All forums user should reset their password

[Cosmo.]

This is the first time I have visited this site for well over a year, so definitely not me trying to login.

And nobody else. This is a known problem with the forum's configuration. The team is working on it. There is no security problem behind the fact, that you get this warning and the need to solve the puzzle (aka captcha).

[romanybob]

People have been telling you about this breach for ages???? Why so slow to react?
I received a notice too, from when I used mint a few years ago. Thank god I don't use it any more! The corrupt iso's too??? confused?
I am very happily an Arch user now, have been for a while, rock solid. Also very secure.
Bye Mint.
(P.S. If you want to abuse/flame me, your too late, that's why I left mint and the community in the first place.)

[damoney777]

Ahhh... this explains why I started getting junk email. I never have received any in the email account I use here previously. Interesting. Thank you for notifying us all. Always use the strongest password (maximum amount of characters) possible. Never ever use the same PW on other site/accts. I use a PW generator and keep them on a encrypted Flash Drive. They are then copy/pasted into the PW field when required. I then clear my clipboard w/ Glipper afterwards. I started doing this after finding a keylogger on my Windblows box about 9 mos before the Snowden revelations. The KL I found lead back to a N-Esay ip. Told a few about it and they thought I was claaaazzzzy. Huh :p

[xenopeek]

From the link in the email you received:

On the servers themselves, the team worked day and night to harden as many aspects as possible. Each website is now running on its very own server. All websites are now behind a strict firewall and the presence of malware is monitored by a security firm. Many restrictions were placed on apache and php to restrict their scope and privileges. All automated backups were reviewed. Https was implemented to prevent man-in-the-middle attacks.

[Moem]

Bye Mint.

Bye bye! *smiles and waves*

[ironforger]

Where do I go to change my password? I cant find where to change it! I checked in user profile and control panel. Can't find it!!! Please help. Thanks

[karlchen]

Let me add: those users who have not received Clem's e-mail, yet, can find the exact same words in Clem's post here:
All forums user should reset their password, section "What is being done to prevent this in the future?", last paragraph.

[Habitual]

Where do I go to change my password? I cant find where to change it! I checked in user profile and control panel. Can't find it!!! Please help. Thanks

I used ucp.php?mode=sendpassword and I was "back in" inside of 3 minutes.
Prior to that....at least a dozen captchas w\out success.

Worth a shot? YMMV

Let's hope your contact_email is up-to-date, and you have access to it.

[Moem]

Where do I go to change my password? I cant find where to change it! I checked in user profile and control panel. Can't find it!!! Please help. Thanks

User control panel => Profile => Edit account settings.

Direct link: ucp.php?i=ucp_profile&mode=reg_details

[ganamant]

Thanks, I got my email no problem and I have reset the password, but I keep being asked to solve a captcha ever since. Is this normal?

It is common sense, but still very good advice, to use unique passwords. I would add that it's even better that they be random-generated by machine, rather than a human brain thinking them up.

Can the hackers decrypt my password?

No, but they can "find" it by brute-force [...]

How long would it take for the hackers to decrypt my password?

They're hashed and salted, but that only slows them down [...]

In the quoted passage, I feel that the word 'cracker' would fit in better than 'hacker'.

[Habitual]

This is the first time I have visited this site for well over a year, so definitely not me trying to login.

And nobody else. This is a known problem with the forum's configuration. The team is working on it. There is no security problem behind the fact, that you get this warning and the need to solve the puzzle (aka captcha).

ucp.php?mode=sendpassword is the 3 minute solution I employed for the obscenely aggressive captcha feature.

[xenopeek]

Currently you'll get that incorrect "too many failed logins" message each time you log in. We're working on solving that.

[altair4]

Time to throw out phpBB! And while you're at it cancel my account.

If you wish to cancel your account there's no point in asking for it within a topic in the forum. Ask for it directly to an Admin:
memberlist.php?mode=contactadmin

The link is at the bottom of this page: Contact Us

And try to be nice about it and without any profanity. Being an Admin is a thankless job. In fact I often wonder what personality peculiarities one possesses to even think about being one.

[sdibaja]

Being an Admin is a thankless job. In fact I often wonder what personality peculiarities one possesses to even think about being one.

that is profound
thanks for your service

[karlchen]

Hi, Da_Thunderbird.

Of course it is up to you to decide which distribution you trust and which distribution you use.
Yet, the reason that you give for not trusting Linux Mint is a bit far-fetched to put it mildly.
The Linux Mint forum website has been broken into. This suggests that the old website had not been secured properly. This, however, does not have any impact on the security of Linux Mint.
The Linux Mint forum website has been setup from scratch on a different server, using a recent version of phpbb. The login process has been revamped and has been made more secure than it was before.
Sadly for the past few days this revamped login process has lead to a minor annoyance where the first login gets always rejected and a second login is needed that involves solving a captcha. How does this have any impact on the security of Linux Mint?

I fail to see the connection between both. Linux Mint is one thing. The Linux Mint forum is another thing.

Regards,
Karl

[lexon]

Looks like time to move on. The Mint forums login has become a real pain in the butt. Too bad.

L

[karlchen]

Do not permit yourself to be frustrated so easily by such minor annoyances. There are worse problems in life. Consider the captcha a temporary game which will be forgotten soon.

[Sector11]

Being an Admin is a thankless job. In fact I often wonder what personality peculiarities one possesses to even think about being one.

that is profound
thanks for your service

+1 KUDOS to Admin and Mods - everywhere!
Thank you. <--↑(up there too)↑ see not 'totally' thankless.

[killer de bug]

I'm with Marke, and so pissed that I used my real email that I removed Mint from computers as it cannot be trusted.

Don't forget to throw away your sony devices. Their web site was hacked too.

[sdibaja]

Currently you'll get that incorrect "too many failed logins" message each time you log in. We're working on solving that.

I'm with Marke, and so pissed that I used my real email that I removed Mint from computers as it cannot be trusted. Debian or FreeBSD for me for the foreseeable future.

Reading Comprehension... it is a BIG challenge for some.

https://www.youtube.com/watch?v=zvfD5rnkTws