******* logging passwords? Just saw this thread over at TAZ

[Amaury]

His PC came back clean so he thinks it was a brute force attempt.

Which means your moderator didn't have a strong password?

 

[Daniel Hood]

Which means your moderator didn't have a strong password?

Judging by the person, their password was probably solid. They just must have used similar passwords in similar places and the slight change got brute forced.

 

[Lisa]

Which means your moderator didn't have a strong password?

What Daniel said

 

[Amaury]

What Daniel said

What Lisa said what Daniel sa-- oh, wait.

 

[SneakyDave]

Judging by the person, their password was probably solid. They just must have used similar passwords in similar places and the slight change got brute forced.

So if there weren't any invalid log in attempts, they guessed the password on the first try? They didn't even try the password ripped from *******'s site, which was allegedly not the same as TAZ?

 

[Sheldon]

So if there weren't any invalid log in attempts, they guessed the password on the first try? They didn't even try the password ripped from *******'s site, which was allegedly not the same as TAZ?

Strange...

 

[Daniel Hood]

So if there weren't any invalid log in attempts, they guessed the password on the first try? They didn't even try the password ripped from *******'s site, which was allegedly not the same as TAZ?

I missed where they said there weren't any invalid login attempts.

 

[Sheldon]

I missed where they said there weren't any invalid login attempts.

From what we can see there are no failed attempts - four wrong guesses would have locked him out, you're right.

 

[Daniel Hood]

Oh.. that makes sense, Lisa said it... I don't read the things that she says

 

[Amaury]

Oh.. that makes sense, Lisa said it... I don't read the things that she says

Now, now, Daniel. Be nice.

 

[Lisa]

Oh.. that makes sense, Lisa said it... I don't read the things that she says

Now, now, Daniel. Be nice.

He was being nice!

 

[TPerry]

More fool those for registering at and using those sites.

I don't know if I would call them a fool @Brogan. I had to register on his site to download the Credits add-on (since it was the only one at that time with the features I needed). Luckily I use (for my important sites) all kinds of weird passwords and on my personal sites I use 2 factor authentication.

 

[Paul B]

You didn't have to, you chose to.

I would never use an add-on from someone like *******.

Granted it wasn't immediately obvious who they were or what they were up to, but since the announcement and banning from here, anyone who chooses to continue to be associated with them in any way...

 

[TPerry]

You didn't have to, you chose to.

Yes, the same way that I "chose" to use XenForo. Based upon feedback that I read from my research here and elsewhere. His add-ons had a decent reputation and performed functions that I needed. At the time I purchased the credits add-on most of what is known now was not known then.

I would never use an add-on from someone like *******.

Hind site is 20-20. At the time nobody knew what he was up to and the problems with his callbacks. I am talking about folks that purchased the add-on before he was banned and all the info came out on him. The only way you could get his add-on was logging in and purchasing it from his site - like a LOT of other add-ons that are available here.

Granted it wasn't immediately obvious who they were or what they were up to, but since the announcement and banning from here, anyone who chooses to continue to be associated with them in any way...

Agreed... anyone that - knowing what is known now - registers there gets what they deserve. But a lot of "problems" were not known about for a while because of the back room discussions that were going on about his behavior and the suspicions of him. It was not common knowledge for a while.

EDIT:
Actually, I had to register an account over there well before any of this was known. I forgot about his profile image add-on that I had purchased. I just count that as money used as TP.

 

[Alpha1]

Just to clear up the discussion about when I registered an account at *******: it was around the time that Borbole sold his addons to ******* last year. So a long time before the announcement. I have never registered an account on ****** or similar.

 

[AdamD]

I realized tonight I have an account at *******s, decided to try and change the email/password to something random, apparently they've disabled the ability to change the registered email....great

 

[TPerry]

I realized tonight I have an account at *******s, decided to try and change the email/password to something random, apparently they've disabled the ability to change the registered email....great

Yeah, I got the same issue... but I simply made a miter that sends all inbound from his domain/ip to > /dev/null since I host my own server email.

 

[Jake B.]

Yeah, I got the same issue... but I simply made a miter that sends all inbound from his domain/ip to > /dev/null since I host my own server email.

That like was for both the post, and your signature... Idea for an add-on "signature likes"

 

[rdn]

So I just uninstalled one Premium Addon from ******* due to possible security issue.
After 1 hour, he released an update: https://*******.com/resources/like-reply-to-view-attachment.22/update?update=1046
Not really sure what's being changed on that update.
I tried to Diff Compare the two version files and a lot has been changed.
I'm not a coder so can't tell if it's really addon fixes and improvement.

 

[Sheldon]

Also interested in hearing from @rafass and @joey_tbf on this.

These two are the staunchest ******* supporters I have seen...

Do you two still feel their add-ons are safe to use?