sweet now I have an excuse to change all my shit and confuse everyone
Also, I'm getting a lot of 403, aka "Forbidden" errors. Would that be part of this attack or no?
clearing your cache.:V
I was just logged out, even with my display name being different from my username.Yeah, this for me too.
:Vit was sage all along
i changed my password (is the same of one of my da accoounts with a plus) now must prove it...Just logged on and did the same as you. Well, at least I'm content to know Im a bit safer.
Is it bad that I can't remember which of the ten~fifteen different passwords I have I originally used to register with? I just checked the 'keep me logged in' tab and told FireFox to remember my password and never looked back. :ohdear:
Is it bad that I can't remember which of the ten~fifteen different passwords I have I originally used to register with? I just checked the 'keep me logged in' tab and told FireFox to remember my password and never looked back. :ohdear:don?t worry, my brother do the same (with long numbers and all!). i tend to use few passwords,but no use to much social theads and never open or admit nothing unknown.
I just checked the 'keep me logged in' tab and told FireFox to remember my password and never looked back. :ohdear:You can look up all the saved passwords within Firefox, you know? Extras -> Settings -> Security and go from there.
i changed my password (is the same of one of my da accoounts with a plus) now must prove it...Can I just say, you should honestly never let dA share passwords with anything? They've had a few security issues lately...
Changing your password isn't going to stop them from trying, it's just going to make it that much harder to brute-force. Changing your username/displayed name so one is different from the other means they have to also try figuring out your username as well as your password.
well yeahThis just in: Ryuu is (ry
I just think it's amusing that I didn't experience this until after changing my password
hee hee
This just in: Ryuu is (ryAlso, it's left-paren not right, iirc.
(I know admins have the ability to send an announcement to everyone on the forum via e-mail - maybe this is the kind of thing that warrants such an alert?)I check my e-mail once every whenever someone tells me I have an e-mail, and I don't think I'm the only one...
That was insidious plan to make not talkative ones post a bit more.HA! I would NEVER fall for that!
oh hey I got logged out after I changed my name tooI think you made a friend. Else they had already extracted all the usernames from here beforehand.
OH MAN I'M UNSECURE
That was insidious plan to make not talkative ones post a bit more.Hey, I know you!
Name and password changed.I hope you're right, since I just got logged out after changing my name and password. XD
For the people who got logged out after changing name and password, I remember that any previous time I changed my name, I got logged out after some time, so I assume that changing your display name somehow defaults the selected option from "login forever" to "1 hour", so if you want to be sure, log out and back in after you changed your name. If you get disconnected again, then something is definitely up in the air. :derp:
Ah god damn, I gotta change my password, eh?No, that's just forum load issues. Try clearing your cache and stuff.
Also, I'm getting a lot of 403, aka "Forbidden" errors. Would that be part of this attack or no?
Thank you very much for the professional, reasonably detailed report as to what was happening, and what the fixing measure are.We're looking into alternate login methods, probably something involving email address. Username is exposed in user profiles as people tend to change their display name a lot (oftentimes to things that aren't readily recognizable) and it's a nice tool to figure out who's who since they're normally unchangeable. Email addresses, on the other hand, do not need to be exposed directly ever as the forum can email on the behalf of other users, and thus can remain totally hidden and unique per user.
I would like to suggest, next time you're working on the SMF files, that somehow, a notification that your login and visible names should be different should be provided at registration. Forgetting how the registration works on SMF, I'm betting that there's a line for visible name during registration - simply adding a boldfaced "For security reasons, do not make this the same as your login name" should be a reasonable warning.
It won't stop idiots, but this might be a case where, if we can get a majority of accounts to avoid this, then this hack becomes ill-worthwhile - the machine effort put in becoming more useful to put to attack other forums. Essentially, the same principle as herd immunity in disease-research fields.
(I also changed my secret question and answer to "WHY ARE YOU ASKING THIS WHEN YOU HAVE YOUR PASSWORD STORAGE PROGRAM?!", and then made sure the secret answer would be ridiculously hard to get by any means ever.)
oh man, my glorious username ;-; tarnished by the seeking of security.Already sent it :V
(I know admins have the ability to send an announcement to everyone on the forum via e-mail - maybe this is the kind of thing that warrants such an alert?)
