particularly good, ranking 'Password' higher than 'grmblfxgrrr' (Disclaimer: I do not use either as a password! :mrgreen:
User avatar
wildweasel
Posts: 21706
Joined: Tue Jul 15, 2003 7:33 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): A lot of them
Graphics Processor: Not Listed

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by wildweasel »

Graf Zahl wrote:
wildweasel wrote:and testing your password's strength against known cracking algorithms with this tester.
That's not particularly good, ranking 'Password' higher than 'grmblfxgrrr' (Disclaimer: I do not use either as a password! :mrgreen:
Any suggestions for better ones would be welcomed. I wouldn't want to lead our user base astray.
User avatar
Coraline
Posts: 447
Joined: Wed Aug 15, 2012 3:41 pm
Location: California

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Coraline »

Ah, this explains a lot. I was hoping it wasn't just to attack/spam EDGE -- has it happened in other unrelated threads?
User avatar
Big C
Posts: 2839
Joined: Tue Oct 19, 2010 3:24 pm

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Big C »

Yes, yes it has. The Hideous Destructor club has been dealing with it for longer than we'd like at this point.
User avatar
catoidi
Posts: 150
Joined: Fri Apr 18, 2014 8:58 pm
Preferred Pronouns: She/Her

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by catoidi »

Good thing I saw this, I don't log into my account much, so I could've lost this account without me even knowing.
User avatar
Marrub
 
 
Posts: 1198
Joined: Tue Feb 26, 2013 2:48 pm
Preferred Pronouns: No Preference
Operating System Version (Optional): Arch Linux
Graphics Processor: ATI/AMD with Vulkan/Metal Support

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Marrub »

Apparently my password was changed. Not sure if that's my own fuck-up or related, but I had to reset my password to change it again. :P
If it's possible for a moderator to check this, could they? I would appreciate the peace of mind.
User avatar
BouncyTEM
Posts: 3821
Joined: Sun Aug 24, 2003 5:42 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): Windows 10
Graphics Processor: nVidia with Vulkan support
Location: 2280 Lol Street: The Calamitous Carnival (formerly Senators Prison)

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by BouncyTEM »

Yeah, I just changed mine, to be on the safe side.

Yikes, though.
User avatar
wildweasel
Posts: 21706
Joined: Tue Jul 15, 2003 7:33 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): A lot of them
Graphics Processor: Not Listed

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by wildweasel »

Marrub wrote:Apparently my password was changed. Not sure if that's my own fuck-up or related, but I had to reset my password to change it again. :P
If it's possible for a moderator to check this, could they? I would appreciate the peace of mind.
Looks like the only entries about password changes in your User Notes all came from your own IP, so you're good.
User avatar
InsanityBringer
Posts: 3392
Joined: Thu Jul 05, 2007 4:53 pm
Location: opening the forbidden box

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by InsanityBringer »

hmm, I'm suddenly extra glad that despite its age, phpbb3 still has sane password standards and accepts 30 char passwords with most of the options enabled in Keepass's password generator. I'd recommend keepass if anyone's looking for password vaults
User avatar
Marrub
 
 
Posts: 1198
Joined: Tue Feb 26, 2013 2:48 pm
Preferred Pronouns: No Preference
Operating System Version (Optional): Arch Linux
Graphics Processor: ATI/AMD with Vulkan/Metal Support

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Marrub »

Oh, good, so I am just a dumbass. :D
It greatly amuses me that someone was motivated enough to do a mass brute force (presumably with a generic phpbb skiddie brute forcer, or maybe they actually took the time and effort to make such a program) just to shitpost with the subject of Brutal Doom. Seriously.
User avatar
Big C
Posts: 2839
Joined: Tue Oct 19, 2010 3:24 pm

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Big C »

Marrub wrote:Oh, good, so I am just a dumbass. :D
It greatly amuses me that someone was motivated enough to do a mass brute force (presumably with a generic phpbb skiddie brute forcer, or maybe they actually took the time and effort to make such a program) just to shitpost with the subject of Brutal Doom. Seriously.
Honestly this is about the level of behavior I expect from Sarge's little fan club (as opposed to the part of the Brutal DooM fanbase that actually remembers how to play nice, like johnny), so it scarcely surprises me at all.

At any rate, glad this is getting taken care of one way or another. I just hope the trolling/hacking peters out sooner rather than later.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 49183
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Graf Zahl »

It's probably some ban-evader that already got flushed and is not wasting some other accounts to do his shit. I guess when looking through the recent bans it may even be possible to take a good guess who it is.

No idea how much scripting skill is needed to brute-force this stuff, but I wouldn't be surprised if he just got the list of user names and now goes through it with a list of common passwords, Chances are high that some fools are still using 'password' and other insecure words.
Soul Sucka
Posts: 141
Joined: Sun Apr 04, 2010 9:36 pm

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Soul Sucka »

Thanks for heads-up. Just changed my password.
User avatar
enderkevin13
Posts: 1383
Joined: Tue Jul 07, 2015 7:30 am
Location: :noiƚɒɔo⅃

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by enderkevin13 »

Wait, what have the trolls been doing lately? Posting nudity? Spam threads?

Return to “Rules and Forum Announcements”