[X] My Assistant

Well, as always, keeping same passwords in multiple services or otherwise easy to guess password is very bad idea. Because people tend to do that it is also good idea to sometimes remind them about that.

Hence, the wonderful existence of services like LastPass and its brethren. Nothing quite like a 20-character ahphanumeric+special characters password to keep the paranoia at bay.

Although, I'm hearing interesting things about Steve Gibson's SQRL project, so probably should watch that as well...

Due to a large increase to the number of brute-force login attempts against member accounts, there have been some hardening changes made to the login mechanism to thwart this. For most of you this will never come into play, but if you fail multiple login attempts or connect from what the site considers a suspect IP, you will now also have to solve a captcha for every login attempt. Hosts that fail a large number of attempts may be shut out entirely.

Note that if you are using a weak password, one that closely resembles your login username, or one that you've reused on other sites, you may want to change it just to be safe.

uhhh wait, maybe some noob questions:

1. What is brute-force login?

For most of you this will never come into play, but if you fail multiple login attempts or connect from what the site considers a suspect IP, you will now also have to solve a captcha for every login attempt.

2. How long this will be, I mean the captcha? And is it depends on the IP address?

Hosts that fail a large number of attempts may be shut out entirely.

3. What does it means? If someone failed several times to login, s/he may get banned?

uhhh wait, maybe some noob questions:

1. What is brute-force login?

There are various ways to crack passwords. You can use what's known as a dictionary attack (which uses a list of common passwords), or you can just start guessing from 'a' and make your way through to 'zzzzzzzzzz' and beyond. As you can see, the second method employs no subtlety; hence the term brute-force (think of it as taking a hammer to the lock to bash it open - or a gun to shoot it open - instead of using lockpicks).

2. How long this will be, I mean the captcha? And is it depends on the IP address?

I think this one is best fielded by TenB. But I suspect the IP thing will only proc if you normally log in from Melbourne, VIC and suddenly one day you're trying to log in from Lagos. Or Nanking. Which could be slightly problematic for anyone who normally uses a VPN and forgets one day.

3. What does it means? If someone failed several times to login, s/he may get banned?

I suspect the IP (range) will be blocked for a period of time.

i just changed my password today, better safe than sorry
then again, i cant access h**p://ehentaihip.com/ for some reason
this words show up:
Your IP address has been temporarily banned for excessive pageloads ... and bla bla bla
wonder if mine has already compromised o.O

I just hope my IP holds up as the modem-system that it runs on is a floating one that was designed to be a counter to this sort of 'brute-force' entry-thing in the first place. Other than that, thanks for the heads up.

With thanks to the reinforcement.
What about moving the forum site to HTTPS?

i just changed my password today, better safe than sorry
then again, i cant access h**p://ehentaihip.com/ for some reason
this words show up:
Your IP address has been temporarily banned for excessive pageloads ... and bla bla bla
wonder if mine has already compromised o.O

Your password not, but your IP is somewhat "compromised".

This post has been edited by penuser0: Feb 22 2015, 12:12

What about moving the forum site to HTTPS?

Already works: /

Given that the authentication takes some time the brute force attacks must have been very directed, i.e. they must have known the password (or a likehood of the password) from another source. I cannot find a hash of my password in my cookies so there must be some salt on EH side. I do not believe that whoever got the passwords got some hash to compare against.

My theory, supported by certain access and brute forcing patterns as well as honeypot triggers, is that people were compromised by signing up at a certain para-site that starts with an N. Though there could be other sources as well, and the background login attempt fail noise is still around a hundred per minute even after adding the hardening.

BTW Tenb, when you change your password do all your sessions are invalidated? The session time on EH is quite long (i never managed to expire it myself, i always cleaned cookies) therefore someone that managed to get hold of an account may open a session and use it for a long time.

Should be when you visit them, but the systems aren't fully integrated so it doesn't happen automatically.

2. How long this will be, I mean the captcha? And is it depends on the IP address?

If it does trigger it, until the system is reasonably convinced that the IP isn't used for brute forcing attempts. Which depends on a number of factors.

