220 replies to this topic

[lieudusty]

Using debian now... Which seems easier to use in my opinion.

[Shnupbups]

Just noticed the topic title says that comptuercraft. #HardToSeeTypos

[Mads]

Why not do all of the en-/decryption with PHP? That way noone can see what you're doing, and you can change it to something else, while hackers would still be trying to decrypt SHAwhatever, and noone would know!

[Skullblade]

Quote

I've also recently noticed people don't know who has an account and who they can send messages to - so I've set up a simple website which lists all of the people who you can email. It can be found here (yes it's hosted on the Firewolf website...).

I cant get on that website is it down?
Edit: I'm getting a server error when I try to register...are your webpages all down?

[zekesonxx]

No, don't bother to read his posts. Just instantly start complaining.

[GravityScore]

Skullblade, on 16 January 2013 - 05:36 AM, said:

Quote

I've also recently noticed people don't know who has an account and who they can send messages to - so I've set up a simple website which lists all of the people who you can email. It can be found here (yes it's hosted on the Firewolf website...).

I cant get on that website is it down?
Edit: I'm getting a server error when I try to register...are your webpages all down?

GravityScore, on 14 January 2013 - 11:32 AM, said:

Ok well. Lieudusty was updating linux, which involved wiping the disk. We forgot to take backups of the PHP files and now they're gone.

So... dammit.

Expect downtime for the next few days while we re-write everything

Everything was hosted on there, so everything is gone including that website

[Skullblade]

oh sorry to bother you..i thought that when you talked about the update on the PHP status it was up...
sorry 2 bother u

[nutcase84]

It's not working. Please fix. I get a server error.

[Skullblade]

GravityScore, on 16 January 2013 - 05:47 AM, said:

Skullblade, on 16 January 2013 - 05:36 AM, said:

Quote

I've also recently noticed people don't know who has an account and who they can send messages to - so I've set up a simple website which lists all of the people who you can email. It can be found here (yes it's hosted on the Firewolf website...).

I cant get on that website is it down?
Edit: I'm getting a server error when I try to register...are your webpages all down?

GravityScore, on 14 January 2013 - 11:32 AM, said:

Ok well. Lieudusty was updating linux, which involved wiping the disk. We forgot to take backups of the PHP files and now they're gone.

So... dammit.

Expect downtime for the next few days while we re-write everything

Everything was hosted on there, so everything is gone including that website

nutcase84, on 16 January 2013 - 07:02 AM, said:

It's not working. Please fix. I get a server error.

Nutcase all of his websites are down and he has to rewrite the PHP from scratch...give him some time

[GravityScore]

nutcase84, on 16 January 2013 - 07:02 AM, said:

It's not working. Please fix. I get a server error.

GravityScore, on 14 January 2013 - 11:32 AM, said:

Ok well. Lieudusty was updating linux, which involved wiping the disk. We forgot to take backups of the PHP files and now they're gone.

So... dammit.

Expect downtime for the next few days while we re-write everything

[Skullblade]

we posted at same time Gravity LOL

[NeverCast]

TheOriginalBIT, on 14 January 2013 - 08:58 PM, said:

NeverCast, on 14 January 2013 - 11:44 AM, said:

That means adding some known garbage to the end of someones password, so even if the user types in 12345 as their password, It becomes 12345kjdfshafdksafkjsf before it is hashed, making it harder to brute force because you can't use pre-generated hashes to crack it.

Only problem with salting with Lua/CC programs is that unless the program is converted to byte-code, someone can easily just open your program and look at your salt... even with the program in byte-code they can still look up the salt ( it just takes a little longer )...

I'm not sure what you think the purpose of salting is, but salts are not secrets, You can post your salt publicly without defeating it's purpose. A salt isn't private, all the salt is meant to do is make the computational time greater. Because they can't use pre-generated rainbow tables. That said, Keeping your salt private does help

[Skullblade]

NeverCast, on 16 January 2013 - 07:58 AM, said:

I'm not sure what you think the purpose of salting is, but salts are not secrets, You can post your salt publicly without defeating it's purpose. A salt isn't private, all the salt is meant to do is make the computational time greater. Because they can't use pre-generated rainbow tables. That said, Keeping your salt private does help

you could always salt it in PHP on the server right? then it would be a secret

[GravityScore]

NeverCast, on 16 January 2013 - 07:58 AM, said:

TheOriginalBIT, on 14 January 2013 - 08:58 PM, said:

NeverCast, on 14 January 2013 - 11:44 AM, said:

That means adding some known garbage to the end of someones password, so even if the user types in 12345 as their password, It becomes 12345kjdfshafdksafkjsf before it is hashed, making it harder to brute force because you can't use pre-generated hashes to crack it.

Only problem with salting with Lua/CC programs is that unless the program is converted to byte-code, someone can easily just open your program and look at your salt... even with the program in byte-code they can still look up the salt ( it just takes a little longer )...

I'm not sure what you think the purpose of salting is, but salts are not secrets, You can post your salt publicly without defeating it's purpose. A salt isn't private, all the salt is meant to do is make the computational time greater. Because they can't use pre-generated rainbow tables. That said, Keeping your salt private does help

The salt is added on the PHP server, so it is secret.

But one of the big features of salts is they are ment to be different for each password. Stored separately in the MySQL database.
A really good article I found can be found here.

[Left4Cake]

You should change your signature on the form to reflect that the server is down.

[Mandrake Fernflower]

Gravity, Mk352 (Weaboo) crashed your php server with a worm he executed on many servers

[GravityScore]

Mandrake Fernflower, on 16 January 2013 - 10:38 AM, said:

Gravity, Mk352 (Weaboo) crashed your php server with a worm he executed on many servers

Lieu noticed the server was getting spammed, so he closed the port just in case (he had only just switched to debian, and was not sure if iptables worked yet). He said he would set it up properly when he got home from school

[ChaddJackson12]

Just a question. Is there a way possible you could only allow so many commands(or whatever they're called) from one IP per minute, So people can't spam your server so much?

[zekesonxx]

ChaddJackson12, on 19 January 2013 - 05:55 AM, said:

Just a question. Is there a way possible you could only allow so many commands(or whatever they're called) from one IP per minute, So people can't spam your server so much?

That is called ratelimiting.

[CastleMan2000]

Come on, Grav, when will the server be back up? It's been over a week!