Email from Suikosource about being hacked I think......

A place for members to ask moderators and admins any questions regarding forum rules and maybe even suggestions for the site!
User avatar
Jocky
Posts: 150
Joined: Fri Nov 01, 2013 12:48 am
Location: Scotland

Re: Email from Suikosource about being hacked I think......

Post by Jocky »

I'm glad that it's, as you put it, benign. I'd hate to lose access to what I believe is the best treasure trove of Suikoden knowledge on the Web. And I'm glad that the second password reset I had to do was because of the admins resetting things rather than anything else.
Well, it may have been under less than perfect circumstances, but I'm back on the site so if I can help in any way, let me know. :D
User avatar
Celes
Global Admin
Posts: 1422
Joined: Sun Nov 12, 2006 6:25 pm

Re: Email from Suikosource about being hacked I think......

Post by Celes »

It doesn't help much now, but I exacerbate the required complexity for future passwords nevertheless. Thus it will be harder for bots to trial and error ...
User avatar
Kirkis
Posts: 275
Joined: Sun Jul 09, 2006 6:10 pm
Location: Pittsburgh, PA
Contact:

Re: Email from Suikosource about being hacked I think......

Post by Kirkis »

I requested it make a new password for me, which works... and it's saved in an e-mail I'll forget. Currently the password is reccomended to be TWENTY characters long. Is that correct or is this something the hacker also tampered with, because that seems insanely excessive?
- Kirkis
User avatar
Mikain Clan King
Posts: 439
Joined: Tue Mar 11, 2008 6:32 pm
Location: Playing games on my computer

Re: Email from Suikosource about being hacked I think......

Post by Mikain Clan King »

It's been a while since I've visited. Admin's set the requirement to 20 characters correct? Anything more (but no less) than 8 characters is reliably redundant provided the lower character, upper character, and symbol requirement.

A head's up for people that have posted and/or are reading this:
In the future I suggest that you do not click any links from a suspicious email. Malicious code can be contained in what seems to be a normal link; even if the page directs to what was expected. In this case, simply navigate to the site as normal and change your password.
"The duel with Genkaku.... It continues here....."
-Han Cunningham

"This is your final test... Can you win this time, Riou?"
-Leon Silverburg
User avatar
Celes
Global Admin
Posts: 1422
Joined: Sun Nov 12, 2006 6:25 pm

Re: Email from Suikosource about being hacked I think......

Post by Celes »

A length of 10 seems to be suitable. Passwords must contain mixed case letters, numbers and symbols.
The "remember me" login key expires now after 99 days.
User avatar
Vextor
Global Admin
Posts: 1866
Joined: Sun Jun 27, 2004 2:45 am
Location: Japan
Contact:

Re: Email from Suikosource about being hacked I think......

Post by Vextor »

Currently trying to figure out how exactly this extremely adept hacker got into this site. Until we have a good idea how they got in, it is basically a good practice to use extremely difficult passwords. I am paying a third-party net security guy to get things under control and put up additional safeguards for the site (because I personally have so little time). The priority is making sure the content of this site is protected.
User avatar
Jocky
Posts: 150
Joined: Fri Nov 01, 2013 12:48 am
Location: Scotland

Re: Email from Suikosource about being hacked I think......

Post by Jocky »

Celes wrote:A length of 10 seems to be suitable. Passwords must contain mixed case letters, numbers and symbols.
The "remember me" login key expires now after 99 days.
I understand the need for complex passwords in order to make them less likely to be randomly guessed by bots but going with what Vextor said,
Vextor wrote:...likely there was some exploit that allowed the hacker to enter an account without inputting the password at all.
it wouldn't have mattered whether the password you had was 200 characters long!
I understand that you don't have a definite answer as to how the intruder got in, and again, making sure that your password is a complex one will help with account security. But is there anything else that we mere mortals (standard users) can do to increase the level of protection for ourselves? Or is it possible that the gods (admins) could implement a 'captcha' system, or other similar bot countermeasure to the site? I know I probably speak for a lot of users here when I say that I dislike most captchas systems because they are horrendously bad. But I'd be more than happy to put up with something like that on the SS forums for the sake of adding a little extra security to this great site!
:)
Oppenheimer
Global Admin
Posts: 2861
Joined: Tue Mar 15, 2005 10:41 am
Location: ON, Canada

Re: Email from Suikosource about being hacked I think......