My theory, supported by certain access and brute forcing patterns as well as honeypot triggers, is that people were compromised by signing up at a certain para-site that starts with an N. Though there could be other sources as well, and the background login attempt fail noise is still around a hundred per minute even after adding the hardening.
Should be when you visit them, but the systems aren't fully integrated so it doesn't happen automatically.
If it does trigger it, until the system is reasonably convinced that the IP isn't used for brute forcing attempts. Which depends on a number of factors.

Uh, hi. So I haven't really followed what has been going on because I am not very active on the forums here; however, I do a lot of file hosting for H@H because I don't have to worry about monitoring it and stuff. Yesterday I realized I couldn't access g.e-hentai because it states that my account does not exist on that site. However, I can clearly log in here and the main site. Is this an issue unique to my account or are other people having this issue as well?

Uh, hi. So I haven't really followed what has been going on because I am not very active on the forums here; however, I do a lot of file hosting for H@H because I don't have to worry about monitoring it and stuff. Yesterday I realized I couldn't access g.e-hentai because it states that my account does not exist on that site. However, I can clearly log in here and the main site. Is this an issue unique to my account or are other people having this issue as well?

Well, it clearly exists and still works, try clearing all the cookies and see if that fixes it.

Well, it clearly exists and still works, try clearing all the cookies and see if that fixes it.

I have tried this twice already
I can try again I suppose.

Just cleared and still no luck. ;~; Gotta head to work i'll check back after~~

This post has been edited by pencil1: Feb 22 2015, 16:16

China; they're coming for our hentai money!

The Chinese! I knew it was them. Even when it was the Nips, I knew it was them!


This whole thing is hillarious by the way.

I'm surprised. I'm a little bit confused. I wonder if it is possible to steal the Bitcoins from the E-Hentai accounts. I mean, everything else is just of virtual worth.

I'm surprised. I'm a little bit confused. I wonder if it is possible to steal the Bitcoins from the E-Hentai accounts. I mean, everything else is just of virtual worth.

Not possible from member's account. Bitcoins in the e-hentai wallet can't be used for anything else apart from donations afaict.

This post has been edited by LostLogia4: Feb 22 2015, 19:04

I'm surprised. I'm a little bit confused. I wonder if it is possible to steal the Bitcoins from the E-Hentai accounts. I mean, everything else is just of virtual worth.

There is no way to do that. Even if you hacked the server, it's a watch-only wallet so it doesn't have the private keys needed to do so.

I know this is old news, but I just logged in through the main page (e-henta.org) and monitored it. It is pretty cool, it forces my browser to redirect the request with the same login fields to / .

I could figure out most of what is happening in the conversation between forum.e-hentai.org , e-hentai.org and rapidssl-ocsp.geotrust.com , yet am struggling to figure out the reason to talk (in SSL) with 179.60.192.3 . I guess that's the tweeter feed as it points to facebook ( edge-star-shv-01-cdg2.facebook.com ) but am not sure. Does the tweeter feed use SSL?

(sorry i never used the tweeter API)

Not possible from member's account. Bitcoins in the e-hentai wallet can't be used for anything else apart from donations afaict.

There is no way to do that. Even if you hacked the server, it's a watch-only wallet so it doesn't have the private keys needed to do so.

Thank you for your answers to lessen my confusion.

I could figure out most of what is happening in the conversation between forum.e-hentai.org , e-hentai.org and rapidssl-ocsp.geotrust.com , yet am struggling to figure out the reason to talk (in SSL) with 179.60.192.3 . I guess that's the tweeter feed as it points to facebook ( edge-star-shv-01-cdg2.facebook.com ) but am not sure. Does the tweeter feed use SSL?

rapidssl-ocsp.geotrust.com is your browser checking if the certificate is revoked. But there is nothing on the site that would make you talk to Facebook, and the Twitter feed communication is all done on the backend. I'm guessing that's some kind of browser function or plugin. Could be the new Firefox share/social function, which I couldn't turn off fast enough.

I mean, everything else is just of virtual worth.

1 hath is worth 3c or 0.20 yuan. A cheap meal in China costs 100 hath.

Just a quick update to my earlier post. I tried logging back in after work and it seems to work now.