PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

[Lord of Riva]

The other thing we're starting to lose sight of here is the impetus for the "hack" in the first place: the Ukraine thread. It's safe to assume that the actions taken were the result of the perpetrator being so upset with the content that (the above) users contributed that this person decided to go to extreme measures to... belittle those people? To make some sort of point? Intimidation, I guess?

So, logic dictates, since this kind of attack on Codex hasn't otherwise happened in a long time, that if the Ukraine thread were no longer such a lightning rod for such behavior, it wouldn't happen again.

Therefore, come on, Ukraine, let's wrap this thing up so we can go ahead and Retardo the thread!

Spoiler

Still waiting on the details, do we have a write up on what happened?

 

[Modron]

Not limited like that, limited the same as post edits can be limited, i.e. how far back you can go when editing posts. E.g. a week, a month, 3 months, etc. Anything else would require custom development and is unlikely.

I don't know in these days of cancel culture, the ability to edit your posts should be sacred. Already seen 3-4 codexers lose employment over what they've said when what they said was far tamer than anything Brother None said and he kept his job kek. We've seen people cancelled for stuff they tweeted when they were 12, et cetera.

We should have the ability to alter post content as far back as needed since you guys aren't really able to mass delete stuff since xenforo poorly adapts to massive losses of posts. Unless of course you guys are going to give users the ability to request JCD level scramblings of posting history then I suppose limiting deletion/editing windows to a couple of months would be okay.

 

[GrafvonMoltke]

...seen 3-4 codexers lose employment over what they've said...

Who dat

 

[Modron]

Jarl Frank, SSER, and at least one more probably.

 

[AwesomeButton]

Encrypt the text file itself with a password.

Too much effort for my tastes. In my nearly-30 years on the internet, I've never been hacked. There's always a possibility it could happen, but it seems like a low one. I know not to click on suspicious links or emails or fall for fear-scams.

That was the next thing I was going to say. Apparently the Codex is now geared towards the kind of people who do NOT know not to click on suspicious links or emails.

 

[Konjad]

unless they're literally like "password" or "12345".

darkpatriot, The Brazilian Slaughter, Konjad

?????

My wasn't that easy, even if not long. Obviously, it wasn't a brute force but a stolen database password as I used the same one for all forums.

 

[Konjad]

Which browsers in 2023 don't have an integrated pass manager / login saving that you all need to store them separately? Firefox has even had a function to generate unique strong passwords for individual logins for years now, which takes all the legwork out of it.

As a person who once worked tech support, I have a developed loathing of the save password feature in browsers.

That was the cause of 95% of the cases of users who were locking themselves out of accounts, or needing password resets done because they could no longer remember their passwords.

Actual third party password managers seemed to cause fewer issues. I'm not sure if it was because they were less common, if the people who used them were more technologically savvy, or both.

"once worked tech support" yet still gets hacked by an angry vatnik. Well at least we know why you don't work in tech support anymore.

Hey, I worked in a tech support too! Coincidence?

 

[Stella Brando]

So, it was an anti-Indian hack! Disgusting!

 

[NecroLord]

Does playing video games count as tech support?

 

[Taluntain]

We should have the ability to alter post content as far back as needed since you guys aren't really able to mass delete stuff

XF's way of dealing with deletion requests is to delete and anonymize the user account associated with the posts, not the posts themselves. The posts are then left orphaned and unattributable, but still there. The majority of forums aren't really keen on the idea of ruining the flow and content of hundreds of threads because user X decided that 20k of their posts should be deleted. Obviously account deletion is not a 100% solution, but is enough under normal circumstances.

 

[fizzelopeguss]

Having to piss about with an app on my phone because the vatnigs are being creepy cunts again.

 

[Skinwalker]

I continue to maintain that login by username should be disabled. Login only with your email address, and keep that address as private as your password. Problem = solved.

 

[Tacgnol]

Having to piss about with an app on my phone because the vatnigs are being creepy cunts again.

Uh, didn't you used to have several thousand more posts than you do now?

 

[Taluntain]

Can confirm that fizzelopeguss has had his posts deleted as well. Infinitron DarkUnderlord Twiglard

 

[Haba]

Maybe you should check the logs to see how many deletions have been going on...

 

[Twiglard]

Can confirm that fizzelopeguss has had his posts deleted as well. Infinitron DarkUnderlord Twiglard

Didn't he already turn on 2fa on Saturday? How come he's getting his posts deleted just now?

 

[Taluntain]

They were deleted prior to 2FA going into effect.

 

[GrafvonMoltke]

Maybe we should do what needs to be done and BAN THE GODDAMN VATNIKS

 

[darkpatriot]

The list of victims of the vatnik threat continues to grow. We may never know the true scope of their crimes.

 

[Semiurge]

Instead of troubling people with this 2FA shit in a gaming forum, maybe you could start a bit smaller and simply upgrade your password rules from 1994 times when 4 lower-case letters alone was considered good enough? Could even go a step further and force users to change their pw in every half a decade or whatnot. Or just disable the fucking delete button when a post is over 24 hours old.

Many sites make it mandatory to add numbers and miscellaneous symbols in the password, but that would probably require an add-on for XF.

unless they're literally like "password" or "12345".

darkpatriot, The Brazilian Slaughter, Konjad

?????

Nah my passwords are usually pretty good, I don't think a single human being could have ever guessed mine. A brute-force attack might have done it over time, but brute force is old hat and not worrying. I think a site somewhere just got pwned.

There are no passwords that are "pretty good", there's only shit and strong passwords.

Can confirm that fizzelopeguss has had his posts deleted as well. Infinitron DarkUnderlord Twiglard

Didn't he already turn on 2fa on Saturday? How come he's getting his posts deleted just now?

InB4 it turns out that it was a staff account that got hacked, not uncommon. Perhaps your current suspect was a deliberate sacrifice, or even a patsy.

 

[Tacgnol]

InB4 it turns out that it was a staff account that got hacked, not uncommon. Perhaps your current suspect was a deliberate sacrifice, or even a patsy.

Nah, happened prior apparently. Crudux hasn't been changing passwords so I guess people don't notice unless they check their post history or someone notices their reduction in post count.

 

[Melcar]

Goddamn degenerates.

 

[GrafvonMoltke]

It is time

 

[Stella Brando]

Does playing video games count as tech support?

If you play with a Britney Spears microphone, yes.

 

[Crispy]

Looks like I picked the right time to protect my account.