Email from Suikosource about being hacked I think......
- Jocky
- Posts: 150
- Joined: Fri Nov 01, 2013 12:48 am
- Location: Scotland
Re: Email from Suikosource about being hacked I think......
I'm glad that it's, as you put it, benign. I'd hate to lose access to what I believe is the best treasure trove of Suikoden knowledge on the Web. And I'm glad that the second password reset I had to do was because of the admins resetting things rather than anything else.
Well, it may have been under less than perfect circumstances, but I'm back on the site so if I can help in any way, let me know.
Well, it may have been under less than perfect circumstances, but I'm back on the site so if I can help in any way, let me know.
- Celes
- Global Admin
- Posts: 1422
- Joined: Sun Nov 12, 2006 6:25 pm
Re: Email from Suikosource about being hacked I think......
It doesn't help much now, but I exacerbate the required complexity for future passwords nevertheless. Thus it will be harder for bots to trial and error ...
- Kirkis
- Posts: 275
- Joined: Sun Jul 09, 2006 6:10 pm
- Location: Pittsburgh, PA
- Contact:
Re: Email from Suikosource about being hacked I think......
I requested it make a new password for me, which works... and it's saved in an e-mail I'll forget. Currently the password is reccomended to be TWENTY characters long. Is that correct or is this something the hacker also tampered with, because that seems insanely excessive?
- Kirkis
- Mikain Clan King
- Posts: 439
- Joined: Tue Mar 11, 2008 6:32 pm
- Location: Playing games on my computer
Re: Email from Suikosource about being hacked I think......
It's been a while since I've visited. Admin's set the requirement to 20 characters correct? Anything more (but no less) than 8 characters is reliably redundant provided the lower character, upper character, and symbol requirement.
A head's up for people that have posted and/or are reading this:
In the future I suggest that you do not click any links from a suspicious email. Malicious code can be contained in what seems to be a normal link; even if the page directs to what was expected. In this case, simply navigate to the site as normal and change your password.
A head's up for people that have posted and/or are reading this:
In the future I suggest that you do not click any links from a suspicious email. Malicious code can be contained in what seems to be a normal link; even if the page directs to what was expected. In this case, simply navigate to the site as normal and change your password.
"The duel with Genkaku.... It continues here....."
-Han Cunningham
"This is your final test... Can you win this time, Riou?"
-Leon Silverburg
-Han Cunningham
"This is your final test... Can you win this time, Riou?"
-Leon Silverburg
- Celes
- Global Admin
- Posts: 1422
- Joined: Sun Nov 12, 2006 6:25 pm
Re: Email from Suikosource about being hacked I think......
A length of 10 seems to be suitable. Passwords must contain mixed case letters, numbers and symbols.
The "remember me" login key expires now after 99 days.
The "remember me" login key expires now after 99 days.
- Vextor
- Global Admin
- Posts: 1879
- Joined: Sun Jun 27, 2004 2:45 am
- Location: Japan
- Contact:
Re: Email from Suikosource about being hacked I think......
Currently trying to figure out how exactly this extremely adept hacker got into this site. Until we have a good idea how they got in, it is basically a good practice to use extremely difficult passwords. I am paying a third-party net security guy to get things under control and put up additional safeguards for the site (because I personally have so little time). The priority is making sure the content of this site is protected.
- Jocky
- Posts: 150
- Joined: Fri Nov 01, 2013 12:48 am
- Location: Scotland
Re: Email from Suikosource about being hacked I think......
I understand the need for complex passwords in order to make them less likely to be randomly guessed by bots but going with what Vextor said,Celes wrote:A length of 10 seems to be suitable. Passwords must contain mixed case letters, numbers and symbols.
The "remember me" login key expires now after 99 days.
it wouldn't have mattered whether the password you had was 200 characters long!Vextor wrote:...likely there was some exploit that allowed the hacker to enter an account without inputting the password at all.
I understand that you don't have a definite answer as to how the intruder got in, and again, making sure that your password is a complex one will help with account security. But is there anything else that we mere mortals (standard users) can do to increase the level of protection for ourselves? Or is it possible that the gods (admins) could implement a 'captcha' system, or other similar bot countermeasure to the site? I know I probably speak for a lot of users here when I say that I dislike most captchas systems because they are horrendously bad. But I'd be more than happy to put up with something like that on the SS forums for the sake of adding a little extra security to this great site!
