Home    Register now!    Become a Master       All games    Stats    Help    Forum   About us

Forum

General

Hacked

AuthorMessage
Ronald
25-05-2016 23:48:43
It seems today we were hacked and a lot of passwords were changed. So a lot of players had to request a new password to be able to log in again.

Please note that we don't store password in the database. The passwords are hashed and that hash is stored. So when you log in, we hash the password you use and compare the hashed version with what is in the database. From the hash it is virtually impossible to retrieve the original password. So even if the hacker has downloaded the passwords, he only has the hashes.

I've looked at what the hacker has done and it was quite a random affair. Looks like some program just shot a lot of requests using some weird query strings to the site. I suspect that they didn't even steal any information, and accidently over-wrote a lot of passwords. The requests were fired from 89.28.3.227.

If anyone can offer some help to prevent this from happening again, I'm open for suggestions.
Ronald
26-05-2016 07:30:46
I've added some extra grace time to all active games to prevent people from timing out because of this issue.
rolle
26-05-2016 15:06:48
ah, I see, it drove me nuts yesterday

the request thing didn't work either, my mail web didn't open the link



Page generated in 0.006 sec