Xepher.Net Forums

Xepher.net => Announcements => Topic started by: Xepher on June 13, 2007, 11:42:06 am

Title: Account Verification Time!
Post by: Xepher on June 13, 2007, 11:42:06 am
It's that time folks! In preparation for the server move, it's time to find out what accounts are still active. The following email was just sent to every non-locked account on Xepher.net If you are a phase 2 user and had a forwarding email set up, the email was sent straight there, with an extra bit on the link to save you from having to reverify your email. (As such, use the link in your email, not the one below.) For everyone else, the email went to your account here on Xepher.net, which (according to the rules) you should be checking occasionally, if you're not using forwarding. Of course, I know a lot of people don't, and will thus miss the message. :-P That's why I'm posting it here.

Dear Xepher.net User ($username):
As you may be aware, I am preparing to move Xepher.net to a new physical server. The current server is overloaded, and because of this, many things run slower than they should. Likewise, the storage capacity is nearly maxed out, meaning I can't accept new sites. The new server should be many times faster, and have nearly one terabyte of storage, hopefully giving us years of spare capacity before it needs replacing.

As part of the moving process, I am cleaning out dead/unused accounts, as well as collecting definitive information from each user in order to facilitate easier administration. Mostly, I'm looking to collect a valid contact email address, basic information about your site, such as description, title, and type of content. Also, you'll be asked to set a new, secure password. Several users have had their accounts comprised in the past because they used easy-to-guess passwords.

Some of the benefits of the new system will include:
   Easy access to site/user preferences. You'll now be able to easily change your password, setup email forwarding, change your description. Phase 2 users currently enjoy this, but now it will be extended to all users.
   New email system and spam filtering. The spam filtering system will now be trainable. After the first few messages are trained, most email will be automatically classified and dropped straight into Junk or the Inbox. If the filter is unsure of something and needs you to double-check it, it will deliver the message to a folder called 'Unsure' Users will have folders named 'LearnAsSpam' and 'LearnAsHam' in their account. Simply moving a message into either of these folders will train the spam filter, and automatically redeliver the message to the Inbox or Junk folder as appropriate. Additionally, users with their own domain names hosted here will have the option to setup multiple email accounts, and choose specific delivery options for each.
   New newsbox system in the works. This will probably come sometime after the new server is in place, but tentative plans call for each user to be able to set image-based 'ads' that will be rotated in the newsbox on all Xepher.net sites, rather than the text-only 'featured site' currently in use. Additionally, the newsbox code will be changed to javascript, so that it no longer requires the use of php, and can be used/previewed properly on your local computer before upload.
   A lot of behind the scenes changes will go into place as well, making it easier for site administration, and to greatly enhance security and performance.
For more information, and to keep up to date with the status of the transition, please visit the forums.
That said, and if you wish to continue using your xepher.net site, please visit the following URL and complete the account verification process. If you no longer use your account, or have received this email by mistake, simply ignore this message and you won't be bothered again.


If the above line/link is broken into two lines, you may need to reassemble it and then copy/paste into your browser.

Thank you for your time,

P.S. Feel free to contact me with any questions or feature requests for the new system, or if you have problems with the verification process.

If you didn't get the email, had the wrong address set, etc... Just follow the direct link to https://xepher.net/account-verification/index.php and follow the instructions. For those of you that have forgotten your passwords (shame on you!) email me with your username and what you'd like it set to for now.

I'm going to give this about a week or two, and then I'll start locking unverified accounts. That usually gets people's attention. After that, I'll give it another couple weeks (or more) before the actual move, in order to let the stragglers catch up.

Oh, and sorry the whole thing looks so ugly. It's one of the most kludged together pieces of code I've ever written. If you manage to break it (or think you might have), don't hesitate to let me know.
Title: Re: Account Verification Time!
Post by: griever on June 13, 2007, 01:35:45 pm
How long should it take the verification email to get to us after we fill out our details?  I filled out one an hour or so ago? from your email notification and no verification with login information email sent. 

I thought I did something wrong, or was not remembering things right.  In a mistake, I clicked the link in your post, got a new hash string, and it said an email had been sent with the new URL, but I checked my account and nothing, not even in the spam folder.

