!!!IMPORTANT: Passwords and Server Upgrades

knucracker · 1604


  • Administrator
  • *****
    • Posts: 11771
on: September 17, 2017, 04:38:05 pm
First, the actionable news:
After a review of the server, it appears the hashes of the SMF (the forum) passwords may have been stolen. I can't confirm they were, I just know some data was scraped by an automated tool.  The fault was not with the SMF forum, but with another system on the server.

Note that the forum does not store your password, it stores a hash of your password.  But a person who has the hash and the salt of a password can brute force guess the password.  If a password is short (and 10 characters is short), if it contains dictionary words, etc. the time to brute force a password can be short.  So out of an abundance of caution you should change your password.

General Password Recommendations for the Forums:
  • When you change your password, you should not use the same password you use at other sites.
  • Conversely, if your current password here on these forums is the same as you use on other sites, you should change your password on those other sites.
  • The length of your password is more important than the use of odd characters.  Since the forum doesn't store your password, it is a brute force attack that is most likely to successfully get your password. Brute force attacks succeed on short passwords, and can require much, much more computational time on longer passwords.

Now, after my review of the server I have done a complete upgrade of the server. I've also reviewed the database, scripts, etc. Other than a few glitches here and there you should not notice any difference to nearly anything. The forum chat is currently not working, but I am looking into that.

In good news, I have updated the Creeper World 3 database query for retrieving maps.  It should be much more efficient now (like 60x faster). That should also reduce the load on the server and make other queries faster as well. Some of the brief pauses you may have seen in the past may now lessen.