I’m doing some urgent work on the back end of the site as a result of an unauthorized user.
All Frontpagers, you will need to login again on all your devices, and will be forced to choose a new password (do that once on one machine and then you’ll have to use that password on your other devices).
Jerry
Are you guys *finally* busting that Dave Anderson guy? Hopefully y’all can find Richard Mayhew and get him posting again.
scuffletuffle
Is it the wonky “wonkette” who snuck in?
Origuy
Was it Freddie? I’ll bet it was. Putin found out he still had access to BJ and paid him off to take us down.
David Anderson
@Jerry: Damn it… you’ll have to see what’s on the FISA transcripts to find out what happened to Richard Mayhew
Alain the site fixer
lol. I missed the drama but someone used old credentials and put up some unauthorized content. So we’re hardening things up a bit and expired all accounts and reset all passwords. Back to work – glad to see that it didn’t affect commenters!
Alain the site fixer
@scuffletuffle: yep.
SiubhanDuinne
@scuffletuffle:
What happened?
Alternative Fax, a hip hop artist from Idaho
@David Anderson: I just hope he’s okay. I loved his “you be the referee” posts.
martian
I thought John had a kind of laid back policy of letting old frontpagers keep their keys to the joint? Was this someone new?
Man, I miss all the fun. I only saw something on the Twitter feed about water sources, or something like that.
dmsilev
Which dog stole John’s password?
Mnemosyne
Yikes! I missed the drama, but it sounded like it happened either late last night or early this morning.
FlyingToaster
@Mnemosyne: Midmorning, the autotweet said there was an article with one of those weird chinese spam titles, which disappeared within 10 minutes. Thank goodness.
kindness
Balloon Juice was hacked! I wonder if it was the Russians.
Thoroughly Pizzled
@Origuy: We need to do a ranking of all previous BJ frontpagers.
Mnemosyne
@FlyingToaster:
I’m on the West Coast, so it was early morning for me. ?
different-church-lady
@Alain the site fixer:
Ah, so it was Freddie.
Alain the site fixer
No major harm done, I don’t think.
Good news is: site has a set of stronger salts for stored passwords and the like, stronger password requirements, and all existing users had their login sessions killed and were forced to create a new password on login.
I suspect that this may mean that longtime-gone previous FPers may not be able to re-login if they no longer have access to their old email account, but that’s likely a benefit, not a burden. Active FPers will notice as soon as they try to login and will let me know that there’s a problem.
Yarrow
@Alain the site fixer: Thanks for being on top of things, Alain.
I remember someone (was it you?) saying they kept your password list on Dropbox. I have seen something on Louise Mensch’s Twitter feed in and amongst all the Russian stuff about how either Dropbox was in part created by some questionable Russian coder or maybe has some questionable Russian code in it. Seems like quite a few of the security people have quit using it as a result. Not sure if you’d seen anything about that, but given today’s happenings I thought I’d mention it here. Sorry I can’t remember more specifics.
scuffletuffle
I’m pissed cause it was the only time my comment has ever been frist…dammit!
scuffletuffle
Pissed…dammit again!
Roger Moore
@Thoroughly Pizzled:
Freddie de Boring would obviously be at the very bottom.
FlyingToaster
@Mnemosyne: Aha! Over here on the right coast, I’d just come back from dropping WarriorGirl at school and doing a grocery run. Checked Twitter, clicked the link (because “WTF is that?”), and got the “Sorry, that doesn’t exist” result. Then checked the most recent 2 posts and got the explanation.
Somebody used their laptop in the wrong hotel, I suspect. Yeesh.
FlyingToaster
@Roger Moore: And Kay will be at the very top.
Aleta
A question about privacy and FP people:
I remember some time back, John talked about how committed he was to maintaining privacy of commenters. I went back and looked and found this: “maintaining the comment structure on my end also means that should the feds or any law enforcement try to gain access to information or IP addresses or anything of the like without a reason I deem valid (someone threatening suicide, etc.), I can kindly tell them to fuck right off and then lawyer up, because they aren’t getting shit from me willingly. I’ll burn everything down before I get it. It’s something I feel very strongly about. That is something that is very serious to me, even for those of you who mock me about the surveillance state.”
I have the impression that all the FP people have access to this information too. True?
Aleta
@Aleta: From here:
balloon-juice.com/2015/11/19/a-message-from-your-fearless-leader/
By the way, that post also mentions the site philosophy (2015) about banning and about the freedom to speak one’s mind in comments.
Mnemosyne
@Aleta:
I think the FP people can do things like ban IP addresses (since that’s often the only way to get rid of a persistent troll) and they can see the email address you enter for verification before commenting. However, if you use a fake email address for commenting, they don’t have any way to track you down. All the people here (including FP people) who have my email address are ones that I gave it to.
NotMax
Just a heads-up, Alain, and probably related – the site was beyond pokey for quite a while before the faux posts showed up. Maybe an hour to 90 minutes beforehand. Beyond pokey, actually. Comment pages taking from 3 to 5 minutes to load on the PC.
For a while there thought it might even be an incipient DDOS attack,
Mentioned only if you might want to check info in the logs from around that time.