I copied and pasted the string onto the end of the old URL and filled out the form again, but I also did not get a return email either.  Are you getting the information or is this some kind of bug?
Title: Re: Account Verification Time!
Post by: reinder on June 13, 2007, 05:07:59 pm
It's not working for me either. Nothing in my spam box, nothing in my inbox.
Title: Re: Account Verification Time!
Post by: dragyn on June 13, 2007, 05:57:44 pm
Same here.  Filled out the form, but didn't receive an email.
Title: Re: Account Verification Time!
Post by: Databits on June 13, 2007, 08:14:21 pm
Just outta stupid curiosity, how many of you use hotmail?
Title: Re: Account Verification Time!
Post by: Xepher on June 13, 2007, 09:20:48 pm
Note: I am an idiot. I had the actual "send email" bit of code commented out at one point during testing. I uncommented it and saved, but that save never got synced to the server's file. Thus, everything was operating normally EXCEPT it wasn't sending emails. So sorry!

Griever: Yours completed and went through fine. In fact, it somehow let you go back and do it again (you changed from Chanpuru.org to Chanpuru for the site title.) That actually alerted me to fix the fact it allowed duplicate entries. The final email you didn't get merely included your username and password and a note you'd probably get another once the actual transfer was done. It's kind of a pain to resend that, so if you're okay just remembering your password, you're not really missing anything. (And if you forget your password, you know where to find me.)

Reinder and dragyn: You both were at the initial verification of address stage. If you just go back and try again, it'll generate a new email and should work this time. If it doesn't, let me know... feel free to pester me on IM or email if I'm not on the forum soon enough.

Data: I've been talking with you on IM, we'll solve it there. (Hotmail sucks!)
Title: Re: Account Verification Time!
Post by: reinder on June 13, 2007, 10:13:50 pm
Oh, great. Another new password to forget repeatedly. How many dictionaries did that cryptographic strength checker test again?

(and then after all that effort, it emails me the password in clear text. Ah well. That at least gives me something to save in my Gmail archive, the password to which I won't be spreading around because I don't remember it.)
Title: Re: Account Verification Time!
Post by: griever on June 13, 2007, 10:39:14 pm
Ah, okay, thanks, Xepher and glad to have helped out.  I've actually been meaning to change my password to the one I picked, but I just haven't yet.

Databits: I use gmail.  Want to come over to the dark side?
Title: Re: Account Verification Time!
Post by: Xepher on June 13, 2007, 10:50:02 pm
I know it seems strange to give you a plaintext copy when a semi-strong password is required, and I do know it's a pain to remember... which is why I'm sending plain text copies and asking for a valid email. There will be automated systems in place to let you have your password emailed to you if you forget it. The problem I'm fighting against is not that people will hack your local computer or your gmail account and from there, find a copy of your password and THEN break into your account here. That's the sort of attack likely in a normal corporate/network environment. The problem here is that 2/3rds of the attacks I see against the server are brute-force attacks against basic services such as email and SSH... basically throwing a dictionary against the door. The matter is complicated because these are often done by botnets with a hundred different IPs, and against real account names. Thus, I can't reliably ban by IP, and if I locked an account for X number of failed logins, every legit user would be locked out in a matter of minutes. My only options are to require passwords that can't be guessed by the dictionary attacks, or to require an even more esoteric system of public/private keys... and the latter would only work with SSH, since email doesn't support key-pair authentication.

Oh, and it tests against about 2.4 million "words." That doesn't mean you can't use those words, just that you can't use an easy combination of them. It passes a short sentence-like phrase such as "BigHairyMonkey" with no problem, even though the words involved are some of the easiest/simplest ones in the dictionary. 2.4 million is quick enough in computer terms, but 2.4mil^3 is something around 14 quintillion. An attacker would have to try 4.8 billion per second to crack it in a full year. Given that it won't allow more than one try every second, it would take about 438 billion years, or roughly 31 times the age of the universe. If he tried just letters alone (rather than whole words) it would be over 1 septillion possibilities... I'm not even going to do the math on that! Point is, a seemingly simple phrase is more than enough to defeat these brute force attacks. The situation would be completely different in an office environment, where people could have clues about you and your possible password. If you had a bunch of king kong figures on top of your monitor, "BigHairyMonkey" may not be the best password to keep you from the prying eyes of coworkers. :-)
Title: Re: Account Verification Time!
Post by: Databits on June 14, 2007, 03:49:17 am
Xeph: I posted that before we started to diagnose things later in the day after the first time. :P

