Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
01-30-2016, 02:28 AM | #1 |
Registered User
Industry Role:
Join Date: Apr 2015
Posts: 92
|
Was CrakRevenue Hacked?
I got this email today:
Our system has detected that your current CrakRevenue password is rather long. ....... We contact you today, respectfully and kindly, asking you for your cooperation on this. Please kindly change your password when you have a free moment to ensure no future issues! ========= Now, why should i change my pass since is long enough? Was CrakRevenue database compromised?
__________________
webcam.news [@] gmail . com Follow WEBCAMNEWS On Twitter www.webcamnews.com - Latest XXX News |
01-30-2016, 03:07 AM | #2 |
Confirmed User
Industry Role:
Join Date: Jan 2015
Posts: 1,489
|
I don't think they've been hacked. My understanding is they're migrating to new software or a new system. And the password length limit for this new system is 16 characters. If your password is longer than that (mine was), you'll have to change it to a 16-character one in order for them to transfer your record. Nothing to worry about.
__________________
Keeping you abreast of the teens that get undressed. Girls By Location - Couples By Location - Guys By Location - Trans By Location |
01-30-2016, 03:16 AM | #3 | |
Just Doing My Own Thing
Industry Role:
Join Date: Jan 2011
Location: London, Spain, New Zealand, GFY - Not Croydon...
Posts: 24,820
|
Quote:
In fact it's a really bad email..... |
|
01-30-2016, 05:18 AM | #4 |
Confirmed User
Industry Role:
Join Date: Jun 2001
Location: Skype: ravo.fpctraffic
Posts: 5,427
|
Sounds like a phishing attempt, from someone in Nigeria or Indonesia.
__________________
AdultAdBroker - Buy and Sell Your Flat Rate Banners, Links, Tabs, Pops, Email Clicks and Members' Area Traffic - updated May 2024 |
01-30-2016, 05:58 AM | #5 | |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
Quote:
So in essence, your assumption is stupid. The OP assumption has more merit.
__________________
agentGFY *at* gmail.com |
|
01-30-2016, 06:46 AM | #6 | |
She is ugly, bad luck.
Industry Role:
Join Date: Jan 2010
Posts: 13,177
|
Quote:
__________________
↑ see post ↑ 13101 |
|
01-30-2016, 06:46 AM | #7 |
svp get banned svp
Industry Role:
Join Date: Dec 2005
Posts: 1,628
|
ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ
|
01-30-2016, 07:52 AM | #8 |
No, I am not banned
Industry Role:
Join Date: Nov 2003
Location: ChatGF.com
Posts: 5,345
|
Anyone checked if the link is nigerian phishing or or crackrev legit?
__________________
TubeCamGirl.com |
01-30-2016, 07:56 AM | #9 |
Confirmed User
Industry Role:
Join Date: Jul 2013
Posts: 2,726
|
Maybe they hired Mr Konta Tama MANAGER AUDIT AND ACCOUNTANCY DEPARTMENT to run their tech support?
|
01-30-2016, 11:42 AM | #10 | |
Confirmed User
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
|
Quote:
__________________
SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
|
|
01-30-2016, 12:30 PM | #11 |
Confirmed User
Industry Role:
Join Date: Jan 2012
Posts: 122
|
If they know lenght of your password then their database is not crypted..... i hope your password with them is unique in case someone get their hand on database would see your password with decoding anything..
|
01-30-2016, 12:39 PM | #12 |
Too lazy to wipe my ass
Industry Role:
Join Date: Aug 2002
Location: A Public Bathroom
Posts: 38,205
|
i lik short passwords
|
01-30-2016, 01:59 PM | #13 |
small trip to underworld
Industry Role:
Join Date: Mar 2012
Location: first gen intel 80386/nintendo-gb/arcade/ps1/internet person
Posts: 4,927
|
lol hopefully .
__________________
automatic exchange - paxum , bitcoin,pm, payza . daizzzy signbucks caution will black-hat black-hat your traffic ignored forever :zuzana designs
|
01-30-2016, 02:18 PM | #14 |
Too lazy to set a custom title
Industry Role:
Join Date: Dec 2004
Location: Happy in the dark.
