Security Risk - Change your passwords

[Ouija Board]

Yeah I tried changing my password but it's not letting me. I know what it is as it is simple but for some reason it's not letting me change it.

 

[CWCissey]

Good thing I'm not so fucking stupid as to have the same password everywhere!

 

[Wet]

Good thing I'm not so fucking stupid as to have the same password everywhere!

Or use an email address with your real name. People usually overlook that one.

 

[Datiko]

I used the same password elsewhere but its one of my throwaway passwords in the same way "Datiko" is just a random name I chose.

As a security professional I can say its unlikely they have the salt so there is very little risk. Still, its better to be safe than sorry.

@Null How did they DDOS you though? I thought the KiwiForums were behind cloudflare. Did you keep the same IP after you enrolled? I'm interested in knowing more so I can ask the local cloudflare guys.

 

[The Dude]

Woody Chan strikes again! Wait...

 

[Vodka's My BFF]

Done and done. Thanks, Null!

 

[Ouija Board]

It's also not letting me log in with my password on my phone. Null if you can can you PM me about it? I know you're busy and all but let me know either way.

 

[dabluearmedbandit]

My friend and I totally sperged the fuck out thinking it had something to do with Deagle Nation. Thanks for clarifying, I was halfway finished on my Hater Hitlist.

 

[Jumpin Jenkins]

Damnit, everything is the same password.

 

[Yog-Spergoth]

Damnit, everything is the same password.

Quick! Protect the Jontron fanfiction!

 

[LordCustos3]

Can't think of any other sites that I use this password/username pair.

 

[BadaBadaBoom]

Man, I'm getting kinda tired of coming up with long, impossible to remember passwords for the sake of security when servers just get hacked and it gets stolen anyway.

Not blaming this site or anyone else's but come on, just let me use abc123 at this point, fuck.

 

[cheersensei]

Considering half of my job is helping people reset passwords, it's probably high time I update all of mine. Never hurts to do so.

 

[Null]

I used the same password elsewhere but its one of my throwaway passwords in the same way "Datiko" is just a random name I chose.

As a security professional I can say its unlikely they have the salt so there is very little risk. Still, its better to be safe than sorry.

Yeah, that's what I think. The salt is in the config file and no damage to the system was done.

How did they DDOS you though? I thought the KiwiForums were behind cloudflare. Did you keep the same IP after you enrolled? I'm interested in knowing more so I can ask the local cloudflare guys.

Oh, I don't keep attack mode on all the time. Lower security levels of CF protected against early DDoS attacks but their later more effective ones required a different setup that's more intrusive to users, so I keep it off until they start.

From my tests the DDoS attacks last between 1 hour and 4 hours and they do it about once a month.

Also, the botnet is a real deal and from across the world so I feel this is a paid-for attack, as was whatever hit the DB.

 

[Ouija Board]

Well until I get this figured out or whatever I'm not logging off.

 

[Vodka's My BFF]

Well until I get this figured out or whatever I'm not logging off.

I second this.

 

[DX10]

Does the ride ever end?

 

[Null]

Well until I get this figured out or whatever I'm not logging off.

Do you want me to email you a new random password?

 

[Yog-Spergoth]

Does the ride ever end?

Never.

 

[NZDROW]

I used a shitty throwaway password for this account, and this entire username and identity is completely synthetic and has never been brought up anywhere but here and on Lolcow/Mr Enter wikis.

Think I'm good.