AGEOD Forums

Hi everybody!

We are very happy to be able to re-open the forums after having to shut them down on short notice following last week's successful hacker intrusion.

As you can see, we have gone through a full-scale upgrade of the forums, and we have also gone through a rather radical change with the forum colors. In other words, a lot of things have changed, both visually and "under the hood". We hope and believe that the changes are for the better, but we also realize that "your mileage may vary". If you'd like to let us know what you think of it all, we're quite interested in hearing about your opinions and experiences, but we do insist that you keep any criticism you might have constructive

NOTE! Due to the unwelcome visitors, all passwords have been invalidated. We know for sure that a large number of passwords were cracked, and even if we didn't have any indications about the rest, non-cracked passwords, we couldn't trust them either. This means that everyone has to reset their password before regaining access to the forums. To reset your password, simply go to http://www.ageod-forum.com/login.php?do=lostpw and follow the instructions there.

With regards,
Arne Vedo-Hansen AKA Rafiki
Forum Admin

Great to have you back, fellow forumites. Yeeehaa!

Hello !

I am very glad the forums are back !!

I will take a little time, for sure, to get used to the new look, but that's fine !

Great job, Rafiki

I am prepared to be assimilated... thanks for your effort

Glad you're back and a pox upon all hackers. Site looks very good, kudos to all involved in the repair and updating!

-C

Looking good - weird - but good! Thanks Arne!

I'm just happy that things are returning to normal (though perhaps a slightly more shiny version of normal? ).

Be advised, we'll probably be doing some tweaking in the time ahead, as get feedback and gain more experience with the new version of the forum. Nothing major, I hope, but it's likely to be a few small "glitches"here and there from time to time as we adjust the nuts and bolts in here

Regarding sugestions, maybe it would be better to increase the size or even change the color of the sub-forum titles. As they are, I have some difficulty in finding them at a glance.

Also, the little smileys shown at the left of a post text when we are in "advanced mode" editing are too small now, for my liking.

It looks as though a few medal rows and avatars will have to be redone in black if we are not going back to the original colour.
It is a bit dark in here - we need a woman to advise on colour scheme

Hobbes wrote:It is a bit dark in here - we need a woman to advise on colour scheme

+ 1

When you say that a large number of password were "cracked", how is that possible? Passwords on almost every forum out there, are encrypted and as far as I know nobody has ever cracked passwords that are properly encrypted.

Did you guys store our passwords as open text? If so, well that's just un..... I'll wait for a response before I go about preaching.

Regarding passwords, I resorted some time ago to Lastpass (free) to generate and store almost all my internet passwords. They are meaningless, "disposable", and I can access them in any device.

The only passwords that are not generated by LastPass and are only stored in my brain are those from my online bank...

AbeBaby wrote:When you say that a large number of password were "cracked", how is that possible? Passwords on almost every forum out there, are encrypted and as far as I know nobody has ever cracked passwords that are properly encrypted.

Did you guys store our passwords as open text? If so, well that's just un..... I'll wait for a response before I go about preaching.

No, all passwords are stored encrypted. However, if you have the crypt, and perhaps even information about salts and suchlike, it's possible to brute-force cracks by generating permutations of possible passwords and comparing to the stored crypts.

Though it takes a whole different kind of effort to crack an encrypted password (depending on encryption method) than to simply use an unencrypted password you've grabbed, it's far from impossible, I'm afraid.

Looking at the list of cracked passwords, I'd say that as a rule of thumb, if your password is 10 characters or less and consists solely of letters and numbers, it can be cracked in a fairly straight-forward manner by someone gaining access to the crypt. So mix it up with some special characters or simply use a passphrase of some kind.

The thing about lastpass that would concern me is this:

it'sEVERYWHERE
Automatically synchronizes your data: access it from anywhere at anytime.

This makes me believe that the passwords are stored on their servers or database etc and thus is accessible to hacking.

Question still stands... Were our passwords on this forum stored as plain text and if not then how were passwords cracked as when they are properly encrypted with (can't remember the name at the moment, salt, hash, cornbeef hash , yummmm) it's impossible to unencrypt them, which is why when forums store as encrypted passwords if you want to retrieve them you can't, you have to choose a new password.

Rafiki wrote:No, all passwords are stored encrypted. However, if you have the crypt, and perhaps even information about salts and suchlike, it's possible to brute-force cracks by generating permutations of possible passwords and comparing to the stored crypts.

.

Okay, I had to read that twice before I understood what you were saying.

Well, I hope you guys found out how they gained access to your forum database (and plugged up the hole) as that sounds likely the place where they would be able to grab a copy of the data of users and their encrypted passwords. Be it through your vbulletin admin panel, or through phpmyadmin or some program like that, which means though that they'd still need to have had an admin password (perhaps one that was weak?) to be able to get in there unless there was a security exploit in vbulletin, which would be pretty sad for a paid for product.

AbeBaby wrote:Okay, I had to read that twice before I understood what you were saying.

Hehe, my dayjob includes work with passwords, so I guess I plunged into it there

Well, I hope you guys found out how they gained access to your forum database (and plugged up the hole) as that sounds likely the place where they would be able to grab a copy of the data of users and their encrypted passwords. Be it through your vbulletin admin panel, or through phpmyadmin or some program like that, which means though that they'd still need to have had an admin password (perhaps one that was weak?) to be able to get in there unless there was a security exploit in vbulletin, which would be pretty sad for a paid for product.

We haven't been able to pinpoint how it happened, but we have our suspicions. They have been addressed, and I'm as confident as I feel I need to be that we won't see any similar incidents in the immediate future.

