Putting the 'role' back in role-playing games since 2002.
Donate to Codex
Good Old Games
  • Welcome to rpgcodex.net, a site dedicated to discussing computer based role-playing games in a free and open fashion. We're less strict than other forums, but please refer to the rules.

    "This message is awaiting moderator approval": All new users must pass through our moderation queue before they will be able to post normally. Until your account has "passed" your posts will only be visible to yourself (and moderators) until they are approved. Give us a week to get around to approving / deleting / ignoring your mundane opinion on crap before hassling us about it. Once you have passed the moderation period (think of it as a test), you will be able to post normally, just like all the other retards.

PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

Melcar

Melcar

Arcane
Joined
Oct 20, 2008
Messages
36,542
Location
Merida, again
If someone bothers to hack you and mess up your account it means you are an important person of interest for them. You should feel loved and special. Therefore, by not wanting to protect your account with extra security features, it says that you want to be hacked. Stop exposing yourself like a whore. Goddamn whores.
 
Last edited:
EccentricLecher

EccentricLecher

Novice
Joined
May 20, 2023
Messages
50
It's an inconvenience to go use your email every time to login. But I'm sure everyone will forget about it soon enough as the website goes even further down the drain!
 
Peachcurl

Peachcurl

Arcane
Joined
Jan 3, 2020
Messages
10,641
Location
(╯°□°)╯︵ ┻━┻
Twiglard said:
Tse Tse Fly said:
Couldn't the administration/technical staff just check each user's password if it's easily compromised (there exist lists of top common passwords the internet, or something like it - you can calculate hash from them and compare to the one stored in the user database)
Click to expand...
The attacker is likely using leaked (email, password) or (username, password) pairs rather than going by the 1000 most common passwords or anything like that.

You can verify your own passwords using a password manager or Google's password manager for leaked or repeated passwords. But if everyone did that, there'd be nothing to talk about.
Click to expand...
Is the administration able to notice when an unusual number of login attempts are made? Or to at least verify that it happened after the fact?

(also: does xenforo really REALLY hash passwords? :lol:)
 

darkpatriot

Arcane
Glory to Ukraine
Joined
Mar 28, 2010
Messages
6,268
Taluntain said:
Lady Error said:
Wouldn't that solve the whole issue? Make it like one post deletion per hour.
Click to expand...
Not limited like that, limited the same as post edits can be limited, i.e. how far back you can go when editing posts. E.g. a week, a month, 3 months, etc. Anything else would require custom development and is unlikely.
Click to expand...

I think most of the valid reasons to delete would be covered by a time limit, it could even be generous such as a few weeks. Unless a few weeks of posts is still enough to cause mass deletion bugs.

Stuff like accidental double posting, accidentally posting before the post was finished, realizing the quoting/formatting is all fucked up, realizing that something you posted was already posted in the thread, etc... Those deletions would only need a few hours time window in most case, maybe a day or two if you went to sleep after posting and didn't return for a while to catch the mistake.

Same with editing, although there are probably a few more valid reasons to edit old posts. Like if you start a thread and the first post was meant to be updated. Such as the first post of a lets play style thread where the first post was meant to be edited to have future episodes be linked to it. If there was a way to make first posts in threads exempt from any editing time limit, that would cover that case.

I would vote for that over 2FA any day of the week.
 
Last edited:

darkpatriot

Arcane
Glory to Ukraine
Joined
Mar 28, 2010
Messages
6,268
Taluntain said:
Which browsers in 2023 don't have an integrated pass manager / login saving that you all need to store them separately? Firefox has even had a function to generate unique strong passwords for individual logins for years now, which takes all the legwork out of it.
Click to expand...

As a person who once worked tech support, I have a developed loathing of the save password feature in browsers.

That was the cause of 95% of the cases of users who were locking themselves out of accounts, or needing password resets done because they could no longer remember their passwords.

Actual third party password managers seemed to cause fewer issues. I'm not sure if it was because they were less common, if the people who used them were more technologically savvy, or both.
 
Skinwalker

Skinwalker

*meows in an empty room*
Patron
Village Idiot
Joined
Aug 20, 2021
Messages
12,614
Location
Yessex
darkpatriot said:
Taluntain said:
Which browsers in 2023 don't have an integrated pass manager / login saving that you all need to store them separately? Firefox has even had a function to generate unique strong passwords for individual logins for years now, which takes all the legwork out of it.
Click to expand...

As a person who once worked tech support, I have a developed loathing of the save password feature in browsers.

