This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Messages - Moparisthebest
Oops I still have my pingdom reports for moparscape.org turned on, here is this last month's report:
OVERVIEW: AVERAGE OF ALL CHECKS
Compare that to the last month I hosted it:
OVERVIEW: AVERAGE OF ALL CHECKS
So much for bringing it back...
Also I sent him an email with a link to this post July 26th, so keep tuned for more updates...
I don't think you realize the people who bought the forums never had any real intentions of revitalizing them.
If that's the case, why purchase them? And if it was *really* to just get the moparscape.org domain and to hell with the forums (which he specifically said this was not the case), then I'll just go back to hosting the forums on moparisthebest.com.
It's been a LONG time now since Dr House started hosting the forums, and though he said he'd have these easy-to-fix issues sorted shortly, nothing has been done yet, why not? And when can they be done?
Get to work please!!!! I sold you the forum with the promise of revitalization, not a quick death because you don't want to spend a few hours setting even the basics like email up properly....
New owners appear to have abandoned the forum, so goodbye to moparscape.org and hello https://forum.moparisthebest.com/
Ok guys he is officially hosting the forum now.should i be worried that i had to login again?
No the cookie named changed, that is all.
Dr House is preparing to take over the hosting shortly, probably within the next couple days.
good job basically bricking the site earlier bud with the hpkp header
Interesting, he must have changed the DNS then. But yes, modern browsers who have visited moparscape.org before would have the key pinned and would refuse to connect.
Plot twist: MITB isnt actually hosting the forums still, Dr. House already has control and is posting as MITB to make us feel safe
I said I'd say when I transfer hosting, but you could also verify it by checking the IP of this and moparisthebest.com (the same while I'm hosting), and the sha256 public key pin hash (again, same as moparisthebest.com while I'm hosting, different afterwards). Also check which domains the certificate is valid for.
Has mitb explicitly stated that the payment was received?
Yes, the payment was received and the domain transferred to Dr House the day I posted this thread. I am still hosting the forum for now however.
No way he will do that because it's not an effective way to make a profit on the money he paid. Also if he does that, I'd report him to the FBI.so will you have any say or anything to what he does? Could he, for say, actually install a drive-by and you'd have nothing but to watch what you built be destroyed?So what's the latest news on the deal? When is the merge/switch supposed to take place? Any eta?
So what's the latest news on the deal? When is the merge/switch supposed to take place? Any eta?
I don't have an ETA, just waiting until Dr. House let's me know he is ready. I will announce on this thread when it's going to take place, I expect it'll require an hour or two of downtime.
Moparisthebest: Because he get the code to the forums, he could update the login form to send passwords in clear-text and handle that encryption on the server-side (I assume it's done client-side now). So he could log all username and password pairs easily.
Of course, once he is running it, but the point is that he can't bruteforce any old passwords from people who didn't change it before the switch.
I give a shit about the email and passwords connected to the account
To address these concerns, I have implemented scrypt hashing of passwords in SMF:
This is why you were just logged out and forced to log back in.
Default SMF has all passwords hashed like sha1(username + password), which is using username as a salt which defends against rainbow tables but not bruteforce of course. Therefore I couldn't mass-convert the database to scrypt(password), but I *could* mass-convert it to scrypt(sha1(username + password)), so that's what I did.
I also discovered default SMF stores secret answers as just md5(secret_answer), no salt, which is TERRIBLE, again I mass-converted this to scrypt(md5(secret_answer)). It took about 30 hours of computing time to do this, so I'd say everything is perfectly safe against brute-force recovery.
There is a bug in my smf scrypt implementation I couldn't quite figure out, but I decided it wasn't a show stopper and continued. Now if you change your password, it will be changed successfully, but you'll be logged out with a 'User profile does not exist' error, and you can then log back in with the new password.
Hopefully that adequately addresses concerns and proves he isn't in this just for the passwords, as there is no longer any feasible possibility of him getting them from bruteforce.
If you are curious about the scrypt parameters it uses currently, it's:
N = 32768 The CPU difficultly (must be a power of 2, > 1)
r = 8 The memory difficultly
p = 1 The parallel difficultly
you're selling our private data
Really, which ones? I would have sold them for much less hehe.
I seriously doubt it, and are we forgetting the full database has already been leaked when a certain admin re-used a password?
Moparisthebest: Do you know what plans have been made so far? All I want to know is what ideas are coming to the table, maybe even an introduction of the team would be nice. As of right now not much communication has been sent out as to what is happening other than you sold the forum.
I know I'm running it until he wants to switch over, he said the staff could all stay if they want to, and I know he is making big nice changes to return the forum to it's former glory, and that's about it?
you're selling our private data
What private data? Everything on the forums is public, except your password (protected by scrypt), and your email which is essentially worthless. And you can change both of them at any point right now?
I would prefer to have my account deleted prior to the transfer simply because I don't know who dr house is or his intentions.
Feel free to change your password and/or email, but I think he has nothing but the best of intentions with regard to the website.