They can already see your password? Is this true for all torrent sites? I thought everything is supposed to be encrypted, and passwords couldn't be seen.Quote:
Originally Posted by Melvinmeow
Printable View
They can already see your password? Is this true for all torrent sites? I thought everything is supposed to be encrypted, and passwords couldn't be seen.Quote:
Originally Posted by Melvinmeow
All torrent sites encrypt your password by default if they are using TBDEV. The option has to be manually removed as it was in this case from what I've read.
Quote:
Originally Posted by Rugmuncher
there is so much wrong with this that i dont even know where to start. Why in hell would you edit source code to even take out the hash to even store this in plain text.:ermm:
if it is fixed now i would not put it past them that files were changed so that it stores then in plain text and in hash/md5.. Just shows again not to trust this site.
Also you dont need log.php to see this info, all you would have to do is set up a section in userdeatils.php and set it to sysop class or what ever class and you can see passwords if in plain text, you could also have a search script where all you have to do is search a users name and it tells you password. So again such a bad idea and proves site cant be trusted.
Quote:
Originally Posted by mforcexThey can already see your password? Is this true for all torrent sites? I thought everything is supposed to be encrypted, and passwords couldn't be seen.Quote:
Originally Posted by Melvinmeow
No this is not true. All trusted sites would never do this. As of right now i only know 1 site that has ever done this or tried this and it is RTS.
wild
You have got to be kidding me... so at any time, an admin can turn off the encrypt feature and check out your password?Quote:
Originally Posted by benchez
This can't be... I mean... I thought ALL websites encrypted passwords, torrent site or not.
EDIT:
Do you guys use a unique password for every website, a few passwords, or one password?
Quote:
Originally Posted by mforcexYou have got to be kidding me... so at any time, an admin can turn off the encrypt feature and check out your password?Quote:
Originally Posted by benchez
This can't be... I mean... I thought ALL websites encrypted passwords, torrent site or not.
No you would have to remove the the md5 hash code and change this to save as plain text. All torrent source codes use md5 hash
I use a different password on ever site, and you should also.
Wild
Quote:
Originally Posted by wildbytes
This is actually the second time a site has stored passwords as plaintext. I cannot remember the name of the first site to do it, but I do remember that they used the plaintext passwords to access the members' accounts at another tracker, and leeched from those members' accounts.
The information is on TPG, but since it is currently down, no one can reference it.
The ONLY reason to store plaintext passwords is to allow the Site Operators access to similar accounts on other trackers. PERIOD...
its funny... I would be able to forgive rts but since RTS the member here at FST and staff at RST has not respond in defense since the first page. it is just making them look as guilty as many other members here say they are.... I will no longer be using RTS.
I think all that had to be done, was to explain from the beginning. So if the passwords where plain text for 2 days, why say they never where?
Well, it's just word for word.Quote:
Originally Posted by seppypom
Melvinmeow said the passwords were in plaintext.
RTS said the passwords were always encrypted.
I think, like wild said, we should just use different passwords at all sites just to be 100% sure.
I did code for RTS for a bit when the site started, and I saw nothing wrong with the user authentication system as they were using the default TBDev system (MD5 encryption). And because of this, I have to defend RTS. (BTW, IRC passwords are not encrypted, that's why there's a note saying that you should use a different password than the site password)
I'm not sure why you guys think that the staff members are untrusted and are account 'stealers'. I've personally been in contact with them and know that they have absolutely no motive to steal others' accounts as they already have 'good' accounts in most torrent sites. Why wouldn't they? They have seedboxes, and axx too.
I'm not even sure how, and I mean, the technical details, on how melvinmeow came to see that the passwords were not encrypted. So, if you can PM me melvinmeow, that would be great. Same goes with wild, where exactly did you hear that RTS is untrusted from? If you can explain that to me in PM, that would be nice too, because I'm seriously lost on why you guys think that RTS is untrusted.
Personally, I don't think RTS can do anything in response.Quote:
Originally Posted by gish
As I said before, it's just word for word. Melvinmeow's against RTS'.
How about melvinmeow PM's me on how he read these logs of plaintext.
If he can't come up with it, well ill just post and confirm that he didn't gain access to the rts box.
IMHO; melvinmeow is creating social rubbish to put down a troubled torrent site..