That was the cause of 95% of the cases of users who were locking themselves out of accounts, or needing password resets done because they could no longer remember their passwords.

Actual third party password managers seemed to cause fewer issues. I'm not sure if it was because they were less common, if the people who used them were more technologically savvy, or both.
Click to expand...
Tough words for a guy who just got hacked by a vatnik.
 

darkpatriot

Arcane
Glory to Ukraine
Joined
Mar 28, 2010
Messages
6,268
Skinwalker said:
darkpatriot said:
Taluntain said:
Which browsers in 2023 don't have an integrated pass manager / login saving that you all need to store them separately? Firefox has even had a function to generate unique strong passwords for individual logins for years now, which takes all the legwork out of it.
Click to expand...

As a person who once worked tech support, I have a developed loathing of the save password feature in browsers.

That was the cause of 95% of the cases of users who were locking themselves out of accounts, or needing password resets done because they could no longer remember their passwords.

Actual third party password managers seemed to cause fewer issues. I'm not sure if it was because they were less common, if the people who used them were more technologically savvy, or both.
Click to expand...
Tough words for a guy who just got hacked by a vatnik.
Click to expand...
I'm not too worried. I finally updated my Codex password to the new stronger password I use everywhere else. :smug:
 
Roguey

Roguey

Codex Staff
Staff Member
Sawyerite
Joined
May 29, 2010
Messages
36,668
darkpatriot said:
Same with editing, although there are probably a few more valid reasons to edit long posts. Like if you start a thread and the first post was meant to be updated. Such as the first post of a lets play style thread where the first post was meant to be edited to have future episodes be linked to it. If there was a way to make first posts in threads exempt from any editing time limit, that would cover that case.
Click to expand...
I should be able to edit any of my posts whenever I want (additional info, fixing broken images/links).
 
Maxie

Maxie

Wholesome Chungus
Patron
Glory to Ukraine
Joined
Nov 13, 2021
Messages
8,087
Location
Warszawa, PL
Roguey said:
darkpatriot said:
Same with editing, although there are probably a few more valid reasons to edit long posts. Like if you start a thread and the first post was meant to be updated. Such as the first post of a lets play style thread where the first post was meant to be edited to have future episodes be linked to it. If there was a way to make first posts in threads exempt from any editing time limit, that would cover that case.
Click to expand...
I should be able to edit any of my posts whenever I want (additional info, fixing broken images/links).
Click to expand...
I should be able to edit any of Roguey's posts whenever I want
 
ds

ds

Cipher
Patron
Joined
Jul 17, 2013
Messages
2,504
Location
here
Maxie said:
Roguey said:
darkpatriot said:
Same with editing, although there are probably a few more valid reasons to edit long posts. Like if you start a thread and the first post was meant to be updated. Such as the first post of a lets play style thread where the first post was meant to be edited to have future episodes be linked to it. If there was a way to make first posts in threads exempt from any editing time limit, that would cover that case.
Click to expand...
I should be able to edit any of my posts whenever I want (additional info, fixing broken images/links).
Click to expand...
I should be able to edit any of Roguey's posts whenever I want
Click to expand...
CruduxCruo should be able to delete your posts whenever he wants.
 
Radiane

Radiane

Cipher
Joined
Dec 20, 2019
Messages
393
Now: You can use your phone number. But you don't really need to, but it does have certain benefits if you do etc.
Next: You can use your ID number. But you don't really neet to, but it does have certain benefits if you do etc.
Soon: You can use your home adress. But you don't really need to, but it does have certain benefits if you do etc.
Eventually: You can use your barcode on your forehead. But you don't really neet to, but it does have certain benefits if you do etc.
 
Napalm

Napalm

Novice
Joined
Nov 30, 2021
Messages
31
Instead of troubling people with this 2FA shit in a gaming forum, maybe you could start a bit smaller and simply upgrade your password rules from 1994 times when 4 lower-case letters alone was considered good enough? Could even go a step further and force users to change their pw in every half a decade or whatnot. Or just disable the fucking delete button when a post is over 24 hours old.
 
lukaszek

lukaszek

the determinator
Patron
Joined
Jan 15, 2015
Messages
13,161
DU already was on track of solving this issue. He made every post anonymous, remove login altogether and there wont be any deletes by design
 
Taluntain

Taluntain

Most Frabjous
Staff Member
Joined
Oct 7, 2003
Messages
5,504
Location
Your Mind
Peachcurl said:
Is the administration able to notice when an unusual number of login attempts are made? Or to at least verify that it happened after the fact?
Click to expand...
XF automatically locks you out for a while after a few failed login attempts. Nobody's brute-forcing passwords there unless they're literally like "password" or "12345".
 
