Earlier tonight one of our administrators accounts was broken into and used maliciously. Around 500 manga were re-tagged and had most of their information vandalized. But outside of the one administrator account and the manga corruption, no private information was lost. A post was made on the front page by the perpetrators outlining their reasons for doing so, which revolved entirely around me. They made some good points. I could be a better administrator and I still have a lot to learn, but I have and will continue to do my best to keep FAKKU online and
mostly stable.
The administrator's account was broken into because they were using the same password for FAKKU that they were using elsewhere. When a website stores your password it encrypts it inside of the database, most often using md5 encryption. The problem with md5 is that it's widely used and once the encrypted form of the password is known you can easily look up the reverse and figure out common passwords. This is why websites prompt you to choose passwords with numbers, special characters, and uppercase letters.
Up until now FAKKU was using md5 encryption (which was left over from phpbb, the CMS FAKKU was originally built on). But from now on we will be using a form of
salting along with
bcrypt to secure all user accounts so that their passwords (if they are ever compromised) cannot be figured out using a reverse md5 lookup. All you have to do is login to your account and change your password, and you should take this opportunity to make sure it's something secure (fakku123 is not a good a password to use).