(The above statement is purposefully vague and hazy, since I don't wish to provide any specifics about what we do and don't do security-wise around here)

Franciscus wrote:Regarding sugestions, maybe it would be better to increase the size or even change the color of the sub-forum titles. As they are, I have some difficulty in finding them at a glance.

Hey, things are looking better already (or am I getting used to it ? )

Okay. Yes I understand how you wouldn't want your security practices being public knowledge.

I've got a website forum with over 110,000 members and it's subject to people attempting to hack into it on a regular basis. Funny thing is it's just a fan site for the Minecraft game, but I guess when you start to deal with thousands of members, you're dealing with all kinds. Some users on my own site often ask me questions about security on our site as if it's a question that thousands of people would ask me everyday on the site. But as said, you get all kinds when you start dealing with a lot of members.

Thought I should mention that the Thread Tools option at the top of the topic is not working correctly.

I am subscribed to this topic, and went to easily unsubscribe like I do on all VB forums, but when I click on Thread Tools at the top of this page it only lists the option to subscribe to the topic, but not unsubscribe when I am already subscribed.

Normally on a VB forum if I am subscribed to a topic, and click on the Thread Tools option at the top of the subscribed topic, it should dynamically change to show Unsubscribe from Topic (when the person is subscribed) and show Subscribe to topic (when the person is not subscribed).

Just thought I'd let you know.

I really dislike the new color scheme. It is much harder to read for us grognards, it does not look like the Ageod forum, it looks like the run of the mill forums for almost any gamesite.Technically challenged people like me cannot even figure out where to start a new thread.I will admit that I loved the classic forum, everything about it.

This bleh color scheme is a tragedy, at least for me.

And changing the appearance of the forum to this extent has the effect of letting the enemy who did this triumph, because you have let them change the great appearance of the classic forum through their antics. That is like admitting defeat. Before, you had no opportunity to ask us about the appearance, you should have kept the classic appearance to the extent possible. In appearance, it is not an upgrade, it is a debacle. I see this forum as my gaming family - It is like you painted the house we live in a different color without asking any of us. That is not what I expect from you, my friends, not at all. Please restore the forum to its classic look and colors, to the extent possible.

If any of you don't like the current color scheme, why not try an alternative that you can enable, yourself?

If you scroll to the very bottom of the thread, you'll see a combination box at the lower left that's called the "Quick Style Chooser". It may say something like "DarkVision". If you click the drop-down arrow, you'll see that there's another choice! On my list, the alternate choice is labeled "vb4 Default". This changes my color scheme to white, with blue trim.

There's another method, too! Select "General options" on your User Control Panel. At the bottom of the page, under the heading "miscellaneous", you'll see a subheading titled "skin". The box is identical to the "quick style chooser".

Aphrodite Mae wrote:If any of you don't like the current color scheme, why not try an alternative that you can enable, yourself?

If you scroll to the very bottom of the thread, you'll see a combination box at the lower left that's called the "Quick Style Chooser". It may say something like "DarkVision". If you click the drop-down arrow, you'll see that there's another choice! On my list, the alternate choice is labeled "vb4 Default". This changes my color scheme to white, with blue trim.

There's another method, too! Select "General options" on your User Control Panel. At the bottom of the page, under the heading "miscellaneous", you'll see a subheading titled "skin". The box is identical to the "quick style chooser".

Thank you, as the alternate choice is much easier to read. But it still does not look like the Ageod forum. Which, in my opinion, should be restored to its glorious classic appearance, as it was before it was defiled. Anything less would be to let the barbarians triumph, which is very disappointing.

I must agree with you on this. The original AGEOD forum had a unique style and look that somehow made it feel like AGEOD. The place where well crafted historical games were meticulously researched and presented with a high aesthetic value (the beautifully drawn maps and counter graphics) that set them apart from all the others. The quality games remain of course but the ambiance of the home forum has somehow diminished.

I prefer dark backgrounds to light. Everyone will get used to this. It's not inherently worse than the previous forum. People don't like change.

Lascar wrote:I must agree with you on this. The original AGEOD forum had a unique style and look that somehow made it feel like AGEOD. The place where well crafted historical games were meticulously researched and presented with a high aesthetic value (the beautifully drawn maps and counter graphics) that set them apart from all the others. The quality games remain of course but the ambiance of the home forum has somehow diminished.

+1

I feel like I'm in the Paradox Formums

Pat "Stonewall" Cleburne wrote:I prefer dark backgrounds to light. Everyone will get used to this. It's not inherently worse than the previous forum. People don't like change.

I will not get used to it. Every time I see this new forum, it makes me sad.

Lascar wrote:I must agree with you on this. The original AGEOD forum had a unique style and look that somehow made it feel like AGEOD. The place where well crafted historical games were meticulously researched and presented with a high aesthetic value (the beautifully drawn maps and counter graphics) that set them apart from all the others. The quality games remain of course but the ambiance of the home forum has somehow diminished.

Lascar, you have said it so well. This is AGEDD, not the others. AGEOD is unique, as should be its forum.The forum does not feel like home to me anymore.

Change is bad m'kay

Pat "Stonewall" Cleburne wrote:Change is bad m'kay

Change for the better is good, change for the worse is bad. If it is not broken, do not fix it.

Of course, we can agree to disagree.

And another thing - The classic forums evoked the feel of BOA, the very first Ageod game. They had artistic beauty . To replace them with this mediocrity is to see another bit of the unique beauty of Ageod disappear from a very bland world.
It is like replacing the Sistine Chapel with a Walmart.

Might it be a good idea to send emails to everyone letting them know that their passwords have been compromised? (in case they're bad people and use them for other things )