Hirato

Hirato

Purse-Owner
Patron
Joined
Oct 16, 2010
Messages
4,001
Location
Australia
Codex 2012 Codex USB, 2014 Shadorwun: Hong Kong
It's been 48 hours since I last got asked to do a 2FA.
I guess the regular 2FA prompt's 30 days button works, but the one right after "congrats on activating 2FA!" doesn't.


As for the edit/delete debate.
I don't see much value in being able to delete posts around here at all.
Editing is another matter, it's extremely useful and even necessary, especially for threads that open with an index like the average Let's Play around here.
EDIT: I suppose Delete does at least make it easy to notice hacked accounts when they delete posts en masse...
 
Last edited:
The Brazilian Slaughter

The Brazilian Slaughter

Arcane
Joined
May 11, 2007
Messages
1,854,413
Location
Belém do Pará, Império do Brasil
Zed Duke of Banville said:
Taluntain said:
Tarkleigh said:
What is the urgency?
Click to expand...
Growing number of exploited user accounts with script kiddies mass-deleting their posts, requiring staff cleanup. We could be at this all day every day with the number of reused exploited logins readily available in online databases that are starting to get exploited now.
Click to expand...
This seems to be confirmation that the only reason this situation was even possible is that some (prolific) Codexers use the same password with the same username on compromised sites. :M
Click to expand...
Good thing that Codex is likely the last place I ever used the password I had here.
 
Crispy

Crispy

I feel... young!
Patron
Staff Member
Joined
Feb 16, 2008
Messages
1,877,244
Location
Future Wasteland
Strap Yourselves In
The other thing we're starting to lose sight of here is the impetus for the "hack" in the first place: the Ukraine thread. It's safe to assume that the actions taken were the result of the perpetrator being so upset with the content that (the above) users contributed that this person decided to go to extreme measures to... belittle those people? To make some sort of point? Intimidation, I guess?

So, logic dictates, since this kind of attack on Codex hasn't otherwise happened in a long time, that if the Ukraine thread were no longer such a lightning rod for such behavior, it wouldn't happen again.

Therefore, come on, Ukraine, let's wrap this thing up so we can go ahead and Retardo the thread!
:troll:
 
The Brazilian Slaughter

The Brazilian Slaughter

Arcane
Joined
May 11, 2007
Messages
1,854,413
Location
Belém do Pará, Império do Brasil
EccentricLecher

EccentricLecher

Novice
Joined
May 20, 2023
Messages
50
darkpatriot said:
Taluntain said:
Which browsers in 2023 don't have an integrated pass manager / login saving that you all need to store them separately? Firefox has even had a function to generate unique strong passwords for individual logins for years now, which takes all the legwork out of it.
Click to expand...

As a person who once worked tech support, I have a developed loathing of the save password feature in browsers.

That was the cause of 95% of the cases of users who were locking themselves out of accounts, or needing password resets done because they could no longer remember their passwords.

Actual third party password managers seemed to cause fewer issues. I'm not sure if it was because they were less common, if the people who used them were more technologically savvy, or both.
Click to expand...
"once worked tech support" yet still gets hacked by an angry vatnik. Well at least we know why you don't work in tech support anymore.
 
Lady Error

Lady Error

█▓▒░ ░▒▓█
Patron
Vatnik
Joined
Jan 21, 2021
Messages
9,215
Strap Yourselves In
7oddti.jpg
 
Lord of Riva

Lord of Riva

Arcane
Patron
Joined
Jan 16, 2018
Messages
2,860
Strap Yourselves In Pathfinder: Wrath
King Crispy said:
The other thing we're starting to lose sight of here is the impetus for the "hack" in the first place: the Ukraine thread. It's safe to assume that the actions taken were the result of the perpetrator being so upset with the content that (the above) users contributed that this person decided to go to extreme measures to... belittle those people? To make some sort of point? Intimidation, I guess?

So, logic dictates, since this kind of attack on Codex hasn't otherwise happened in a long time, that if the Ukraine thread were no longer such a lightning rod for such behavior, it wouldn't happen again.

Therefore, come on, Ukraine, let's wrap this thing up so we can go ahead and Retardo the thread!
:troll:
Click to expand...

Still waiting on the details, do we have a write up on what happened?
 
You must log in or register to reply here.

As an Amazon Associate, rpgcodex.net earns from qualifying purchases.
Back
Top Bottom