» Site Navigation
3 members and 2,985 guests
Most users ever online was 6,337, 01-24-2020 at 04:30 AM.
» Today's Birthdays
» Stats
Members: 75,093
Threads: 248,533
Posts: 2,568,696
Top Poster: JLC (31,651)
|
-
SECURITY ALERT!! -- Please Read!!
Spammers....the parasitic slime of all good internet sites....have found a new technique for infiltrating our site and spreading their filth.
I highly encourage...strongly encourage...EVERYone who reads this, if you have a registered account here at BP.net, whether you post every day, or just lurk and read (especially if you just lurk and read, I fear) CHANGE YOUR PASSWORD. Make it something truly secure, with a mix of uppercase and lowercase letters, numbers, special symbols and no obvious, actual words.
Hopefully our tech guy can find this security leak and plug it up tight. I don't really know how this is being done. But changing to a truly secure password is the first logical step to keeping the bad guys out.
-
The Following 9 Users Say Thank You to JLC For This Useful Post:
Albert Clark (03-27-2015),Clementine_3 (02-25-2015),Gio (03-30-2015),Popeye (03-31-2015),Ridinandreptiles (03-31-2015),Snoopyslim (07-30-2016),The Golem (02-25-2015),tttaylorrr (03-30-2015),WarriorPrincess90 (02-25-2015)
-
Are they hacking legitimate accounts?
- Nakita
-
-
Wait, are they getting the passwords of users and taking over their accounts? Could they not just be poor passwords that have been brute forced or figured out from patterns of passwords or even commandeered email accounts? If that is the case, it may not be the sites issue.
~~~~~~~~~~~~~~~~~~~~~~~~~~
I own:
1.0 Reduced Normal Ball Python [Peter]
0.1 Harlequin Crestie [Amelia]
~~~~~~~~~~~~~~~~~~~~~~~~~~
The other half owns:
1.0 Orange Dalmatian Crestie [Archie]
0.1 Golden Dalmatian Crestie [Banana]
~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-
Re: SECURITY ALERT!! -- Please Read!!
So is the security flaw only effecting weak passwords? If our password already meets your description above does it still need to be changed?
-
-
Re: SECURITY ALERT!! -- Please Read!!
It is always good to be safe, however, even if anyone has gotten any access to the site, the passwords shouldn't be stored in plaintext, and should be encrypted. Which they most likely are.
~~~~~~~~~~~~~~~~~~~~~~~~~~
I own:
1.0 Reduced Normal Ball Python [Peter]
0.1 Harlequin Crestie [Amelia]
~~~~~~~~~~~~~~~~~~~~~~~~~~
The other half owns:
1.0 Orange Dalmatian Crestie [Archie]
0.1 Golden Dalmatian Crestie [Banana]
~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-
Re: SECURITY ALERT!! -- Please Read!!
Originally Posted by George1994
Wait, are they getting the passwords of users and taking over their accounts? Could they not just be poor passwords that have been brute forced or figured out from patterns of passwords or even commandeered email accounts? If that is the case, it may not be the sites issue.
We don't know yet. The problem MAY be poor passwords that have been "brute forced" and that is the reason for this warning. If you have a weak password, it needs to be changed.
Yes, our password database is encrypted. I can't tell anyone what their password is. I can only change them if one gets forgotten. I really don't think the security breach is THAT big that they've gotten into all the actual account keys. But they've gotten into SOME, and until we know why and how, it behooves everyone to make sure they have something not easily forced.
If you already have one that you feel is sufficiently strong, it should be fine. If they can see past the encryption and look at everything anyhow, then changing it wouldn't make much difference anyhow.
-
-
Re: SECURITY ALERT!! -- Please Read!!
Nice, this is good news. I doubt they have managed to get the keys, and the sure as hell haven't beaten the encryption haha! My first guess was either brute forcing or people using the same passwords etc. Thanks for the news.
~~~~~~~~~~~~~~~~~~~~~~~~~~
I own:
1.0 Reduced Normal Ball Python [Peter]
0.1 Harlequin Crestie [Amelia]
~~~~~~~~~~~~~~~~~~~~~~~~~~
The other half owns:
1.0 Orange Dalmatian Crestie [Archie]
0.1 Golden Dalmatian Crestie [Banana]
~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-
Registered User
I only really use my account for lurking and reading purposes, but I did receive an email on 2/12 letting me know someone had unsuccessfully tried to log in to my account. Do you all need/want me to forward it on to you?
-
The Following User Says Thank You to wolfayal For This Useful Post:
-
This is most likely a matter of accounts with very weak passwords like "password" becoming compromised. However, the fact is, spammers are gaining access to some accounts and it is in everyone's best interest to make sure they have a strong password as mentioned above and it never hurts to update your password to something new just to be on the safe side. If you received an email about someone attempting to log in to your account you should most definitely change your password to something as secure as possible.
Last edited by mlededee; 02-25-2015 at 02:51 PM.
- Emily
-
-
We have updated files and changed some settings, so at this point we should be good to go. There were never any security breaches or anything serious, this was just a straightforward dictionary attack that likely picked up on a few accounts with easy passwords. If you have a super simple password, it would still be a good idea to change it to something more secure, but that is true for any web site. If you receive any suspicious private messages in the future please report them and we will take care of the issue right away.
- Emily
-
The Following 8 Users Say Thank You to mlededee For This Useful Post:
ballpythonluvr (02-26-2015),Citrus (02-25-2015),Clementine_3 (02-25-2015),Felidae (02-25-2015),George1994 (02-25-2015),JLC (02-25-2015),OhhWatALoser (02-25-2015),Popeye (03-31-2015)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|