Harwinder

(ɔ◔‿◔)ɔ ♥ [̲̅$̲̅(̲̅ιοο̲̅)̲̅$̲̅]
Original poster
veteran
old school
senior
Life Saver
coldschool
member
Joined
Sep 7, 2015
Posts
1,423
Reaction score
4,104
Points
197
Location
Netherlands
Dear TBN members,

This thread is mainly made to alert you about password security. Many users use the exact same password across multiple websites. Doing that can cause a very big issue when for example a database is breached and leaked. My appeal to users who use the same password for multiple sites is to change that password to a different unique one. Most people will say that its common sense to use different passwords across websites, but in reality there are many users who use the same password for multiple websites.

I personally use this website to generate secure passwords:
http://password.to/

I have also listed their Tips on preventing an hack here below.
To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method, you should notice that:

1. Do not use the same password, security question and answer for multiple important accounts.

2. Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol.

3. Do not use the names of your families, friends or pets in your passwords.

4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, and so on in your passwords.

5. Do not use any dictionary word in your passwords.

6. Do not use two or more similar passwords which most of their characters are same, for example, ilovefreshflowersMac, ilovefreshflowersDropBox, since if one of these passwords is stolen, then it means that all of these passwords are stolen.

7. Do not use something that can be cloned( but you can't change ) as your passwords, such as your fingerprints.

8. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) store your passwords, since all passwords saved in Web browsers can be revealed easily.

9. Do not log in to important accounts on the computers of others, or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy.

10. Do not send sensitive information online via HTTP or FTP connections, because messages in these connections can be sniffed with very little effort. You should use encrypted connections such as HTTPS and SFTP whenever possible.

11. When traveling, you can encrypt your Internet connections before they leave your laptop, tablet, mobile phone or router. For example, you can set up a private VPN( with MS-CHAP v2 or stronger protocols ) on your own server( home computer, dedicated server or VPS ) and connect to it. Alternatively, you can set up an encrypted SSH tunnel between your router and your home computer( or a remote server of your own ) with PuTTY and connect your programs( e.g. FireFox ) to PuTTY. Then even if somebody captures your data as it is transmitted between your device( e.g. laptop, iPhone, iPad ) and your server with a packet sniffer, they'll won't be able to steal your data and passwords from the encrypted streaming data.

12. How secure is my password? Perhaps you believe that your passwords are very strong, difficult to hack. But if a hacker has stolen your username and the MD5 hash value of your password from a company's server, and the rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly.

To check the strength of your passwords and know whether they're inside the popular rainbow tables, you can convert your passwords to MD5 hashes on this MD5 hash generator, then decrypt your passwords by submitting these hashes to an online MD5 decryption service. For instance, your password is "0123456789A", using the brute-force method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting its MD5 hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack it? You can perform the test yourself.

13. It's recommended to change your passwords every 10 weeks.

14. It's recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password management software.

15. Encrypt and backup your passwords to different locations, then if you lost access to your computer or account, you can retrieve your passwords back quickly.

16. Turn on 2-step authentication whenever possible.

17. Do not store your critical passwords in the cloud.

18. Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name carefully, it's a good idea to check the popularity of a website with Alexa toolbar to ensure that it's not a phishing site before entering your password.

19. Protect your computer with firewall and antivirus software, block all incoming connections and all unnecessary outgoing connections with the firewall. Download software from reputable sites only, and verify the MD5 / SHA1 / SHA256 checksum or GPG signature of the installation package whenever possible.

20. Keep the operating systems( e.g. Windows 7, Windows 10, Mac OS X, iOS, Linux ) and Web browsers( e.g. FireFox, Chrome, IE, Microsoft Edge ) of your devices( e.g. Windows PC, Mac PC, iPhone, iPad, Android tablet ) up-to-date by installing the latest security update.

21. If there are important files on your computer, and it can be accessed by others, check if there are hardware keyloggers( e.g. wireless keyboard sniffer ), software keyloggers and hidden cameras when you feel it's necessary.

22. If there are WIFI routers in your home, then it's possible to know the passwords you typed( in your neighbor's house ) by detecting the gestures of your fingers and hands, since the WIFI signal they received will change when you move your fingers and hands. You can use an on-screen keyboard to type your passwords in such cases, it would be more secure if this virtual keyboard( or soft keyboard ) changes layouts every time.

23. Lock your computer and mobile phone when you leave them.

24. Encrypt the entire hard drive with LUKS or similar tools before putting important files on it, and destroy the hard drive of your old devices physically if it's necessary.

25. Access important websites in private or incognito mode, or use one Web browser to access important websites, use another one to access other sites. Or access unimportant websites and install new software inside a virtual machine created with VMware, VirtualBox or Parallels.

