All forums user should reset their password

Chat about anything related to Linux Mint
Cosmo.
Level 23
Level 23
Posts: 17827
Joined: Sat Dec 06, 2014 7:34 am

Re: Linux Mint Forum compromised email

Post by Cosmo. » Tue Mar 01, 2016 8:26 am

Barny wrote:This is the first time I have visited this site for well over a year, so definitely not me trying to login.
And nobody else. This is a known problem with the forum's configuration. The team is working on it. There is no security problem behind the fact, that you get this warning and the need to solve the puzzle (aka captcha).

romanybob
Level 1
Level 1
Posts: 6
Joined: Fri Oct 29, 2010 4:58 pm

Re: All forums user should reset their password

Post by romanybob » Tue Mar 01, 2016 9:06 am

People have been telling you about this breach for ages???? Why so slow to react?
I received a notice too, from when I used mint a few years ago. Thank god I don't use it any more! The corrupt iso's too??? confused?
I am very happily an Arch user now, have been for a while, rock solid. Also very secure.
Bye Mint.
(P.S. If you want to abuse/flame me, your too late, that's why I left mint and the community in the first place.)

damoney777
Level 1
Level 1
Posts: 1
Joined: Fri Sep 19, 2014 2:44 pm

Re: All forums user should reset their password

Post by damoney777 » Tue Mar 01, 2016 9:07 am

Ahhh... this explains why I started getting junk email. I never have received any in the email account I use here previously. Interesting. Thank you for notifying us all. Always use the strongest password (maximum amount of characters) possible. Never ever use the same PW on other site/accts. I use a PW generator and keep them on a encrypted Flash Drive. They are then copy/pasted into the PW field when required. I then clear my clipboard w/ Glipper afterwards. I started doing this after finding a keylogger on my Windblows box about 9 mos before the Snowden revelations. The KL I found lead back to a N-Esay ip. Told a few about it and they thought I was claaaazzzzy. Huh :p

User avatar
xenopeek
Level 24
Level 24
Posts: 23957
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Forum Security

Post by xenopeek » Tue Mar 01, 2016 9:12 am

From the link in the email you received:
On the servers themselves, the team worked day and night to harden as many aspects as possible. Each website is now running on its very own server. All websites are now behind a strict firewall and the presence of malware is monitored by a security firm. Many restrictions were placed on apache and php to restrict their scope and privileges. All automated backups were reviewed. Https was implemented to prevent man-in-the-middle attacks.
Image

User avatar
Moem
Level 18
Level 18
Posts: 8879
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: All forums user should reset their password

Post by Moem » Tue Mar 01, 2016 9:17 am

romanybob wrote: Bye Mint.
Bye bye! *smiles and waves*
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

ironforger
Level 1
Level 1
Posts: 1
Joined: Sun May 26, 2013 11:08 pm

Re: All forums user should reset their password

Post by ironforger » Tue Mar 01, 2016 9:23 am

Where do I go to change my password? I cant find where to change it! I checked in user profile and control panel. Can't find it!!! Please help. Thanks

User avatar
karlchen
Level 20
Level 20
Posts: 10847
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Forum Security

Post by karlchen » Tue Mar 01, 2016 9:25 am

Let me add: those users who have not received Clem's e-mail, yet, can find the exact same words in Clem's post here:
All forums user should reset their password, section "What is being done to prevent this in the future?", last paragraph. :wink:
Image
Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.22a 64-bit
Ubuntu 18.04.2 32-bit Mate Desktop, Total Commander 9.22a 32-bit
Windows? - 1 window in every room

Habitual
Level 13
Level 13
Posts: 4870
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: All forums user should reset their password

Post by Habitual » Tue Mar 01, 2016 9:35 am

ironforger wrote:Where do I go to change my password? I cant find where to change it! I checked in user profile and control panel. Can't find it!!! Please help. Thanks
I used ucp.php?mode=sendpassword and I was "back in" inside of 3 minutes.
Prior to that....at least a dozen captchas w\out success.

Worth a shot? YMMV

Let's hope your contact_email is up-to-date, and you have access to it.
Last edited by Habitual on Tue Mar 01, 2016 9:43 am, edited 1 time in total.

User avatar
Moem
Level 18
Level 18
Posts: 8879
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: All forums user should reset their password

Post by Moem » Tue Mar 01, 2016 9:40 am

ironforger wrote:Where do I go to change my password? I cant find where to change it! I checked in user profile and control panel. Can't find it!!! Please help. Thanks
User control panel => Profile => Edit account settings.

Direct link: ucp.php?i=ucp_profile&mode=reg_details
Last edited by xenopeek on Tue Mar 01, 2016 9:47 am, edited 1 time in total.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
ganamant
Level 4
Level 4
Posts: 384
Joined: Sun Mar 29, 2015 4:08 pm

Re: All forums user should reset their password

Post by ganamant » Tue Mar 01, 2016 9:50 am

Thanks, I got my email no problem and I have reset the password, but I keep being asked to solve a captcha ever since. Is this normal?

It is common sense, but still very good advice, to use unique passwords. I would add that it's even better that they be random-generated by machine, rather than a human brain thinking them up.
clem wrote:
Can the hackers decrypt my password?

No, but they can "find" it by brute-force [...]

How long would it take for the hackers to decrypt my password?

They're hashed and salted, but that only slows them down [...]
In the quoted passage, I feel that the word 'cracker' would fit in better than 'hacker'.

Habitual
Level 13
Level 13
Posts: 4870
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Linux Mint Forum compromised email

Post by Habitual » Tue Mar 01, 2016 10:10 am

Cosmo. wrote:
Barny wrote:This is the first time I have visited this site for well over a year, so definitely not me trying to login.
And nobody else. This is a known problem with the forum's configuration. The team is working on it. There is no security problem behind the fact, that you get this warning and the need to solve the puzzle (aka captcha).
ucp.php?mode=sendpassword is the 3 minute solution I employed for the obscenely aggressive captcha feature.

