It would be pointless at least. They should be able to get the hash of your new password as easily as the current one.joby_toss wrote:BUT! If someone has full access to TPFC database, would it be wise to try and change anything in our accounts now (password, etc.)? This is my question.
House of fail (we got scraped)
Re: House of fail (we got scraped)
My YouTube channel | Release date of my 13th playlist: August 24, 2020
Re: House of fail (we got scraped)
This is a sad topic if I must say.
Re: House of fail (we got scraped)
This is too freakin' scary, so I choose not to believe it at this moment.
If the unthinkable happens and TPFC goes temporarily down, how could we still stay in touch (many users aren't even listing an e-mail address in their profiles)? I'm going to say something outrageous now, so please, forgive me: I wish there was a face.book page (or something similar) for this situation (yes, the #portablefreeware IRC channel is still live on freenode, but I lost all rights to it, not sure why)...
If the unthinkable happens and TPFC goes temporarily down, how could we still stay in touch (many users aren't even listing an e-mail address in their profiles)? I'm going to say something outrageous now, so please, forgive me: I wish there was a face.book page (or something similar) for this situation (yes, the #portablefreeware IRC channel is still live on freenode, but I lost all rights to it, not sure why)...
Re: House of fail (we got scraped)
The reason for most of us to not show email addresses publicly is fear of spam.joby_toss wrote:This is too freakin' scary, so I choose not to believe it at this moment.
If the unthinkable happens and TPFC goes temporarily down, how could we still stay in touch (many users aren't even listing an e-mail address in their profiles)? I'm going to say something outrageous now, so please, forgive me: I wish there was a face.book page (or something similar) for this situation (yes, the #portablefreeware IRC channel is still live on freenode, but I lost all rights to it, not sure why)...
If TPFC goes down, I believe we can temporarily go to PortableApps.com forums. They are closely related to us after all.
Me, in particular, you can reach via Google+. You can visit my YouTube channel (S9uareHead) that has a Google+ page.
My YouTube channel | Release date of my 13th playlist: August 24, 2020
- Andrew Lee
- Posts: 3084
- Joined: Sat Feb 04, 2006 9:19 am
- Contact:
Re: House of fail (we got scraped)
I'm trying my best to look into this.
I'd prefer not to discuss publicly the areas I'm looking into for obvious reasons until the dust has settled.
DO NOT PANIC!!!
I'd prefer not to discuss publicly the areas I'm looking into for obvious reasons until the dust has settled.
DO NOT PANIC!!!
- Andrew Lee
- Posts: 3084
- Joined: Sat Feb 04, 2006 9:19 am
- Contact:
Re: House of fail (we got scraped)
Guys, I am glad to report that it is indeed a proxy, probably with a content modification filter inserted to change slightly the pages it serve.
I made a stupid mistake earlier when I was checking the proxy hypothesis. When a search is performed with no results, the query is not added to the database. Because I was trying to "tag" the queries, the query keywords were ones which didn't return any results, hence the database was not modified. Once I took that into account and starting using keywords with non-zero results, the proxy hypothesis was confirmed.
It's a relief that nothing was leaked. I actually spent some time combing through the logs to ascertain that the server was not broken into. As far as I can tell, nothing suspicious was found.
Thanks to SYSTEM for coming up with the correct hypothesis! You are a genius!
@webfork: I will re-enable the backup procedure tomorrow once I run through everything again and am convinced that nothing was compromised. Thanks for your patience.
I made a stupid mistake earlier when I was checking the proxy hypothesis. When a search is performed with no results, the query is not added to the database. Because I was trying to "tag" the queries, the query keywords were ones which didn't return any results, hence the database was not modified. Once I took that into account and starting using keywords with non-zero results, the proxy hypothesis was confirmed.
It's a relief that nothing was leaked. I actually spent some time combing through the logs to ascertain that the server was not broken into. As far as I can tell, nothing suspicious was found.