-
- Global Admin
- Posts: 2861
- Joined: Tue Mar 15, 2005 10:41 am
- Location: ON, Canada
Re: Email from Suikosource about being hacked I think......
Crazy. I of course got the e-mail as well. Also couldn't log in with my password anymore so had to reset it. Whoopie. . .
- Mikain Clan King
- Posts: 439
- Joined: Tue Mar 11, 2008 6:32 pm
- Location: Playing games on my computer
Re: Email from Suikosource about being hacked I think......
I spoke of anything more, again no less, than 8 characters with symbols etc.. as being reliably redundant in that it is essentially pointless to require more. As long as the password is above 7 characters (symbols etc..) it will take a dedicated computer many years to brute force the password. I doubt anyone would care for users' forum passwords given the resources needed to shorten that time (i.e. multiple computers); if so, don't count on that security anyway.
Again I ask, admins were the ones to set the length of 20 correct? If the site is still unstable then whomever breached the site may obtain the passwords as they're reset. Please do not reset your passwords using the potentially malicious email link. If you've done so already I suggest resetting the password through normal means.
Again I ask, admins were the ones to set the length of 20 correct? If the site is still unstable then whomever breached the site may obtain the passwords as they're reset. Please do not reset your passwords using the potentially malicious email link. If you've done so already I suggest resetting the password through normal means.
"The duel with Genkaku.... It continues here....."
-Han Cunningham
"This is your final test... Can you win this time, Riou?"
-Leon Silverburg
-Han Cunningham
"This is your final test... Can you win this time, Riou?"
-Leon Silverburg
- Jocky
- Posts: 150
- Joined: Fri Nov 01, 2013 12:48 am
- Location: Scotland
Re: Email from Suikosource about being hacked I think......
Any news about this?
-
- Global Admin
- Posts: 5
- Joined: Sun Mar 13, 2016 8:27 pm
Re: Email from Suikosource about being hacked I think......
I've finished writing up an announcement with Q&A on where we are right now. I'll make a separate post with it in just a second, and will e-mail it out to all members. Sorry this took a while!
- Jocky
- Posts: 150
- Joined: Fri Nov 01, 2013 12:48 am
- Location: Scotland
Re: Email from Suikosource about being hacked I think......
Well I'm impressed to see how much effort is going in to finding out when and how this happened. I know enough about website hosting and whatnot, but probably not as much as I should, to understand how much time and effort it would take to go through all of the code of a website as big as SS. All I can say is that I don't envy the task ahead of you guys! But, I'm really glad Suikosource is still alive and kicking! As I mentioned before, if you want/need a hand with anything, I'm more than happy to help. (and I'll bet I'm not the only one who feels that way!)
Keep up the great work guys!
Keep up the great work guys!
-
- Forum Moderator
- Posts: 869
- Joined: Sun May 18, 2014 2:43 pm
Re: Email from Suikosource about being hacked I think......
Did everybody get that mail? I never got it.
And why is there no "Quick Reply" option in this topic here? (I had to use the citation option to post this)
And why is there no "Quick Reply" option in this topic here? (I had to use the citation option to post this)
"Within the four seas, all men are brothers" Shuihu Zhuan
-
- Global Admin
- Posts: 2861
- Joined: Tue Mar 15, 2005 10:41 am
- Location: ON, Canada
Re: Email from Suikosource about being hacked I think......
I got the e-mail. Seems pretty indepth.
Also the new password requirements are super crazy. Took me a while to make a new one. But they should at least be pretty hard to crack one would hope?
Also the new password requirements are super crazy. Took me a while to make a new one. But they should at least be pretty hard to crack one would hope?
- Mikain Clan King
- Posts: 439
- Joined: Tue Mar 11, 2008 6:32 pm
- Location: Playing games on my computer
Re: Email from Suikosource about being hacked I think......
I received the email.
I did notice that the admins mentioned going through the code looking for changes; hopefully not manually. If not just for any others benefit, I suggest a program like Compare It!.
I did notice that the admins mentioned going through the code looking for changes; hopefully not manually. If not just for any others benefit, I suggest a program like Compare It!.
"The duel with Genkaku.... It continues here....."
-Han Cunningham
"This is your final test... Can you win this time, Riou?"
-Leon Silverburg
-Han Cunningham
"This is your final test... Can you win this time, Riou?"
-Leon Silverburg