CRZ
Big Brother
Administrator
   
   
      
 
 
Since: 9.12.01
From: ミネアポリス
Since last post: 3 days
Last activity: 20 min.
|  #1 Posted on 11.7.08 1952.48 | Instant Rating: 8.78 | I'm pretty sure I saw some SQL injection attacks pass by a few hours ago. They were only after the admins' accounts but you never know. I've put some safeguards in place to ensure that their attacks will no longer work and will try to keep an eye out for any suspicious activity for the next week or so but for your own peace of mind, you might want to go ahead and change your password, then log back in with the new one.
 | Promote this thread! |           | rinberg
Boudin rouge
Since: 30.1.02
From: South Georgia
Since last post: 501 days
Last activity: 11 days
| #2 Posted on 11.7.08 2116.27 | Instant Rating: 9.00 | { Sorry, you must be logged in to see this text! }
This may or may not be relevant to the changes that you just made, but when I changed my password and clicked the "Edit Profile" button at the bottom of the page to save the new password, I was automatically logged out as expected, but the page displayed that error and wouldn't display the forums. When I logged in using my new password, everything appeared normal. When I logged out again everything appeared normal. In short, no harm done to me, but I thought you would want to know.
One of the Thirty-two (or maybe Thirty-four....)!
 | CRZ
Big Brother
Administrator
Since: 9.12.01
From: ミネアポリス
Since last post: 3 days
Last activity: 20 min.
| #3 Posted on 11.7.08 2210.00 | Instant Rating: 8.78 | No biggie. That message (and lack of forum action) is a side effect of your old password being kept on in your cookie...that's why logging in "fixes" it. I should probably recode it to log you out if you change your password, though. Hmm....I'll give it another looksee.
(edited by CRZ on 11.7.08 2213)
OK, I fixed it so you're automatically logged out if your password is changed. Click on the ol' "Login" link to get back in. If you have any problems, IM or email me.
(edited by CRZ on 11.7.08 2226)
| Dexley's Midnight Jogger
Pepperoni
Moderator
Since: 10.10.02
From: New Hampshire
Since last post: 84 days
Last activity: 10 hours
| #4 Posted on 13.7.08 1848.03 | Instant Rating: 7.18 | | I changed mine. I'm not keen on computer stuff and I have two different passwords for about 7 or 8 websites. Is there a school of thought whether this is a good idea or should I have multiple passwords? None of the sights are for financial accounts or anything serious. | Guru Zim
SQL Dejection
Administrator
Since: 9.12.01
From: Bay City, OR
Since last post: 6 days
Last activity: 1 hour
| AIM: |  |
| | |
| #5 Posted on 14.7.08 1059.53 | Instant Rating: 8.09 | I personally use a different password here than other sites, because I figure this is the most likely site I go to that could have problems  I don't have a lot of faith in this code being bulletproof. We do what we can.
Bank stuff should have a different password than low security stuff, yes. You should probably use different passwords for each banking service in case one is compromised.
Sign up for Folding@Home and join our team. PM me for details.
Ignorance is bliss for you, hell for me. | DJ FrostyFreeze
Knackwurst
Since: 2.1.02
From: Hawthorne, CA
Since last post: 10 days
Last activity: 1 hour
| #6 Posted on 14.7.08 1311.29 | Instant Rating: 8.03 | 
Originally posted by Guru Zim
I personally use a different password here than other sites, because I figure this is the most likely site I go to that could have problems I don't have a lot of faith in this code being bulletproof. We do what we can.
Bank stuff should have a different password than low security stuff, yes. You should probably use different passwords for each banking service in case one is compromised.
I used to have 5-6 different passwords for no good reason, but now I've got them narrowed down to 2 Important Stuff passwords (I only use one banking service site) and 1 I Dont Care About This Crap password.
WTF is that SMELL??? |
| rinberg
Boudin rouge
Since: 30.1.02
From: South Georgia
Since last post: 501 days
Last activity: 11 days
| #7 Posted on 15.7.08 0908.30 | Instant Rating: 9.00 | I'm trying to reform my behaviour concerning passwords. Formerly, I had three passwords with lengths of 6, 8, and 10 characters, one of which was numeric. Recently, after I started using the Portable Apps Suite (portableapps.com), I tried out the Portable Apps version (portableapps.com) of KeePass (keepass.info) and I've liked it pretty well.
Basically, I've come up with one REALLY LONG password with multiple numeric characters based on things that I can use to remind myself what that password is supposed to be. Then, I put the URLs to the sites that I wish to be secure, such as banking, into the KeePass database and allow KeePass to generate for me a more secure password: long and random. Since it uses the same encryption that the banks are using, I figure anyone that can hack it (so far there aren't any...) probably has bigger targets than a single person's accounts. Also, I don't keep it on my computer, so they kinda would need the USB drive that it is on before they could do anything with it.
Bonus (for me): the Portable Apps Suite includes a backup utility that I have used to make a zip file of the files on my USB drive, in case I lose the sucker...
--Oh, Zed, I almost forgot: I hadn't used *this* browser since changing my password, so of course the cookie didn't agree with the database. It's not that I'm trying to be a pain, I'm just trying to be thorough, but the same error showed up.
Lest you think that all I do is gripe gripe gripe though, let me suck up say how much I appreciate the time, effort, and money that you and Guru have put into this place. This is the best community on the web anywhere. Thank you.
*looks up*
Geez, I talk to much...
One of the Thirty-two (or maybe Thirty-four....)!
|
| | | | | | | |
Thread rated: 8.40