User avatar
xenopeek
Level 24
Level 24
Posts: 23957
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: All forums user should reset their password

Post by xenopeek » Tue Mar 01, 2016 10:20 am

Currently you'll get that incorrect "too many failed logins" message each time you log in. We're working on solving that.
Image

altair4
Level 19
Level 19
Posts: 9596
Joined: Tue Feb 03, 2009 10:27 am

Re: All forums user should reset their password

Post by altair4 » Tue Mar 01, 2016 10:36 am

marke54805 wrote:Time to throw out phpBB! And while you're at it cancel my account.
If you wish to cancel your account there's no point in asking for it within a topic in the forum. Ask for it directly to an Admin:
memberlist.php?mode=contactadmin

The link is at the bottom of this page: Contact Us

And try to be nice about it and without any profanity. Being an Admin is a thankless job. In fact I often wonder what personality peculiarities one possesses to even think about being one.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.

User avatar
sdibaja
Level 5
Level 5
Posts: 682
Joined: Sun May 08, 2011 12:57 pm
Location: Baja California, Mexico

Re: All forums user should reset their password

Post by sdibaja » Tue Mar 01, 2016 10:55 am

altair4 wrote:Being an Admin is a thankless job. In fact I often wonder what personality peculiarities one possesses to even think about being one.
that is profound
thanks for your service
Peter
Mate desktop https://mate-desktop.org/
Debian GNU/Linux operating system: https://cdimage.debian.org/images/unoff ... -firmware/

User avatar
karlchen
Level 20
Level 20
Posts: 10847
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: All forums user should reset their password

Post by karlchen » Tue Mar 01, 2016 12:00 pm

Hi, Da_Thunderbird.

Of course it is up to you to decide which distribution you trust and which distribution you use.
Yet, the reason that you give for not trusting Linux Mint is a bit far-fetched to put it mildly.
The Linux Mint forum website has been broken into. This suggests that the old website had not been secured properly. This, however, does not have any impact on the security of Linux Mint.
The Linux Mint forum website has been setup from scratch on a different server, using a recent version of phpbb. The login process has been revamped and has been made more secure than it was before.
Sadly for the past few days this revamped login process has lead to a minor annoyance where the first login gets always rejected and a second login is needed that involves solving a captcha. How does this have any impact on the security of Linux Mint?

I fail to see the connection between both. Linux Mint is one thing. The Linux Mint forum is another thing.

Regards,
Karl
Image
Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.22a 64-bit
Ubuntu 18.04.2 32-bit Mate Desktop, Total Commander 9.22a 32-bit
Windows? - 1 window in every room

lexon
Level 6
Level 6
Posts: 1074
Joined: Sat Jan 31, 2009 10:53 pm
Location: MA USA

Re: All forums user should reset their password

Post by lexon » Tue Mar 01, 2016 12:09 pm

Looks like time to move on. The Mint forums login has become a real pain in the butt. Too bad.

L
Lindows, Linspire, Freespire, Ubuntu, Mint 15 Cinnamon, Mint 16 XFCE, Mint 17 Cinnamon 64 bit. MInt 19 64 bit Cinnamon.

User avatar
karlchen
Level 20
Level 20
Posts: 10847
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: All forums user should reset their password

Post by karlchen » Tue Mar 01, 2016 12:13 pm

Do not permit yourself to be frustrated so easily by such minor annoyances. There are worse problems in life. Consider the captcha a temporary game which will be forgotten soon.
Image
Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.22a 64-bit
Ubuntu 18.04.2 32-bit Mate Desktop, Total Commander 9.22a 32-bit
Windows? - 1 window in every room

User avatar
Sector11
Level 3
Level 3
Posts: 175
Joined: Mon Nov 22, 2010 10:33 am

Re: All forums user should reset their password

Post by Sector11 » Tue Mar 01, 2016 1:06 pm

sdibaja wrote:
altair4 wrote:Being an Admin is a thankless job. In fact I often wonder what personality peculiarities one possesses to even think about being one.
that is profound
thanks for your service
+1 KUDOS to Admin and Mods - everywhere!
Thank you. <--↑(up there too)↑ see not 'totally' thankless. ;)
Using: BunsenLabs based on Debian Stable.
Conky PitStop

User avatar
killer de bug
Level 14
Level 14
Posts: 5415
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: All forums user should reset their password

Post by killer de bug » Tue Mar 01, 2016 5:18 pm

Da_Thunderbird wrote: I'm with Marke, and so pissed that I used my real email that I removed Mint from computers as it cannot be trusted.
Don't forget to throw away your sony devices. Their web site was hacked too.
If it ain't broke, fix it until it is.

User avatar
sdibaja
Level 5
Level 5
Posts: 682
Joined: Sun May 08, 2011 12:57 pm
Location: Baja California, Mexico

Re: All forums user should reset their password

Post by sdibaja » Tue Mar 01, 2016 5:28 pm

Da_Thunderbird wrote:
xenopeek wrote:Currently you'll get that incorrect "too many failed logins" message each time you log in. We're working on solving that.

I'm with Marke, and so pissed that I used my real email that I removed Mint from computers as it cannot be trusted. Debian or FreeBSD for me for the foreseeable future.
Reading Comprehension... it is a BIG challenge for some.

https://www.youtube.com/watch?v=zvfD5rnkTws
Peter
Mate desktop https://mate-desktop.org/
Debian GNU/Linux operating system: https://cdimage.debian.org/images/unoff ... -firmware/

Post Reply

Return to “Chat about Linux Mint”