| Author | Message |
|---|---|
 MOROBE1 |
Date sent: 2017/10/05 07:20:35
I politely request that the owner of the sight makes it so when we sign up that it isn't an insecure connection? because i don't want my computer hacked if the sight gets hacked. |
 luigiofthebakery Moderator |
Date sent: 2017/10/05 08:25:48
Are you willing to pay the $12 per year it costs for an SSL certificate?I don't think you even know what an insecure connection means, it just sends data in plain text rather than encrypting it. There's no way people can hack into your computer just by intercepting the connection. Even with a secure, encrypted connection, you can still get your computer hacked if you download and run malware. Encryption just protects the visibility of the data in transit. |
 Harvoo |
Date sent: 2017/10/05 08:54:15
Just dont use your real life passwords or email for this site and youll be fine you sponge |
 thomasjones |
Date sent: 2017/10/05 15:37:17
I belive that, unless your connection is intercepted when logging in, your password is safe as its stored as a hash on the website . In other words its encryted when stored by the website. |
thomasjones |
Date sent: 2017/10/05 15:56:37
There is a way to improve security without getting a ssl certificate.So when you log into the account for the very first time you will send your password to the website. And you will get a key back (save it as a cookie?). So the next time you log on from that device it checks the password on the users side and send the key not the password to allow you to log on. The only benefit this would have is to stop people getting your password but there are other ways and they can still intercept your connection and log on to your account. Tbh its not worth implementing as u can just use a different password to everything else. |
 ACeTheGreat98 |
Date sent: 2017/10/05 21:02:49
Although, I think it is secure enough, $1 a month doesn't seem that costly considering several staff members have had their accounts compromised in the past. |
luigiofthebakery Moderator |
Date sent: 2017/10/06 05:35:58
Ace that was because the website was hacked and those members didn't have secure enough long passwords, allowing the hacker to brute force the hash tom mentioned. |
 CaptainSpaceSheep |
Date sent: 2017/10/07 07:17:37
My account was the first to be hacked, but luckily i was on while it happened so it said I logged in from another location. I joined back and had tnt in my hand and a few blocks around memwere destroyed. I reset my password so they tried hacking my email but i ended up getting the hackers ip. |
 ckvoss |
Date sent: 2017/10/07 14:25:39
My account got hacked while i was sleeping... not good. Banned players and griefed thousands and thousands of blocks... They also took my search history and put it on the forums. Thanks to James, nobody saw it. |
 Presinus |
Date sent: 2017/10/07 19:56:25
Thank you James!+1 Respect |
thomasjones |
Date sent: 2017/10/08 10:20:22
Moral of the story, dont use the same password for everything. |
Harvoo |
Date sent: 2017/10/09 10:10:50
Ckvoss they hacked your email aswell and sent me your search history im pretty sure |
Presinus |
Date sent: 2017/10/09 13:51:11
Now Harvoo knows Ck was looking up "how to prove your online friends you don't have a bowl-cut." |
 Aouldrain |
Date sent: 2017/10/09 18:07:55
Do you guys mind if I start a cancer repost thing? No? Ok.This thread has been visited by the spooky hacker ghost. Repost this paragraph on 5 other threads or you'll die. |
CaptainSpaceSheep |
Date sent: 2017/10/09 21:02:11
oh no!!,!!1!! What will i do????.???..?.?. Aould u hace started bad man stuff1! 1!1!1 |
Aouldrain |
Date sent: 2017/10/10 00:01:04
you better repost it then |
Presinus |
Date sent: 2017/10/10 01:52:25
I better have a 5-star funeral then. |
 Tye |
Date sent: 2017/10/18 20:19:09
wait, people take the time to hack a website dedicated to minecraft? |
luigiofthebakery Moderator |
Date sent: 2018/05/02 04:03:43
The login and register pages are now secured with https. You can also access every other page via https but it's not forced by default. Comment if you think the whole website should be https by default (it might slow down a bit because of the encryption and decryption). |
 Ruben |
Date sent: 2018/05/31 20:30:51
ok, luigi, after half a year, you were able to sort of solve the MITM problem...next year you switch out of MD5? |
thomasjones |
Date sent: 2018/05/31 21:35:56
"Using salted md5 for passwords is a bad idea. Not because of MD5's cryptographic weaknesses, but because it's fast. This means that an attacker can try billions of candidate passwords per second on a single GPU."Hmmm https://security.stackexchange.com/questions/19906/is-md5-considered-insecure Don't worry guys your passwords can easily be cracked and used to break into your minecraft accounts. It happened with staff before. For example, Spyro, Tones and James I think. yea the hacker reeked havok on the server griefing and banning. Oh btw cause some of the staff were OP the other staff couldn't ban the comprimised accounts. But don't worry its to much hassle for luigi to change it :) |
Presinus |
Date sent: 2018/05/31 22:26:33
Wait I just realized he said $12 a year.At minimum wage, that's only 51 minutes of work. If you think $12/year is expensive, then Mr Krabs doesn't look like such a cheapskate anymore. |
 JamesSkullBlood Moderator |
Date sent: 2018/05/31 23:21:25
@Thomasjones952 I wasn't hacked. |
thomasjones |
Date sent: 2018/06/01 00:14:06
Ah right. Yea your was the one I wasn't quite sure about. |
luigiofthebakery Moderator |
Date sent: 2018/06/01 00:27:43
If you have a long, secure password then even billions of guesses per second won't be enough to crack it. Alternatively if you use an insecure password, it doesn't really matter which hashing algorithm I use, hackers will still be able to crack your password through a brute force attack if they get hold of the database.https://www.grc.com/haystack.htm |
Ruben |
Date sent: 2018/06/01 05:23:20
Have you ever heard of collisions? MD5 has tons of it, just give it a quick search.If you want to keep MD5’s speed try a system like Prestashop’s where they have a « cookie key » stored in the website’s code (doesn’t behave like an actual cookie) and they create a MD5 hash by concatenating the password with the cookie key. It’s still not reliable enough tbh, just change to a proper hashing method, you’d be sacrifying not a lot of speed for more user security, which seems to be a good deal to me |