Post by Oppenheimer »

Crazy. I of course got the e-mail as well. Also couldn't log in with my password anymore so had to reset it. Whoopie. . .
User avatar
Mikain Clan King
Posts: 439
Joined: Tue Mar 11, 2008 6:32 pm
Location: Playing games on my computer

Re: Email from Suikosource about being hacked I think......

Post by Mikain Clan King »

I spoke of anything more, again no less, than 8 characters with symbols etc.. as being reliably redundant in that it is essentially pointless to require more. As long as the password is above 7 characters (symbols etc..) it will take a dedicated computer many years to brute force the password. I doubt anyone would care for users' forum passwords given the resources needed to shorten that time (i.e. multiple computers); if so, don't count on that security anyway.

Again I ask, admins were the ones to set the length of 20 correct? If the site is still unstable then whomever breached the site may obtain the passwords as they're reset. Please do not reset your passwords using the potentially malicious email link. If you've done so already I suggest resetting the password through normal means.
"The duel with Genkaku.... It continues here....."
-Han Cunningham

"This is your final test... Can you win this time, Riou?"
-Leon Silverburg
User avatar
Jocky
Posts: 150
Joined: Fri Nov 01, 2013 12:48 am
Location: Scotland

Re: Email from Suikosource about being hacked I think......

Post by Jocky »

Any news about this?
Calculus
Global Admin
Posts: 5
Joined: Sun Mar 13, 2016 8:27 pm

Re: Email from Suikosource about being hacked I think......

Post by Calculus »

I've finished writing up an announcement with Q&A on where we are right now. I'll make a separate post with it in just a second, and will e-mail it out to all members. Sorry this took a while!
User avatar
Jocky
Posts: 150
Joined: Fri Nov 01, 2013 12:48 am
Location: Scotland

Re: Email from Suikosource about being hacked I think......

Post by Jocky »

Well I'm impressed to see how much effort is going in to finding out when and how this happened. I know enough about website hosting and whatnot, but probably not as much as I should, to understand how much time and effort it would take to go through all of the code of a website as big as SS. All I can say is that I don't envy the task ahead of you guys! But, I'm really glad Suikosource is still alive and kicking! As I mentioned before, if you want/need a hand with anything, I'm more than happy to help. (and I'll bet I'm not the only one who feels that way!)

Keep up the great work guys! :D
Wolkendrache
Forum Moderator
Posts: 869
Joined: Sun May 18, 2014 2:43 pm

Re: Email from Suikosource about being hacked I think......

Post by Wolkendrache »

Did everybody get that mail? I never got it.

And why is there no "Quick Reply" option in this topic here? (I had to use the citation option to post this)
"Within the four seas, all men are brothers" Shuihu Zhuan
Oppenheimer
Global Admin
Posts: 2861
Joined: Tue Mar 15, 2005 10:41 am
Location: ON, Canada

Re: Email from Suikosource about being hacked I think......

Post by Oppenheimer »

I got the e-mail. Seems pretty indepth.

Also the new password requirements are super crazy. Took me a while to make a new one. But they should at least be pretty hard to crack one would hope?
User avatar
Mikain Clan King
Posts: 439
Joined: Tue Mar 11, 2008 6:32 pm
Location: Playing games on my computer

Re: Email from Suikosource about being hacked I think......

Post by Mikain Clan King »

I received the email.

I did notice that the admins mentioned going through the code looking for changes; hopefully not manually. If not just for any others benefit, I suggest a program like Compare It!.
"The duel with Genkaku.... It continues here....."
-Han Cunningham

"This is your final test... Can you win this time, Riou?"
-Leon Silverburg
Post Reply