Posts: 92,207
|
__________________
Enroll in the SWAG Affiliate Asian Live Cam Program and get 9 free quality link-backs! Get those links up ASAP! --> TJEEZERS.Cam. Setup in 48 Hours max. |
01-30-2016, 11:45 PM | #15 | |
Confirmed User
Industry Role:
Join Date: Feb 2014
Location: Finesse King
Posts: 712
|
Quote:
No, we weren't hacked, and we're sorry if there was any confusion relating to this e-mail. We feared some might think 'phishing' so we did make it a point to say we didn't want you to respond with your password, that we weren't asking your password, and we even gave official instructions on how to make the change via CrakRevenue's official website rather than doing it through a link, for those exact reasons. ---------------------------------------------------------------------------------------- Here's the e-mail you received (in original, full context) ---------------------------------------------------------------------------------------- Well, this is embarrassing. Our system has detected that your current CrakRevenue password is rather long. We are working on modifying some technical things behind CrakRevenue, mainly on how we store data. And the thing is, your current CrakRevenue passwords exceeds the new allowed password char limit. We contact you today, respectfully and kindly, asking you for your cooperation on this. Please kindly change your password when you have a free moment to ensure no future issues! New passwords must be between 4 - 16 characters max. Please note, we are NOT asking you for your password. Please do not respond with your password. We ask that you head on over to your CrakRevenue Profile (crakrevenue.com/account) and change your password to something shorter. That’s all! Thanks for your help on this! ---------------------------------------------------------------------------------------- But yep, if you have a longggg password — the "dude don't hack me bro" defcon level-1 kind — you received this e-mail. Passwords exceeding 16 chars will become problematic in a future update. Think of it this way: it's really no different than any other site dictating how long your password must be when you first sign up. Anyway, sorry for the scare! |
|
01-30-2016, 11:49 PM | #16 |
svp get banned svp
Industry Role:
Join Date: Dec 2005
Posts: 1,628
|
ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ
|
01-30-2016, 11:50 PM | #17 | |
Confirmed User
Industry Role:
Join Date: Jan 2015
Posts: 1,489
|
Quote:
__________________
Keeping you abreast of the teens that get undressed. Girls By Location - Couples By Location - Guys By Location - Trans By Location |
|
01-31-2016, 12:18 AM | #18 |
So Fucking Banned
Industry Role:
Join Date: Apr 2015
Posts: 2,295
|
What a weird email.
Yo crak... you realize that in this thread you shouldn't know the length of password unless you store them insecure. . Right? |
01-31-2016, 02:59 AM | #19 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
I was saying what is true and still is.
There is no way for them to know the length of your password in a hashed form. The explanation also makes no sense because the hashing algorithm will just truncate the rest of the chars, if for example it has an input limit (which im not sure which one does other then the old 3DES from the htpasswd days) it just truncates the rest. For example, if you try to hash a password "12345678901234567890" but it has a limit of 16 input chars, it will hash only first 16 and you can log in with "1234567890123456gjflsagjfksalfjdsaklfjdsaklfjdsak lfsa" if you want, because it will only check for the first 16 chars. Regarding the email, only other thing that could prompt this is if their input form on website now has a limit of max 16 chars, but it was not like that before. So they have your password hashed with >16 chars, and if you tried to login with the >16 chars password now, the input form would truncate it and send it truncated to the database, which obviously would produce a different hash now then the one stored already in the database and you would not be able to log in. So yea, they can't know the length of your pass when its hashed. Ofc, this is if they are hashing them and not storing plaintext
__________________
agentGFY *at* gmail.com |
01-31-2016, 03:13 AM | #20 |
Confirmed User
Industry Role:
Join Date: Jul 2014
Location: Austria
Posts: 521
|
__________________
Get your site reviewed and listed at Porn Sites XXX |
01-31-2016, 03:39 AM | #21 |
VIP
Industry Role:
Join Date: Jul 2013
Posts: 22,105
|
Thanks god it is not the Nigerian Prince.
__________________
|
01-31-2016, 08:03 AM | #22 |
No, I am not banned
Industry Role:
Join Date: Nov 2003
Location: ChatGF.com
Posts: 5,345
|
__________________
TubeCamGirl.com |
01-31-2016, 08:41 AM | #23 |
Registered User
Industry Role:
Join Date: Apr 2015
Posts: 92
|
Crak_Eric i know the original, full context email i got few days ago. I was asking something else in this thread:was database compromised? And now there is a new question: are passwords stored insecure? I mean do you really know the length of my pass? Is it true that if you know the length of my pass, the password is not encrypted in your system?
[later edit] P.S.: Nevermind....
