|It seems today we were hacked and a lot of passwords were changed. So a lot of players had to request a new password to be able to log in again. |
Please note that we don't store password in the database. The passwords are hashed and that hash is stored. So when you log in, we hash the password you use and compare the hashed version with what is in the database. From the hash it is virtually impossible to retrieve the original password. So even if the hacker has downloaded the passwords, he only has the hashes.
I've looked at what the hacker has done and it was quite a random affair. Looks like some program just shot a lot of requests using some weird query strings to the site. I suspect that they didn't even steal any information, and accidently over-wrote a lot of passwords. The requests were fired from 18.104.22.168.
If anyone can offer some help to prevent this from happening again, I'm open for suggestions.
|I've added some extra grace time to all active games to prevent people from timing out because of this issue.|
|ah, I see, it drove me nuts yesterday|
the request thing didn't work either, my mail web didn't open the link
Page generated in 0.4 sec