By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Website Topics - VGChartz got attacked [IMPORTANT]

VAMatt said:

I assume this is why I don't appear to have supporter status. Is that correct?

Correct. Once we figure everything out we will give everyone who has paid for supporter your supporter status back. 



VGChartz Sales Analyst and Writer - William D'Angelo - I stream on Twitch and have my own YouTubeFollow me on Twitter @TrunksWD.

Writer of the Sales Comparison | Weekly Hardware Breakdown Top 10 | Weekly Sales Analysis | Marketshare Features, as well as daily news on the Video Game Industry.

Around the Network

Thanks for your hard work everybody!



Captain_Yuri said:

Idk how hard it would be to implement 2FA on this site but if it hasn't been done already for Admins and such... I'd highly recommend getting that implemented for those that have that level of control.

That depends on how the security is done. Usualy for a 2FA you will rely on a federation (Google, facebook, microsoft etc.) or create your own through such tools as active directory (ADFS from Microsoft) or equivalent. If your users registration is simply a database table with hashed password it would need a security overhaul.



Ode to a masterpiece

2023 so much great game to play, somehow I know I must walk that alley, but don't you feel in disarray, I'll always come back to you Stardew Valley.

EpicRandy said:
Captain_Yuri said:

Idk how hard it would be to implement 2FA on this site but if it hasn't been done already for Admins and such... I'd highly recommend getting that implemented for those that have that level of control.

That depends on how the security is done. Usualy for a 2FA you will rely on a federation (Google, facebook, microsoft etc.) or create your own through such tools as active directory (ADFS from Microsoft) or equivalent. If your users registration is simply a database table with hashed password it would need a security overhaul.

Passwords are all encrypted. But yes, we will look into adding 2FA. 



VGChartz Sales Analyst and Writer - William D'Angelo - I stream on Twitch and have my own YouTubeFollow me on Twitter @TrunksWD.

Writer of the Sales Comparison | Weekly Hardware Breakdown Top 10 | Weekly Sales Analysis | Marketshare Features, as well as daily news on the Video Game Industry.

trunkswd said:
EpicRandy said:

That depends on how the security is done. Usualy for a 2FA you will rely on a federation (Google, facebook, microsoft etc.) or create your own through such tools as active directory (ADFS from Microsoft) or equivalent. If your users registration is simply a database table with hashed password it would need a security overhaul.

Passwords are all encrypted. But yes, we will look into adding 2FA. 

Passwords are encrypted or you are saving just a hash (so people cannot reverse it back to the actual password even if they have access to the database)? 

Encyrpting passwords are not really safe... Most website, servers are not doing that anymore which is the reason why you cannot really "receive" your password but just reset it.

And on VGChartz, there is really no reason to need to have our password encrypted instead of just the hash.



Around the Network
trunkswd said:
EpicRandy said:

That depends on how the security is done. Usualy for a 2FA you will rely on a federation (Google, facebook, microsoft etc.) or create your own through such tools as active directory (ADFS from Microsoft) or equivalent. If your users registration is simply a database table with hashed password it would need a security overhaul.

Passwords are all encrypted. But yes, we will look into adding 2FA. 

I hope what you really mean is hashed instead of encrypted, but either way, at least it's not plain text.

Anyway, thanks for working to sort this out! I imagine this is a bit of a sticky situation and this is probably all (or mostly?) essentially volunteer work, so I really appreciate the work put into fixing things.



I was just getting used to seeing all those black dicks on the home page.



Imaginedvl said:
trunkswd said:

Passwords are all encrypted. But yes, we will look into adding 2FA. 

Passwords are encrypted or you are saving just a hash (so people cannot reverse it back to the actual password even if they have access to the database)? 

Encyrpting passwords are not really safe... Most website, servers are not doing that anymore which is the reason why you cannot really "receive" your password but just reset it.

And on VGChartz, there is really no reason to need to have our password encrypted instead of just the hash.

Zkuq said:
trunkswd said:

Passwords are all encrypted. But yes, we will look into adding 2FA. 

I hope what you really mean is hashed instead of encrypted, but either way, at least it's not plain text.

Anyway, thanks for working to sort this out! I imagine this is a bit of a sticky situation and this is probably all (or mostly?) essentially volunteer work, so I really appreciate the work put into fixing things.

I just asked as I am not sure about how this whole thing works. JLauro says the passwords are hashed and not encrypted. 



VGChartz Sales Analyst and Writer - William D'Angelo - I stream on Twitch and have my own YouTubeFollow me on Twitter @TrunksWD.

Writer of the Sales Comparison | Weekly Hardware Breakdown Top 10 | Weekly Sales Analysis | Marketshare Features, as well as daily news on the Video Game Industry.

trunkswd said:
Imaginedvl said:

Passwords are encrypted or you are saving just a hash (so people cannot reverse it back to the actual password even if they have access to the database)? 

Encyrpting passwords are not really safe... Most website, servers are not doing that anymore which is the reason why you cannot really "receive" your password but just reset it.

And on VGChartz, there is really no reason to need to have our password encrypted instead of just the hash.

Zkuq said:

I hope what you really mean is hashed instead of encrypted, but either way, at least it's not plain text.

Anyway, thanks for working to sort this out! I imagine this is a bit of a sticky situation and this is probably all (or mostly?) essentially volunteer work, so I really appreciate the work put into fixing things.

I just asked as I am not sure about how this whole thing works. JLauro says the passwords are hashed and not encrypted. 

Great :) TY for confirming.



Imaginedvl said:
trunkswd said:

Zkuq said:

I hope what you really mean is hashed instead of encrypted, but either way, at least it's not plain text.

Anyway, thanks for working to sort this out! I imagine this is a bit of a sticky situation and this is probably all (or mostly?) essentially volunteer work, so I really appreciate the work put into fixing things.

I just asked as I am not sure about how this whole thing works. JLauro says the passwords are hashed and not encrypted. 

Great :) TY for confirming.

No problem! I used the wrong wording lol. Sorry to scare anyone. 



VGChartz Sales Analyst and Writer - William D'Angelo - I stream on Twitch and have my own YouTubeFollow me on Twitter @TrunksWD.

Writer of the Sales Comparison | Weekly Hardware Breakdown Top 10 | Weekly Sales Analysis | Marketshare Features, as well as daily news on the Video Game Industry.