__________________
webcam.news [@] gmail . com Follow WEBCAMNEWS On Twitter www.webcamnews.com - Latest XXX News |
01-31-2016, 09:19 AM | #24 | |
Affiliate
Industry Role:
Join Date: May 2013
Location: Amsterdam
Posts: 370
|
Quote:
|
|
02-01-2016, 12:57 AM | #25 | |
Confirmed User
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
|
Quote:
majority are using md5 encryption with/without salt these days so imho theres not much issue about password length here, as the md5 encrption can take any amounts of characters as input and throws 32 char long string.
__________________
SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
|
|
02-01-2016, 09:47 AM | #26 |
Confirmed User
Industry Role:
Join Date: Sep 2005
Location: Canada
Posts: 9,777
|
Hi guys!
As some of you already know, we're currently migrating to a new a platform. The message you received was indeed from us and NOT a hack. No security has been compromised. We are working on making our old system compatible with the new one and one of the steps is to migrate user credentials into a new setup that has a character limit on the password length. We have a special decryption algorithm + salt that is transferring all of the information and flagging accounts that have passwords over the new limit. At no time has your password been compromised or vulnerable. We're sorry if this scared any of you. The emails went out quicker than expected and our comm team didn't have the time to warn you guys about the upcoming changes. Remained assured that everything is still koscher. Cheers!
__________________
skype: lordofthecameltoe |
02-01-2016, 04:02 PM | #27 |
I have a plan
Industry Role:
Join Date: Aug 2004
Location: Seattle - Miami - St Kitts
Posts: 5,452
|
A whole lot of drama for exactly what now? This is the kind of crap you get when you have so many surfers in a webmaster forum.
__________________
CryptoFeeds |
02-01-2016, 04:30 PM | #28 |
Writer
Industry Role:
Join Date: Feb 2015
Location: EU
Posts: 1,768
|
So... Your password is?
__________________
Trusted by the best porn sites in the world Get in touch with the most experienced writers here. [email protected] | Skype: lettertwenty7 | Telegram: https://t.me/LT7_Digital |
02-01-2016, 04:31 PM | #29 |
So Fucking Banned
Join Date: Aug 2002
Posts: 10,300
|
|
02-01-2016, 08:05 PM | #30 | |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
Quote:
There's no "special decryption algorithms" and the +salt thing also means nothing. You are now just digging whatever you write even more Let me explain you one more thing Hash = something that can't be decrypted. There is no "special algorithm" on that because it's just that, a hash. It can't be reversed. What it can be done is duplicated. Which would mean that you "duplicated" and hashed words of 16+ password lenght, which is so farfetched its insane to even think about. List of Rainbow Tables shows you the size of a rainbow table that has 1 to 10 char lengths. Im pretty sure you dont have the disk space to store rainbow table for passwords with 16+ chars. Furthermore, if you were to try to "crack" the hash of a password for a 16+ chars, im also sure you would never ever hit it. Your remark of "+ salt" also makes no sense. Would have been better if you didnt say anything.
__________________
agentGFY *at* gmail.com |
|
02-01-2016, 08:18 PM | #31 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
Here's md5 of a password with 21 chars
2061bf778a5cb9d7f72c55b09c46ba87 It's not even salted. Should be no problem no? You can do it fast since you probably have thousands of members when you were able to evaluate how big everyone's password is From your answer i see you dont even understand what a salt is, or what is it's purpose. Salt is used to make the redundancy on hashes even bigger. For example. "A" will always give a hash of 7fc56270e7a70fa81a5935b72eacbe29, so someone somewhere might have stored that same hash and saved it as "A", and someone might be able to reverse it by finding it, let's say, on google, or running it through hash breaking algorithms. Salt is invented so that each vendor/software platform could make up their own "salt" that could produce a different hash for "A", so that without knowing the salt, you can't replicate the hashing algorithm. But still, password hashed with or without salt, you CANT KNOW ITS LENGTH. so you were storing them plaintext?
__________________
agentGFY *at* gmail.com |
02-01-2016, 08:26 PM | #32 |
So Fucking Banned
Industry Role:
Join Date: Apr 2015
Posts: 2,295
|
A good excuse would be to say that on initial choosing of password the system stored the number of digits chosen.
Does it really matter though? This isn't your bank... it's an affiliate program. Crak should just say "sorry"... new system won't store passwords going forward. |
02-01-2016, 08:31 PM | #33 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
I don't care since i did nothing with them, it's just funny how from a simple question they dug themselves with this. The more they write, the more you see something's just not right there.