I have no idea what this TOR thing is, and I've yet to experience random logouts. I'm changing my password anyway to be safe.The Onion Router, an anonymizing proxy that works by scattering your connection across thousands of "exit nodes" so noone can reasonably track your original IP.
OK a new profile field has been added to replace username as a method of identification. Under Account Settings you will see a new option named "Nickname", it will show up right under your avatar so people can recognize you even if you change your display name. This is a PERMANENT option, so choose wisely what you wish to be there. We are leaving the field open for editing for the next couple of days to let people use it, but after that it can only be edited by an admin. At registration time you are forced to fill it out.
Usernames are now hidden again, only staff and the owner of the account can see the actual username.
Question. Does the nickname have to be different from the username?
Your username should not match ANYTHING publicly identifiable on your account, so don't set your display name, your nickname, or any instant messaging nicks to your username.
Question. Does the nickname have to be different from the username?Defeats the purpose of having them separate. If you want your current username to be your nickname, you can PM one of the admins and we'll change your username so you can reuse it. NOTHING publicly visible on your account should match your username. Your username is only visible by staff and yourself, and is only necessary for logging in, that's it.
Okay, I just changed a few things. However, does this new nickname thing mean that I can't go with my previous username as my nickname?Again, we can change your username to something else so you can use it as your nickname. Just PM a staff member.
Darn it. After changing BOTH my name and password, I just got logged out. What the heck?
For the people who got logged out after changing name and password, I remember that any previous time I changed my name, I got logged out after some time, so I assume that changing your display name somehow defaults the selected option from "login forever" to "1 hour", so if you want to be sure, log out and back in after you changed your name. If you get disconnected again, then something is definitely up in the air. :derp:This 1-hour thing seems to be true. After I had my username changed and password reset, I was logged out when I finally came back here, and when I went to log back in it was set to stay logged in for 60 minutes.
I'm sorry.
Maybe I'm a little slow, but I don't understand this at all...
I have a:
Username
Name
Nickname
But I still want to use "GreenVirus," so do I have to fill in the nickname field? I uh... honestly don't get this...
I'm sorry.
Maybe I'm a little slow, but I don't understand this at all...
I have a:
Username
Name
Nickname
But I still want to use "GreenVirus," so do I have to fill in the nickname field? I uh... honestly don't get this...
I'll have three fields with the same information... :/
Username is for the purpose of logging in only. You and the admins are the only ones that will ever be able to see it. It should be different from your nickname.Ok, that makes MUCH more sense. I get it now.
Display name is what's on the top left of your posts and can be set to anything you want.
Nickname is the little line under your avatar that shows which user you are. It fills in for having to go to the user's profile and check the username there. As stated before, it should be different from your username for safety reasons.
So, for example, you can set your username to Jim Jim Jimmy Jim Jimmy Jim Jim, then set your nickname to GreenVirus, then set your display name to GreenVirus or whatever else you want. The purpose of having a different username is to make it significantly more difficult for someone to get into your account.
Thanks guys~Then ask to have your username changed so you can use it as your nick? It takes me 5 seconds to do it really, just PM me what you want as a username.
I'll just do what A-F did then-
You'll see in a moment.
----------------------------
E: Even users from the forum are going to have a hard time finding out what to call me :<
Ok, that makes MUCH more sense. I get it now.Yup, PM me for a username change.
Well, I want to keep Agent of the BSoD as my name so I guess that'll have to be my nickname. So that means I have to change my username don't I.
It's worth noting that after changing my user name, I just got logged out again. :/
I cleared my cookies and cache, set the thingy to forever, yet I keep getting logged out after a certain amount of time. I'm so confused...You did remember to change the login time back to forever, right? After clearing everything, it defaults back to an hour. :D
That was insidious plan to make not talkative ones post a bit more.
Weel, Hello everyone.Yes, allowing other people to lock you out of your own account is wise. And you only have to remember your username.
I am quite new here so no PMin for me, hah. Sadly, I got here after these changes were set. I would have liked to suggest making the login screen 'lock out' a user for so much time after so many failed attempts at guessing username and password. I can't say I like having to remember two usernames, but for the sake of security, I will deal.
Thanks for keeping our information safe. Peace.