Thanks to SYSTEM for coming up with the correct hypothesis! You are a genius!
@webfork: I will re-enable the backup procedure tomorrow once I run through everything again and am convinced that nothing was compromised. Thanks for your patience.
- Andrew Lee
- Posts: 3084
- Joined: Sat Feb 04, 2006 9:19 am
- Contact:
Re: House of fail (we got scraped)
I have also blocked the proxy IP (it's sneaky, the proxy IP is different from the website IP).
Pages which have been accessed previously are cached by the proxy unfortunately, but any new access will be blocked.
Pages which have been accessed previously are cached by the proxy unfortunately, but any new access will be blocked.
Re: House of fail (we got scraped)
Whew. I'm relieved.Andrew Lee wrote:Guys, I am glad to report that it is indeed a proxy, probably with a content modification filter inserted to change slightly the pages it serve.
I made a stupid mistake earlier when I was checking the proxy hypothesis. When a search is performed with no results, the query is not added to the database. Because I was trying to "tag" the queries, the query keywords were ones which didn't return any results, hence the database was not modified. Once I took that into account and starting using keywords with non-zero results, the proxy hypothesis was confirmed.
My YouTube channel | Release date of my 13th playlist: August 24, 2020
Re: House of fail (we got scraped)
@Andrew Lee
What a relief. Thanks for looking into this + hat's off to you SYSTEM..
Let's take auqk.org down.
What a relief. Thanks for looking into this + hat's off to you SYSTEM..
Let's take auqk.org down.
- __philippe
- Posts: 687
- Joined: Wed Jun 26, 2013 2:09 am
Re: House of fail (we got scraped)
Which way: Lawsuit or DDoS attack ? ...I am Baas wrote:...Let's take auqk.org down.
Re: House of fail (we got scraped)
@Andrew: You're their oldest user, it appears.
Re: House of fail (we got scraped)
joby_toss wrote:If the unthinkable happens and TPFC goes temporarily down, how could we still stay in touch (many users aren't even listing an e-mail address in their profiles)? I'm going to say something outrageous now, so please, forgive me: I wish there was a face.book page (or something similar) for this situation (yes, the #portablefreeware IRC channel is still live on freenode, but I lost all rights to it, not sure why)...
- In case it serves for anything, I took the liberty of creating the POTPFC (People Of TPFC) Slack group: http://potpfc.slack.com/...
Anyone can join, email is needed (temporaries are OK), and approval is required.
Re: House of fail (we got scraped)
We have taken some steps in the background to help make sure that the site will continue beyond any one individual. If things do drop off, it's easily possible we'll have a few days or even weeks but we should survive. In the very unlikely event that three people all in different countries who have never met die simultaneously well ... not much we can do about that.joby_toss wrote:If the unthinkable happens and TPFC goes temporarily down...
Ditto.I am Baas wrote:Thanks for looking into this + hat's off to you SYSTEM..
Well it's throwing up a 403 at the moment, I guess because of the proxy steps Andrew took.I am Baas wrote:Let's take auqk.org down.
Wait, what is this?Midas wrote:I took the liberty of creating the POTPFC (People Of TPFC) Slack group: http://potpfc.slack.com/...
Re: House of fail (we got scraped)
webfork wrote:Wait, what is this?Midas wrote:I took the liberty of creating the POTPFC (People Of TPFC) Slack group: http://potpfc.slack.com/...
Re: House of fail (we got scraped)
I can't get in to test. PM me.Midas wrote:Check it out -- Slack is a free web based IM system, getting quite popular ATM, who has apps for Android and iOS...
Anyway, if anyone wants to IM me off-site, I've lately been using the Tox network (i.e. qTox or Isotoxin). Tox ID: F5AD9E8EF1A0087A15E41BF275341C0A8FD205DEE1AA18D3FA848C582CC0181302E9D9221F60
Edit: I was listing an AOL account here but the client I was using evidently stopped working (InstantBird with required encryption).