Jump to content

Doomworld has been compromised.


Recommended Posts

2 hours ago, Arioch said:

Hi folks!

Hello fellow boomer who hung out in #doom2 in the 90s and is in their 30s or 40s now

Share this post


Link to post

Seriously now. What the actual everlasting fuck is going on on my end? I keep getting logged out seemingly at random, I go to log back in and enter my new password that I just reset 15 fucking minutes ago, but it's never correct according to the database, which leads me to reset it again, rinse and repeat ad nauseum.

 

Somebody please tell me I'm not the only one having this problem.

Share this post


Link to post
Just now, MFG38 said:

Somebody please tell me I'm not the only one having this problem.

For some reason I'm logged out on my phone yesterday, despite not actually logging out. I couldn't change my password on my PC despite typing in the right password at least three times. Eventually I got it to change. Linguica will sort it out. I have a lot of faith in them.

Share this post


Link to post

The only thing I can say is "Huh, interesting".

 

But in all seriousness, this doesn't seem to be a particularly problematic data leak. Do the usual in these scenarios and you should be fine.

32 minutes ago, MFG38 said:

I keep getting logged out seemingly at random

Unfortunately, I'm no expert here, but could it be a issue regarding the browser? Maybe (I can see myself getting scolded by my betters here) the browser is dropping or otherwise deleting the cookie used for authentication? Try a different browser, or update the current one. If it persists, it may well be on Doomworld's side but I wouldn't immediately think it is related to this incident.

Share this post


Link to post
5 minutes ago, CyberosLeopard said:

Maybe [...] the browser is dropping or otherwise deleting the cookie used for authentication?

 

Doesn't explain me having had to reset my password 5 times in the past 24 hours. The ones I enter are allegedly correct but they just refuse to work. That's my issue here. If I can log in to any other site without needing a password reset every time, then the problem is uniquely on Doomworld's end.

Edited by MFG38

Share this post


Link to post
3 minutes ago, CyberosLeopard said:

Strange. If I'm understanding you correctly, you're getting logged out of Doomworld and every you attempt to re-authenticate, you are prompted to reset your password?

 

Yeah, basically.

Share this post


Link to post

Damn. Unfortunately, I'm not the person that can exactly help in this; I'm not the sysadmin. I have been looking on the community section of Invision Community (https://invisioncommunity.com/forums/) but I haven't found anything related just yet. There could be an issue with the authentication server, but I really can't say.

 

In the worse case scenario that someone is trying to brute-force your password, I really would not get worried; they will have a very difficult time. I've taken a quick look at the bcrypt hashing algorithm (https://en.wikipedia.org/wiki/Bcrypt) and I don't see any segments regarding that said algorithm shouldn't still be in use.

Share this post


Link to post
1 hour ago, MFG38 said:

Seriously now. What the actual everlasting fuck is going on on my end? I keep getting logged out seemingly at random, I go to log back in and enter my new password that I just reset 15 fucking minutes ago, but it's never correct according to the database, which leads me to reset it again, rinse and repeat ad nauseum.

 

Somebody please tell me I'm not the only one having this problem.

Since you try to authenticate your login, it needs to get past a validation system (Could be a server, could be a site-served certificate) and it seems to bug out on you specifically (Can confirm it does not happen here in NL on two different places)

 

Some semi-random thoughts/questions:

  • Are you running any blockers or third party plugins?
  • What happens if you whitelist the entire site?
  • Have you deleted all cookies/login data from the site?
  • Can you determine the validation URL/ID it uses? (You probably need your browser in developer mode for this and/or Wireshark)

Share this post


Link to post
2 minutes ago, Redneckerz said:

Are you running any blockers or third party plugins?

 

Only the browser's built-in ad/tracker blocker.

 

4 minutes ago, Redneckerz said:

What happens if you whitelist the entire site?

 

Not sure, gonna have to give that a spin. Not expecting things to improve with that, though.

 

6 minutes ago, Redneckerz said:

Have you deleted all cookies/login data from the site?

 

I've configured my browser settings so that they get auto-cleared whenever I close it. Login data doesn't get saved anywhere either.

Share this post


Link to post
On 10/13/2022 at 7:35 PM, Poxel12 said:

Well, this is terrible. Time to change my password to be more polish.

Not to derail the thread, but your comment made me remember that one of my former employers demanded me to sign up for one of their websites / apps so I created a burner email address and the password was just Romanian for "Fuck your mother" and some numbers.

Share this post


Link to post

Glad to see this is mostly a nothing burger.

Either way, I took this as an excuse to set a new password; now it's absurdly long.
I have to wonder what the character limit is for something like that.

Share this post


Link to post
12 hours ago, rzh said:

Not to derail the thread, but your comment made me remember that one of my former employers demanded me to sign up for one of their websites / apps so I created a burner email address and the password was just Romanian for "Fuck your mother" and some numbers.

Did he figure out what the password meant?

Share this post


Link to post

That red banner on the top freaked me at the first... But later I made security changes and re-logged without any problems. It will be sad if the old accounts which they have not visited for a long time will be hacked and the attackers use this accounts on their behalf.

Share this post


Link to post
2 hours ago, riderr3 said:

That red banner on the top freaked me at the first... But later I made security changes and re-logged without any problems. It will be sad if the old accounts which they have not visited for a long time will be hacked and the attackers use this accounts on their behalf.

Bruh, if the John Carmack Doomworld account comes back to promote Dogecoin, I won't know how to feel.

Share this post


Link to post
On 10/13/2022 at 1:18 PM, roadworx said:

it's probably some 14y/o who had a pissyfit over being banned for spewing racial slurs

Considering the paywall, I think it's just a gigabrained-tier scam that promotes healthy password hygene. Think about it for a minute, people pay to get what is likely a bunk database, and we get encouraged to improve password-related practicies.

Share this post


Link to post
On 10/14/2022 at 8:38 AM, Arioch said:

Hi folks!

Oh hey! I remember you. Kinda.

Share this post


Link to post
4 minutes ago, Matthias (LiquidDoom) said:

yeah, looks compromised
obrazek.png.c0cd3cca1bdfccd8e9e620f3951097cb.png

You do understand that's spam, right? That's not being compromised, that's just spam.

Edited by Edward850

Share this post


Link to post
5 minutes ago, Matthias (LiquidDoom) said:

yeah, looks compromised
obrazek.png.c0cd3cca1bdfccd8e9e620f3951097cb.png

I remember this also happening many moons ago. Annoying, but not necessarily dangerous IMO.

Share this post


Link to post

The banner is gone, has the issue been fixed? Since chaning passwords only makes sense if the attacker doesn't have access to them anymore.

 

8 hours ago, act said:

Considering the paywall, I think it's just a gigabrained-tier scam that promotes healthy password hygene. Think about it for a minute, people pay to get what is likely a bunk database, and we get encouraged to improve password-related practicies.

 

Hackers selling stolen data is pretty normal.

 

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...