Site Issues

I’m doing some urgent work on the back end of the site as a result of an unauthorized user.

 

All Frontpagers, you will need to login again on all your devices, and will be forced to choose a new password (do that once on one machine and then you’ll have to use that password on your other devices).






27 replies
  1. 1
    Jerry says:

    Are you guys *finally* busting that Dave Anderson guy? Hopefully y’all can find Richard Mayhew and get him posting again.

  2. 2
    scuffletuffle says:

    Is it the wonky “wonkette” who snuck in?

  3. 3
    Origuy says:

    Was it Freddie? I’ll bet it was. Putin found out he still had access to BJ and paid him off to take us down.

  4. 4

    @Jerry: Damn it… you’ll have to see what’s on the FISA transcripts to find out what happened to Richard Mayhew

  5. 5
    Alain the site fixer says:

    lol. I missed the drama but someone used old credentials and put up some unauthorized content. So we’re hardening things up a bit and expired all accounts and reset all passwords. Back to work – glad to see that it didn’t affect commenters!

  6. 6
    Alain the site fixer says:

    @scuffletuffle: yep.

  7. 7
    SiubhanDuinne says:

    @scuffletuffle:

    Is it the wonky “wonkette” who snuck in?

    What happened?

  8. 8
    Alternative Fax, a hip hop artist from Idaho says:

    @David Anderson: I just hope he’s okay. I loved his “you be the referee” posts.

  9. 9
    martian says:

    I thought John had a kind of laid back policy of letting old frontpagers keep their keys to the joint? Was this someone new?

    Man, I miss all the fun. I only saw something on the Twitter feed about water sources, or something like that.

  10. 10
    dmsilev says:

    Which dog stole John’s password?

  11. 11
    Mnemosyne says:

    Yikes! I missed the drama, but it sounded like it happened either late last night or early this morning.

  12. 12
    FlyingToaster says:

    @Mnemosyne: Midmorning, the autotweet said there was an article with one of those weird chinese spam titles, which disappeared within 10 minutes. Thank goodness.

  13. 13
    kindness says:

    Balloon Juice was hacked! I wonder if it was the Russians.

  14. 14

    @Origuy: We need to do a ranking of all previous BJ frontpagers.

  15. 15
    Mnemosyne says:

    @FlyingToaster:

    I’m on the West Coast, so it was early morning for me. 😄

  16. 16
    different-church-lady says:

    @Alain the site fixer:

    but someone used old credentials and put up some unauthorized content….

    Ah, so it was Freddie.

  17. 17
    Alain the site fixer says:

    No major harm done, I don’t think.

    Good news is: site has a set of stronger salts for stored passwords and the like, stronger password requirements, and all existing users had their login sessions killed and were forced to create a new password on login.

    I suspect that this may mean that longtime-gone previous FPers may not be able to re-login if they no longer have access to their old email account, but that’s likely a benefit, not a burden. Active FPers will notice as soon as they try to login and will let me know that there’s a problem.

  18. 18
    Yarrow says:

    @Alain the site fixer: Thanks for being on top of things, Alain.

    I remember someone (was it you?) saying they kept your password list on Dropbox. I have seen something on Louise Mensch’s Twitter feed in and amongst all the Russian stuff about how either Dropbox was in part created by some questionable Russian coder or maybe has some questionable Russian code in it. Seems like quite a few of the security people have quit using it as a result. Not sure if you’d seen anything about that, but given today’s happenings I thought I’d mention it here. Sorry I can’t remember more specifics.

  19. 19
    scuffletuffle says:

    I’m pissed cause it was the only time my comment has ever been frist…dammit!

  20. 20
    scuffletuffle says:

    Pissed…dammit again!

  21. 21

    @Thoroughly Pizzled:

    We need to do a ranking of all previous BJ frontpagers.

    Freddie de Boring would obviously be at the very bottom.

  22. 22
    FlyingToaster says:

    @Mnemosyne: Aha! Over here on the right coast, I’d just come back from dropping WarriorGirl at school and doing a grocery run. Checked Twitter, clicked the link (because “WTF is that?”), and got the “Sorry, that doesn’t exist” result. Then checked the most recent 2 posts and got the explanation.

    Somebody used their laptop in the wrong hotel, I suspect. Yeesh.

  23. 23
    FlyingToaster says:

    @Roger Moore: And Kay will be at the very top.

  24. 24
    Aleta says:

    A question about privacy and FP people:
    I remember some time back, John talked about how committed he was to maintaining privacy of commenters. I went back and looked and found this: “maintaining the comment structure on my end also means that should the feds or any law enforcement try to gain access to information or IP addresses or anything of the like without a reason I deem valid (someone threatening suicide, etc.), I can kindly tell them to fuck right off and then lawyer up, because they aren’t getting shit from me willingly. I’ll burn everything down before I get it. It’s something I feel very strongly about. That is something that is very serious to me, even for those of you who mock me about the surveillance state.”

    I have the impression that all the FP people have access to this information too. True?

  25. 25
    Aleta says:

    @Aleta: From here:
    https://www.balloon-juice.com/2015/11/19/a-message-from-your-fearless-leader/

    By the way, that post also mentions the site philosophy (2015) about banning and about the freedom to speak one’s mind in comments.

    As you know, we have a fairly open and unrestricted comments section. In order to get banned or a time out, you basically have to start yelling racial or sexist slurs or start making threats. I want to keep it that way. I also want people to feel free to speak their mind. I think it is the best policy, and I think it actually brings out not only the worst at times in a community like this (see the last couple of weeks on site upgrade threads), but it also fosters an environment that can bring out the best in people. As we’ve seen, a lot of you have become friends with each other through this website and that has extended into real life. A lot of good things can and do come out of that sort of openness in a community.

  26. 26
    Mnemosyne says:

    @Aleta:

    I think the FP people can do things like ban IP addresses (since that’s often the only way to get rid of a persistent troll) and they can see the email address you enter for verification before commenting. However, if you use a fake email address for commenting, they don’t have any way to track you down. All the people here (including FP people) who have my email address are ones that I gave it to.

  27. 27
    NotMax says:

    Just a heads-up, Alain, and probably related – the site was beyond pokey for quite a while before the faux posts showed up. Maybe an hour to 90 minutes beforehand. Beyond pokey, actually. Comment pages taking from 3 to 5 minutes to load on the PC.

    For a while there thought it might even be an incipient DDOS attack,

    Mentioned only if you might want to check info in the logs from around that time.

Comments are closed.