Should I post the attacking IP's? ;)
i guess you were checking another siteor you just want to talk shit about the tracker because it's being run by former traders ,Patriot foreve never changed his pass or resetted it at RTS by any means ,i guess either you don't know what you are talking about or u are just imagaining alot of things lately because i dare you to get me any log showing me changing my password there and i am talking about tracker passwoird not irc passwordQuote:
Originally Posted by Melvinmeow
first of all ,i don't think that a (Respected ComRep) should talk about another staff with that low language ,some of their staff were former traders but taht doesn't mean that they are cheaters or a**hoiles as u sayQuote:
Originally Posted by Melvinmeow
i guess you and some others just can't accept the fact that there is atracker which is being run by former traders and unfortunately some think that that tracker must be terminated and removed by all means necessary
patriot foreve did alot of huge reviews including reviews to scn,rts,el-sl,danishbits and alot othersQuote:
Originally Posted by OmaRin0
Patriot foreve has nothing to be shamed of because he knows that RTS staff are all trusted members and would never do anything to jeopardize any member security like what others do by passing your info,ip,details,mails globally to other trackers
Patriot foreve was the one who refused to co-operate with atracker who offered him almost anyhelp that he could need along with ability to get him some other accs he may need for giving up some trader's info because he is loyal and he can be trusted and hundreds who dealt with me know exactly how patriot will never do anything or pass any info to anyone else
Secondly:The RTS Server Adminstrator confirms that all members details are encrypted so i am willing to take aword from someone who is in the tracker and maintains it always than someone who just want teh tarcker down because it's run by former traders
pECi don't start your personal vendetta shit with me here ,Alot of members here knows me well and alot of them trust me and they know excatly how fair am i ,, Patriot foreve is avip in alot of trackers and communities and he critizie alot of themQuote:
Originally Posted by pECi
at least i am not aformer trader like you who just decides to declare war on all traders after he finished getting what he want ,banning them although he was one of those traders b4 and traded his way but after he was an admin to some tracker ,he just forgot everything and start banning because he likes the power
at least they returned back and said that it was something else because they respect their members and that their members should know the truth about what really happenedQuote:
Originally Posted by Alien5
what RTS staff can say more than that all the passwords are encrypted ,their server adminstrator confirmed that and he asked where that news came from and asked to pm him ifQuote:
Originally Posted by benchez
check the following posts
http://filesharingtalk.com/vb3/p-rts...94/postcount70
http://filesharingtalk.com/vb3/p-rts...27/postcount72
http://filesharingtalk.com/vb3/p-rts...89/postcount89
http://filesharingtalk.com/vb3/p-rts...20/postcount90
unfortunately some want to bring RTS down by all means necessary because they don't want atracker which is run by former traders from here to become asuccess
The tracker is being ddosed hourly ,from my point of view if that tracker was left for only 6 weeks without being attacked with that rate ,you woulkd see avery successful tracker but unfortunately soem want it down by any means
arsehole, and I think 10, 000 agree ;)
who are u talking to or what are u talking about?Quote:
Originally Posted by benchez
Quote:
Originally Posted by Patriot foreve
Again many many torrent sites get ddosed every day. we have been getting ddosed for over a year. Some days just much worse. But you learn to filter the attacts untill they learn and change there ways and start again.
There is not 1 tracker that is worried about RTS. Only thing people are worried about is who is running the site and what are they up too. See some people might think JA and others are trusted but thats only FSt members as they have done many trades and giveaways. But the rest of the torrent world puts them in a class of untrusted and unwanted everywhere. I can go on and on but i wont. To me its a risk to be there but if you really want to be use MAKE SURE TO USE A DIFFERENT PASSWORD.
I dont give 2 shits if it makes it or fails.
Wild
Think about poor old TorrentBytes. They have had their fill this year, and have been attacked more than any other tracker.
I think RTS is getting off lightly in the DOS stakes.
http://filesharingtalk.com/vb3/p-rts...92/postcount91
Being ddos'es isnt a think anyone other than the sites admin & the attackers themselves can control. Asking for 6 weeks is kinda funny cause if these people are attacking the site they are doing so for a specific reason. I doubt they would stop attacking it for 6 weeks just because you asked them nicely to stop.
Your password was changed. I confirmed this by checking your passhash ;)
(Yes I did say passhash. They are using encrypted passwords... Cannot confirm since when... But I know they are now encrypted.)
You are correct with my wording... Im sorry for calling them assholes.
I could have come up with a better (non-understandable to many) word or kept my comments to myself. (Also notice I said MOST I did not say ALL) ;)
I can accept the fact that theres a new tracker. I could care less open 10 trader trackers for all I care. 10 trackers with traders means theres 10* more posts for traders to look through for their trades. Doesnt effect me in any way since accounts on my site are RARELY traded. And if they are Traded 99% chance they get banned. So not sure what a new trader tracker would have to do to be a conflict to me really...
Why are you talking about Patriot as if you were talking about Bob the people greater from walmart? Your referring to yourself should all those comments saying "Patriot Forever" be replaced with "I"??
Wont comment about Peci cause I dont really know all that much about him to comment on TBH.
I am in no way trying to bring RTS down as you suggested. I could care less. Stay up, Go down, rename your site, open a online mini mart... makes no differance to me. Not sure what would make you think I was soooo wanting RTS to be closed or whatever. The Reason I posted about the passwords to begin with was due to the fact THEY SAID THE SITE WAS HACKED. Which case I merely suggested users should change their passwords for the obvious reasons... TBH if my site was hacked I would suggest the same exact thing to my own users.. I am very much for keeping users informed on anything that may effect their account. Example:(*'s are replacing the password.) This pm gets sent to any user if someone attempts to login to their account with the incorrect password. Example2: I also sent a mass pm to users about a week ago regaurding someone who was trying to hijack multi accounts instructing users to change their passwords. (I do not have this pm anymore to post exactly why it said. But if any users from FST remember seeing the PM I sent regaurding this they can comment to confirm I really did send it.)Quote:
Somebody with *.*.*.* just tried to log in on your account using the wrong password!
In closing I would like to comment...
I was given a ftp login to check the source code on RTS this morning. And after myself going through their sites code. I can now STATE that their site follows any normal torrent sites methods of encryption and the storing of passwords.
I do not know if this was changed recently or even on Day2 of their site being open... Regaurdless if you have any questions about your password on their site... change your password today and you should be fine.
P.S. To cover my ASSets so to speak... I took this snapshot to confirm that the ftp login they provided me does not work. (Just in case their site crashes or gets deleted or anything. I cannot be blamed.) Also I blurred out their sites name/ip in the flash window to keep it anonymous.
http://tophos.org/bitbucket/rtssnapshot.JPG
^^ Notice the time there and the time of my last edit. ^^
I think the issue has been resolved now.
I have talked to melvinmeow personally, and I think it's time to lock the post before it becomes a flame war. If anyone would like to add anything, you can PM me and I will unlock it.