Protecting New Users From Themselves

xmob

New Member
It's a safe bet that there's going to be an exodus of biblical proportions of users from LET to here.

Considering that the LET user database has been compromised, what do we know of the hashing algorithm/salts used on LET?  I don't know enough about IPB, but is it possible to create a plugin that checks new users passwords are different to what was used on LET?

There's no need to reverse the hashes from LET, just regenerate them when a user signs up and make sure that the hashes don't match.

Could save a whole load of hurt in the future.  Just a thought.
 

shovenose

New Member
Verified Provider
I think that is a bad idea personally. But this forum could expire all passwords in a month or so when everybody is migrated to here.
 

Nick

Moderator
Moderator
I don't want to get my hands involved with the database and I'm sure MannDude doesn't either.
 

XFS_Brian

New Member
Verified Provider
To much drama on LET. Yes, I did visit to see how the community was doing but I personally got tired of seeing all the drama over who owned LET.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
I don't want to get my hands involved with the database and I'm sure MannDude doesn't either.
This.

Was it even confirmed that it was leaked? Either way, I don't want it and would not touch it.

It would be very wise however to not use the same password here, or anywhere for that matter. If your LET password was the same as, for example, the root pass on your servers, your email account, etc, then change everything immediately.
 

dAgent

New Member
tbh my first thought after I saw admin access for everyone was - what if people just start grabbing the db or leak it publicly
 

MannDude

Just a dude
vpsBoard Founder
Moderator
tbh my first thought after I saw admin access for everyone was - what if people just start grabbing the db or leak it publicly
Was there an option in Vanilla to do this from the admin CP? Not quite sure.
 

mojeda

New Member
Was there an option in Vanilla to do this from the admin CP? Not quite sure.
I don't think so, but visiting an user page showed the debug info that shows the user's password hash.

Does anyone know the extent of the hack? I assume it was just the front end that got hacked and no one was able to actually get into the server itself?
 
Last edited by a moderator:
Top