PSA: Pick good passwords, armathentication not super-secure

What do you want to see here? Some more categories, forums, and mods? Hmm...
Word
Reverse Adjust Outside Corner Grinder
Posts: 4168
Joined: Wed Jan 07, 2009 6:13 pm

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Word »

What a waste of energy. "No-lifers" doesn't even describe properly what these people are since it sounds like they're not affecting others. I'll never understand what people find satisfying about doing something like this.
It's to late. The "server" you speak of will never be stopped. Durf did help me, credit is given where credit is do.
totally believable confession as the abysmal spelling indicates that you're an empty shell. you'd definitely fit the profile.

User avatar
Z-Man
God & Project Admin
Posts: 11262
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Z-Man »

Ah, I'm monumentally stupid, but at least I'm not alone :) I had the IP address the Moonlight account was taken over from all along, it's 67.86.172.77. When looking for matches, it found one forum user, [Anonymous]. My conclusion immediately was "Oh, they just use the same proxy network, dead end". But now I also checked the master logs for that IP, and it has been very active this whole month and this month only. Not typical for a proxy. It's someone's home IP, and that someone forgot to hide it three times.

I can't personally confirm a link between [Anonymous] and Rookie, but it does seem very likely they're the same.

So to server admins: If you want to make it marginally more secure for your players, ban that IP for the time being. He surely can work around an IP ban, but it makes it a little unpleasant for him to play on your servers, which would make it less likely he can lure your players away into a trap server. If you like, check your server logs to see who he authenticated as; [email protected], [email protected] etc. are probably things you'll find.

No servers are or were active on that IP.

The xXSyagehtllikXx was supposed to be banned, but I pressed the wrong button on him once and made him immune. And yeah, it's one of Rookie's countless ban evasion accounts.

I have currently no intention of taking action against the [Anonymous] forum account, even though of course account hijacking is plenty a reason. I personally see this as a well deserved and needed kick in my butt to get back to coding, which I do enjoy. The coding, not the kicking. Plus, [Anonymous] is his nicest incarnation yet. Please stay pleasant, [Anonymous], OK?

User avatar
Ratchet
Match Winner
Posts: 780
Joined: Sat Mar 15, 2008 5:55 am
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Ratchet »

I love you, Z-man.
Image
"Dream as if you'll live forever,
Live as if you'll die today." -James Dean

Word
Reverse Adjust Outside Corner Grinder
Posts: 4168
Joined: Wed Jan 07, 2009 6:13 pm

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Word »

Yeah, I'm frankly not sure if any of my closest friends are capable of as much empathy as he is (including the one who, until recently, used to have three simultaneous girlfriends who didn't know from one another). I'd be OK if they add a slot for him to the Holy Trinity, making it a quadrality. Maybe even for some more arma devs, but Lucifer would be hard to sell for obvious reasons.

(For those who say I regularly smarn over him, in this instance I did that probably for the first time. :-))

User avatar
sinewav
Graphic Artist
Posts: 6225
Joined: Wed Jan 23, 2008 3:37 am
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by sinewav »

Word wrote:...but Lucifer would be hard to sell for obvious reasons.
Lately I've noticed Word is single-handedly destroying the stereotype that Germans have no sense of humor.
Attachments
holy-cookie-1.jpg
Last edited by sinewav on Sat Aug 29, 2015 8:59 pm, edited 3 times in total.

User avatar
ConVicT
Shutout Match Winner
Posts: 1004
Joined: Fri Feb 17, 2012 2:33 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by ConVicT »

Z-Man wrote: Disable auto-login and only authenticate when you need to, on servers you trust.
Not so sure about that. You should probably take your GID out of player settings altogether.
I've always had auto login disabled. I just entered a server to be greeted with this: Image
The GID I had in my player settings was an aagid one.
It also tried to force me to authenticate on the next round, but not again after that.
I left and came back and it only tried on the first round and not a second, this time.

Maybe it's nothing, I just find it strange.

User avatar
aP|Nelg
Match Winner
Posts: 558
Joined: Wed Oct 22, 2014 10:22 pm
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by aP|Nelg »

ConVicT wrote:I've always had auto login disabled. I just entered a server to be greeted with this:
ASL entered the game
This server does not support authentication of the type you requested, sorry.
Interesting... if its logged in


Oh, and try to stay away from easy passwords like this one:
Image
Don't you know how common of a password that is though?
Probably the first one hackers try...