However, if you think there's no problem with someone knowing your affiliate password, you'd be dead wrong. Maybe not if you're 0 hit affiliate. But someone doing xxx$ weekly would definitely care. From knowing your traffic sources, from possible email intrusion, to switching payment methods.
__________________
agentGFY *at* gmail.com |
02-01-2016, 08:32 PM | #34 |
So Fucking Banned
Join Date: Aug 2002
Posts: 10,300
|
run the sky is falling
|
02-02-2016, 12:44 AM | #35 | |
Webmaster
Industry Role:
Join Date: Jun 2004
Posts: 14,295
|
Quote:
|
|
02-02-2016, 01:11 AM | #36 |
Confirmed User
Industry Role:
Join Date: Jul 2014
Location: Austria
Posts: 521
|
You just should not start harmless mails with this.
__________________
Get your site reviewed and listed at Porn Sites XXX |
02-03-2016, 05:32 AM | #37 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
Heh, they saw it's better to let it die.
__________________
agentGFY *at* gmail.com |
02-03-2016, 07:28 AM | #38 |
Confirmed User
Industry Role:
Join Date: Jan 2012
Posts: 122
|
md5 of 64 character password: 44b0786e70c3c1ce5c8edc4ca77f9819
md5 of 255 char password :e3491d81b6b929e6e45c042cbefc212b md5 of 16 char password: a74298e4a259759687e3a5acb2e7ae12 Is crakrevenue storing unsecure password? |
02-03-2016, 08:02 AM | #39 | |
Confirmed User
Industry Role:
Join Date: Dec 2004
Location: Denver
Posts: 6,559
|
Quote:
Crack has stated that they know how long the passwords are (which means they either are storing passwords as plain text in their database, or they have a database schema with a huge security hole). Either way it means their form of password storage is compromised. They've also now said they have a "de-cryption" method which is complete horse shit. If they're storing passwords with a hash method there's no way to de-crypt them. You can figure out what a password is from the hashed version - but it isn't de-cryption - it's a dedicated "guessing machine" that runs the billions of combinations through the hash function until it finds the match. That's not something they'd have the capacity for.
__________________
|
|
02-03-2016, 09:38 AM | #40 | |
Webmaster
Industry Role:
Join Date: Jun 2004
Posts: 14,295
|
Quote:
Programs DBs get hacked on a daily basis, no matter how big you are. The question is what they did with it. Just dumped the email list, login infos or injected some custom written shells into the system for future use. |
|
02-04-2016, 03:00 AM | #41 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
Crickets.
__________________
agentGFY *at* gmail.com |
02-04-2016, 06:12 PM | #42 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
Bump for new age hash decryption+salt!
__________________
agentGFY *at* gmail.com |
02-04-2016, 06:51 PM | #43 |
Confirmed User
Industry Role:
Join Date: Feb 2013
Posts: 929
|
Another bump for the great phrase:"hash decryption+salt" hahahahahahah
|
02-05-2016, 02:07 PM | #44 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
Hi. Can i buy your special hash decryption + salt algorithm? I'd resell to NSA if possible.
__________________
agentGFY *at* gmail.com |
02-08-2016, 05:56 AM | #45 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
Bump for perfect "hash decryption + salt" solution!
__________________
agentGFY *at* gmail.com |
02-08-2016, 06:16 AM | #46 |
So Fucking What
Industry Role:
Join Date: Jun 2007
Location: USA
Posts: 6,289
|
E=MC with a little 2 above the C
__________________
Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny |
02-08-2016, 08:13 AM | #47 |
Confirmed User
Join Date: Apr 2006
Location: El-Kaliman Oasis, West Sahara
Posts: 2,164
|
hi eric do you have icq?
|
02-08-2016, 05:07 PM | #48 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
Imagine this, they are no longer responding :P
__________________
agentGFY *at* gmail.com |
02-10-2016, 11:24 AM | #49 |
Confirmed User
Join Date: Nov 2005
Posts: 2,149
|
You could make a fortune on this guys. Sell the hash decryption+salt thing!
__________________
agentGFY *at* gmail.com |
02-11-2016, 07:04 AM | #50 |
So Fucking What
Industry Role:
Join Date: Jun 2007
Location: USA
Posts: 6,289
|
So were they hacked? Still not sure
__________________
Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny |