Protecting New Users From Themselves

Discussion in 'The Pub (Off topic discussion)' started by xmob, May 16, 2013.

Tags:
  1. xmob

    xmob New Member

    26
    2
    May 16, 2013
    It's a safe bet that there's going to be an exodus of biblical proportions of users from LET to here.

    Considering that the LET user database has been compromised, what do we know of the hashing algorithm/salts used on LET?  I don't know enough about IPB, but is it possible to create a plugin that checks new users passwords are different to what was used on LET?

    There's no need to reverse the hashes from LET, just regenerate them when a user signs up and make sure that the hashes don't match.

    Could save a whole load of hurt in the future.  Just a thought.
     
  2. shovenose

    shovenose New Member Verified Provider

    819
    101
    May 13, 2013
    I think that is a bad idea personally. But this forum could expire all passwords in a month or so when everybody is migrated to here.
     
  3. Nick

    Nick Moderator Moderator

    183
    81
    Apr 3, 2013
    I don't want to get my hands involved with the database and I'm sure MannDude doesn't either.
     
    David likes this.
  4. Afterburst-Charlie

    Afterburst-Charlie New Member Verified Provider

    24
    0
    May 16, 2013
    What would be the best thing to do would be to simply shut it down for good, it has had its run.
     
  5. shovenose

    shovenose New Member Verified Provider

    819
    101
    May 13, 2013
    Shut what down, LowEndTalk?
     
  6. XFS_Brian

    XFS_Brian New Member Verified Provider

    27
    9
    May 16, 2013
    To much drama on LET. Yes, I did visit to see how the community was doing but I personally got tired of seeing all the drama over who owned LET.
     
  7. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    This.

    Was it even confirmed that it was leaked? Either way, I don't want it and would not touch it.

    It would be very wise however to not use the same password here, or anywhere for that matter. If your LET password was the same as, for example, the root pass on your servers, your email account, etc, then change everything immediately.
     
  8. dAgent

    dAgent New Member

    17
    5
    May 15, 2013
    tbh my first thought after I saw admin access for everyone was - what if people just start grabbing the db or leak it publicly
     
  9. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    Was there an option in Vanilla to do this from the admin CP? Not quite sure.
     
  10. mojeda

    mojeda New Member

    347
    183
    May 14, 2013
    I don't think so, but visiting an user page showed the debug info that shows the user's password hash.

    Does anyone know the extent of the hack? I assume it was just the front end that got hacked and no one was able to actually get into the server itself?
     
    Last edited by a moderator: May 16, 2013