A successful attack on SMF

Matzon · January 18, 2011, 5:24pm

as always, assume them compromised

Riven · January 18, 2011, 7:21pm

If enough people are in favor, I will reset all passwords in the database.

Everybody would have to go through the “I forgot my password” procedure, which would be annoying…

kappa · January 18, 2011, 7:27pm

if you do decide to go down such an annoying road, you might as well also make all accounts with 0-1 posts deactive (so they have to be activated), then after a year or two you can clear out all the dud accounts.

appel · January 18, 2011, 7:27pm

A lot of email addresses are old. Just few weeks ago I realized I had a old email address.

But I would still favor it because of recent security issues.

pjt33 · January 18, 2011, 10:19pm

What about the people who come here to advertise jobs in the jobs board?

Riven · January 18, 2011, 10:33pm

Like that ever happened…

Maybe I should add a way to directly contact me with a request for an account.

Demonpants · January 19, 2011, 12:28am

Yeah, I saw some legitimate job requests on here, although not many and I doubt any of them really got filled.

Still, I think a “trick question” would be better so that you could do it if you have a basic understanding of code. Having to run the code is something that would probably turn me off from a forum.


int a = 27552;
int b = "WKD".hashCode() % 3000;
int c = "WWI".hashCode() % 3000;
for (int i = 0; i <= c; i++)
   a += ((a ^ i) % b) - ((a ^ i) % b);
return a;

Then I can obviously see, without the pain of running a program, that the answer is 27552 because a never will have changed. A spam bot still will not be able to see that. Maybe a noob won’t either, but at least we won’t turn away good coders who don’t feel like executing random code.

Riven · January 19, 2011, 12:41am

Eli Delventhal:

Riven:

Like that ever happened…

Maybe I should add a way to directly contact me with a request for an account.

Yeah, I saw some legitimate job requests on here, although not many and I doubt any of them really got filled.

Still, I think a “trick question” would be better so that you could do it if you have a basic understanding of code. Having to run the code is something that would probably turn me off from a forum.
int a = 27552;
int b = "WKD".hashCode() % 3000;
int c = "WWI".hashCode() % 3000;
for (int i = 0; i <= c; i++)
   a += ((a ^ i) % b) - ((a ^ i) % b);
return a;
Then I can obviously see, without the pain of running a program, that the answer is 27552 because a never will have changed. A spam bot still will not be able to see that. Maybe a noob won’t either, but at least we won’t turn away good coders who don’t feel like executing random code.

We are not dealing with spambots… we are dealing with human spammers.

When I had only 1 question on the activation page (when Einstein passed away) I traced a dozen registrations and they all had a 30-60 second delay before getting the answer right, including typos.

Mordan · February 27, 2011, 2:52pm

any forums supports openid logging?

Riven · February 27, 2011, 4:52pm

logging or login?

besides… OpenID is the biggest design flaw ever.

CyanPrime · March 27, 2011, 9:28pm

This place safe yet?

Riven · March 27, 2011, 9:56pm

As safe as it will ever be.

CyanPrime · March 27, 2011, 10:35pm

So I don’t got to turn off javascript to come here?

ra4king · March 27, 2011, 10:45pm

Why would you ever turn off javascript?

Riven · March 27, 2011, 10:49pm

That’s really up to you. I can’t guarantee anything, just like I cannot quarantee you do not have a virus on your computer right now.

CyanPrime · March 27, 2011, 10:54pm

As long as it’s not Malware GO o AntiVira AV I don’t too much care. F those virii though.