26. Use at least 3 different email addresses, use the first one to receive emails from important sites and Apps, such as Paypal and Amazon, use the second one to receive emails from unimportant sites and Apps, use the third one( from a different email provider, such as Outlook and GMail ) to receive your password-reset email when the first one( e.g. Yahoo Mail ) is hacked.

27. Use at least 2 differnet phone numbers, do NOT tell others the phone number which you use to receive text messages of the verification codes.

28. Do not click the link in an email or SMS message, do not reset your passwords by clicking them, except that you know these messages are not fake.

29. Do not tell your passwords to anybody in the email.

30. It's possible that one of the software or App you downloaded or updated has been modified by hackers, you can avoid this problem by not installing this software or App at the first time, except that it's published to fix security holes. You can use Web based apps instead, which are more secure and portable.

31. Be careful when using online paste tools and screen capture tools, do not let them to upload your passwords to the cloud.

32. If you're a webmaster, do not store the users passwords, security questions and answers as plain text in the database, you should store the salted hash values of these strings instead.

One question could also be. Where do i store all these generated passwords? If you for example join 100 websites it will be super difficult to keep track of all of them. Here are some suggestions:

KeePass, a free local password manager.
http://keepass.info/

LastPass, an Online password manager.
https://www.lastpass.com/

If you guys have any tips or suggestions feel free to tell me.

Have a nice day!

:top:

__________

We have also added a Login Security page to TBN!

http://thebot.net/account/login-security

xa3mAdp.png


Here you can monitor your login attempts with the Date of login, the IP Address, if the Login was Successful and if the 2FA was Successful. We as TBN staff care about our users their security. We really hope you will like this new addition to the forum!

Have a great day!

TBN Staff
 
Last edited by a moderator:

IMakeEmSwoon

Good Ole Frankie
member
Joined
Mar 28, 2014
Posts
299
Reaction score
134
Points
112
Age
24
stolen from leakforums.net? :motherofgod:

jk thanks buddy.
 

ryukensfj

Jiggler Jiggles My Balls
admin
smod
veteran
old school
senior
Life Saver
coldschool
member
Joined
Mar 6, 2011
Posts
5,358
Reaction score
5,910
Points
402
Location
Clouds
Website
primedice.com
Thanks @TJ!
 
  • Like
Reactions: Gucci

TJ

trillin
veteran
old school
senior
member
Joined
Feb 15, 2010
Posts
4,756
Reaction score
11,093
Points
328
Location
Chile
Thanks for the announcement and thanks to staff for getting me up to speed on what needs done.

This is definitely not the end of compromised TBN accounts but we're doing what we can to prevent future scams.

Please use strong and different passwords!
(We will be enforcing this soon on all new members)
 

WrT

White Member
old school
senior
Life Saver
coldschool
member
Trade With Caution!
Joined
Apr 14, 2013
Posts
6,029
Reaction score
6,193
Points
218
Location
Europe
I believe its only intended to report a different ip at the moment.
Nope, not working. Tested 2 IPs. Even tried your account. Surprisingly it is not TJpass420
 

Laserus

Contributor
admin
smod
coder
veteran
old school
Life Saver
coldschool
Joined
Nov 6, 2011
Posts
7,730
Reaction score
12,175
Points
477
Location
SoCal
Nope, not working. Tested 2 IPs. Even tried your account. Surprisingly it is not TJpass420
Maybe it's accidentally set right now so that only mods/admins can see that. @TJ is out for the rest of the night, so he'll be back to take a look at it later tonight/tomorrow :)
 
  • Like
Reactions: sleak

WrT

White Member
old school
senior
Life Saver
coldschool
member
Trade With Caution!
Joined
Apr 14, 2013
Posts
6,029
Reaction score
6,193
Points
218
Location
Europe
Maybe it's accidentally set right now so that only mods/admins can see that. @TJ is out for the rest of the night, so he'll be back to take a look at it later tonight/tomorrow :)
Maybe thank WrT for noticing that.

EDITED: I tried new IP with correct password and I do get an email :), but no console on that link.
Great to see stuff happenin!
 
Last edited:
  • Like
Reactions: noref

CEED

Cleanin' Your Shit
veteran
old school
senior
coldschool
member
Joined
Apr 1, 2012
Posts
5,370
Reaction score
3,414
Points
223
Second time this year. Okey the first one was a big one.
 

Mmo01

Senior
senior
member
Joined
Jun 5, 2011
Posts
1,623
Reaction score
404
Points
292
I've been breached 2 times lol

Are you going to *bump* all the old thread... ? :bruh:

This one is from 2016 .... :cryfam:
 
  • Like
Reactions: paru

gromegnome

Member
member
Joined
Jan 4, 2011
Posts
354
Reaction score
40
Points
141
sh*t.... 12 times i've been pwned XD :motherofgod:
 
  • Like
Reactions: paru