User avatar
ConVicT
Shutout Match Winner
Posts: 1004
Joined: Fri Feb 17, 2012 2:33 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by ConVicT »

aP|Nelg wrote: Interesting... if its logged in.
I don't understand what the hell you mean :o

As for a weak password, I have 21+I won't say how many more characters in my pass and I'm always certain it's strong.

User avatar
aP|Nelg
Match Winner
Posts: 558
Joined: Wed Oct 22, 2014 10:22 pm
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by aP|Nelg »

ConVicT wrote:As for a weak password, I have 21+I won't say how many more characters in my pass and I'm always certain it's strong.
Better get to typin', cause your password is a prolongin'!
Sorry, just had to do that...

Stupid glitched teleport zone still wont turn blue? dang it! The deathzone turned green!
ConVicT wrote:I don't understand what the hell you mean :o
It is my job to confuse you... :P
...and I left a shadow of a doubt!

User avatar
ConVicT
Shutout Match Winner
Posts: 1004
Joined: Fri Feb 17, 2012 2:33 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by ConVicT »

aP|Nelg wrote:
ConVicT wrote:As for a weak password, I have 21+I won't say how many more characters in my pass and I'm always certain it's strong.
Better get to typin', cause your password is a prolongin'!
I don't know if that's a well known something or other.
Are you saying I should cut out the G's? Gee :(
aP|Nelg wrote: Stupid glitched teleport zone still wont turn blue? dang it! The deathzone turned green!
I told you do target zones. You drunk?

User avatar
/dev/null
Shutout Match Winner
Posts: 820
Joined: Sat Sep 04, 2004 6:28 pm
Location: Chicago-ish

Re: PSA: Pick good passwords, armathentication not super-sec

Post by /dev/null »

Be a boss, dont login.

User avatar
ConVicT
Shutout Match Winner
Posts: 1004
Joined: Fri Feb 17, 2012 2:33 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by ConVicT »

Yes, Meaty, most are shit-faced tonight, we forgive you.
aP|Nelg wrote: It is my job to confuse you... :P
...and I left a shadow of a doubt!
I'm glad I'm not pissed in this mind-boggler's company :o

Word
Reverse Adjust Outside Corner Grinder
Posts: 4168
Joined: Wed Jan 07, 2009 6:13 pm

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Word »

@Sinewav:

Haha, thanks. And that image is great. I wonder for how long the papal riches would suffice to afford the necessary amount of eucharistic bread though... (hosts? cookies? that question might cause another schism)

User avatar
Z-Man
God & Project Admin
Posts: 11262
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Z-Man »

ConVicT wrote:
Z-Man wrote: Disable auto-login and only authenticate when you need to, on servers you trust.
Not so sure about that. You should probably take your GID out of player settings altogether.
I've always had auto login disabled. I just entered a server to be greeted with this: Image
Oh. Right... It's probably a convenience feature on that server. The client code has to react the way it does to support a standard feature. We may have to break that.
Which server was that, by the way?

User avatar
Lucifer
Project Developer & Local Moonshiner
Posts: 8610
Joined: Sun Aug 15, 2004 3:32 pm
Location: Republic of Texas
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Lucifer »

Ack! Word! How dare you suggest that you might try to elevate me to some part of the Holy Trinity? WTF were you thinking? If Catholic myth is to be believed, I'm *obviously* on the side of Lucifer and his rebels, and not Yahweh and his fascist league of angels.

Jeez. You, of all people, should know that!

Now that the important business has been addressed, let's get to the lesser part.

I actually feel bad about not raising this issue several years ago (by several I mean something like 8 years ago). I don't remember the details, so I may have mentioned something back then and gotten a "It's not that big of a threat" and I just got quiet because, well, we were obviously naive. But I joined a server, tried to login, failed repeatedly, and a few days later I noticed I had my client set to login to the server, not using the global ID, and I thought to myself, "What a wonderful world! What a wonderful world! And, oh yeah, someone now has information on a server they could use to crack my forum account."
Image

Be the devil's own, Lucifer's my name.
- Iron Maiden

Post Reply