amuck-landowner

Protecting New Users From Themselves

xmob

xmob

New Member
It's a safe bet that there's going to be an exodus of biblical proportions of users from LET to here.

Considering that the LET user database has been compromised, what do we know of the hashing algorithm/salts used on LET?  I don't know enough about IPB, but is it possible to create a plugin that checks new users passwords are different to what was used on LET?

There's no need to reverse the hashes from LET, just regenerate them when a user signs up and make sure that the hashes don't match.

Could save a whole load of hurt in the future.  Just a thought.
 
shovenose

shovenose

New Member
Verified Provider
I think that is a bad idea personally. But this forum could expire all passwords in a month or so when everybody is migrated to here.
 
Nick

Nick

Moderator
Moderator
I don't want to get my hands involved with the database and I'm sure MannDude doesn't either.
 
X

XFS_Brian

New Member
Verified Provider
To much drama on LET. Yes, I did visit to see how the community was doing but I personally got tired of seeing all the drama over who owned LET.
 
MannDude

MannDude

Just a dude
vpsBoard Founder
Moderator
Nick said:
I don't want to get my hands involved with the database and I'm sure MannDude doesn't either.
Click to expand...
This.

Was it even confirmed that it was leaked? Either way, I don't want it and would not touch it.

It would be very wise however to not use the same password here, or anywhere for that matter. If your LET password was the same as, for example, the root pass on your servers, your email account, etc, then change everything immediately.
 
D

dAgent

New Member
tbh my first thought after I saw admin access for everyone was - what if people just start grabbing the db or leak it publicly
 
MannDude

MannDude

Just a dude
vpsBoard Founder
Moderator
dAgent said:
tbh my first thought after I saw admin access for everyone was - what if people just start grabbing the db or leak it publicly
Click to expand...
Was there an option in Vanilla to do this from the admin CP? Not quite sure.
 
mojeda

mojeda

New Member
MannDude said:
Was there an option in Vanilla to do this from the admin CP? Not quite sure.
Click to expand...
I don't think so, but visiting an user page showed the debug info that shows the user's password hash.

Does anyone know the extent of the hack? I assume it was just the front end that got hacked and no one was able to actually get into the server itself?
 
Last edited by a moderator:
You must log in or register to reply here.
Top
amuck-landowner