Security Breach

Also I thought self-salting systems like argon2, bcrypt or scrypt are current security hashing recommendations though bcrypt is no longer generally recommended but better than sha+salt. But again its not like my bank account info is stored here so not too worried either way.

Yeah, I think the biggest risk is to people that tend to use the same details across sites, if the hashing used was outdated, and could expose their usual combination. I've known some quite senior people who are simply so stressed in terms of mental bandwidth, that they make those kinds of errors, and get "hacked".
 
Joined
Nov 8, 2014
Messages
12,085
With some ISPs, mail from RPGWatch tends to end up in spam folders apparently. Especially Gmail is known to do this. It is kind of hard to respond to people complaining about not having received an e-mail, when they do not check their spam folder, as my response ends up there as well.

If you can't recall having ever received an e-mail from RPGWatch because of a PM you have received, the mails probably ended up in your spam folder.
 
Joined
Aug 30, 2006
Messages
11,223
If you can't recall having ever received an e-mail from RPGWatch because of a PM you have received, the mails probably ended up in your spam folder.
Afirmative to this and I can assume many of those people have your spam file hidden like mine was. A simple google search found out how to show the spam folder.

Thanks you Myrthos for your patience and helping me get my status back.
 
Joined
Oct 18, 2006
Messages
1,397
Location
USA-Michigan
Someone uses an e-mail adress of mine which I used so long ago for registering here to distribute trojans.

The 2 copies I received sound as if the person distributing them is infected with Emotet or something similar : they sound quite sophisticated.

More about that there and below that : https://www.rpgwatch.com/forums/showpost.php?p=1061557333&postcount=347
 
Joined
Nov 5, 2006
Messages
21,908
Location
Old Europe
Spoofing the sender’s email address is not that difficult. Anyone can do it. Providers using DKIM is the only way I know off that would allow the mail to be flagged as SPAM as the email with the spoofed email address doesn’t have a valid key. Obviously this only works if both gmx (in your case) and the receiving party use DKIM.
 
Joined
Aug 30, 2006
Messages
11,223
With some ISPs, mail from RPGWatch tends to end up in spam folders apparently. Especially Gmail is known to do this. It is kind of hard to respond to people complaining about not having received an e-mail, when they do not check their spam folder, as my response ends up there as well.

It is weird - that every RPGWatch email ends up in SPAM ... I say 'Not Spam' and the next one lands back there again ... and again and again. Ugh. Given the general accuracy of Gmail for me and total responsiveness to when I say 'not spam' in EVERY other case, I'm not sure what it is about the RPGWatch header that gets the emails flagged?
 
Joined
Oct 18, 2006
Messages
14,932
Might be data center. Would need to examine Google logs to see decision tree.

It is weird - that every RPGWatch email ends up in SPAM … I say 'Not Spam' and the next one lands back there again … and again and again. Ugh. Given the general accuracy of Gmail for me and total responsiveness to when I say 'not spam' in EVERY other case, I'm not sure what it is about the RPGWatch header that gets the emails flagged?
 
Joined
Oct 20, 2006
Messages
7,758
Location
usa - no longer boston
I don’t know either what it is, I don’t use gmail.
The header should mention what contributed to the mail being flagged as spam, perhaps you can send me that information. It is usually a list of abbreviations and numbers.
 
Joined
Aug 30, 2006
Messages
11,223
Is there any chance that when the site was hacked, they pwned the mail server and conducted some mischief with it?
 
Joined
Nov 8, 2014
Messages
12,085
Is there any chance that when the site was hacked, they pwned the mail server and conducted some mischief with it?
No, that didn't happen.
I received a google mail header and I can see that the mail passes SPF, DKIM and DMARC checks. So the Google mail server knows the mail is from a source that actually sent the mail. Yet, it still flags it as spam. It might be that RPGWatch is blacklisted by Google.
 
Joined
Aug 30, 2006
Messages
11,223
Well, forum performance is still abysmally bad.
It really is, ever since the server move back in late November. I've started visiting the site a lot less often than I used to because of how aggravatingly slow it is.
 
Joined
Sep 26, 2007
Messages
3,444
Yeah, there's definitely been performance issues since the switch. Some page loads happen quite quickly, but others I click and wonder if it's going to time out.
 
Joined
Nov 8, 2014
Messages
12,085
I have multiple pages open. I refresh them all at once. By the time I get to the last one, the first one is ready to read. :)
 
I have multiple pages open. I refresh them all at once. By the time I get to the last one, the first one is ready to read. :)

So it's you, hammering the server! :p
 
Joined
Nov 8, 2014
Messages
12,085
Back
Top Bottom