Griev: I already have a gmail account.  ;)
Title: Re: Account Verification Time!
Post by: Silverfoxr on June 14, 2007, 06:51:53 am
forum mucked up my posting but i got the email okies and it worked fine
Title: Re: Account Verification Time!
Post by: cyyeun on June 14, 2007, 10:39:02 am
I'm glad it is not too confusing. ;D I have completed it with no problem.  :D
Title: Re: Account Verification Time!
Post by: fesworks on June 16, 2007, 09:17:27 pm
haha! Almost forgot about verifying Ardra!! haha! :P
Title: Re: Account Verification Time!
Post by: pigeon-wing on June 16, 2007, 11:47:37 pm
Done =) Well, since a while ago ^^;
Title: Re: Account Verification Time!
Post by: Xepher on June 18, 2007, 03:56:42 am
I just got back from a weekend in Dallas. Only about 4 more accounts got verified while I was gone, so I think we're on the long-tail of the email notices. 45 people are verified (with one having left before picking a password) which leaves another 165 accounts... 44 of those have been locked/disabled for some time without their owners contacting me. So I'm reasonably expecting a response from another 120 people or so. Of course, probably only about half those will actually respond, even after I move to locking their accounts. I probably should've weeded out some of these a long time ago. :-)
Title: Re: Account Verification Time!
Post by: dragyn on June 20, 2007, 07:45:07 am
Well, I'm verified now.  Sorry it took so long--ISP and computer troubles, as usual.
Title: Re: Account Verification Time!
Post by: Xepher on June 20, 2007, 01:50:17 pm
Just FYI, you don't HAVE to check in here or anything... not that it's a problem if you do, just saying.
Title: Re: Account Verification Time!
Post by: Xepher on June 24, 2007, 08:17:17 am
Okay, I've now locked all accounts that haven't been verified yet. If your account has been locked, please note, you need to BOTH fill out the verification forms at https://xepher.net/account-verification/ to get your account transfered to the new server AND email me adminATxepher.net to get your account unlocked in the meantime.
Title: Re: Account Verification Time!
Post by: DC Bueller on June 24, 2007, 07:39:26 pm
Hehe, just when I finally got to checking my e-mail after the Seattle trip...I really need to get into the habit of checking that daily.
Title: Re: Account Verification Time!
Post by: psychobob on June 25, 2007, 10:18:42 pm
yaay. New stuuuff! I gotta redesign my layout while a lotta changes are taking place. o:
Title: Re: Account Verification Time!
Post by: Xepher on June 26, 2007, 01:46:22 am
Yeah, I've got some redesign of my own to do as well.

Also, NOTE: Several people have filled out the verification form, but NOT emailed me, thus their accounts are still locked. If you emailed me to get your account unlocked, but didn't get a response from me, post here, as your email might not have gotten through. I respond to every email I get once I've unlocked an account AND/OR if I have a reason for not unlocking it. Either way, you should hear from me.
Title: Re: Account Verification Time!
Post by: Qazi on June 26, 2007, 04:45:45 pm
just checking in, sent the form in and an e-mail.  Whenever u have time Xeph, sorry for the trouble of not responding sooner.
Title: Re: Account Verification Time!
Post by: Tangle on July 02, 2007, 04:04:44 am
Eep, I've been out of town and I just got back to check my e-mail and now I've got no e-mail to check!  I've gone through the verification system, any idea how long it will take to get my stuff back up?  And does this mean I won't receive the e-mails sent to me during the locked time? 
Title: Re: Account Verification Time!
Post by: Xepher on July 02, 2007, 04:25:36 am
I just got your email, and unlocked your account (and sent you a reply.) And no, you won't lose emails that came while your account was locked. The lock basically just changed your password, and set up a rule in the webserver to forward everything to that announcement page. All "behind the scenes" functions continued to work as normal.

As a side note, it sounds like you use the email here a lot. As such, I'd advise you to pay attention once the move takes place. There will be an entirely new spam filtering system, as well as several other changes to how email works. You'll get an email (to the contact email you put in the verification form) once the move occurs, and it'll have links/instructions explaining everything. Just keep an eye out for it, probably a few weeks from now or so.
Title: Re: Account Verification Time!
Post by: kinjutsu on July 05, 2007, 07:46:41 pm
hey I did the application thingy a little while ago but didn't know I had to email you as well.  I'm assuming that means that my account is locked >__< Do I just need to post here or email you also?
Title: Re: Account Verification Time!
Post by: Xepher on July 05, 2007, 10:44:59 pm
No, I'll go ahead and unlock your account now. I do need you to email me about your domain name though. Right now, you've got it redirected through someone else to here, whereas the box on the form was for people that have had their domain linked directly with their account here on the server. It's the more "correct" way to do it, as it means the domain functions like a regular website, not a redirect. (The URL bar would always show kinjutsu.net, instead of kinjutsu.xepher.net) It also gives you the option of using email addresses at your domain. Either way, you need to let me know, so I can either remove it from your form (if you want it to stay how it is) or so I can give you instructions for how to change your nameserver information to let the server here manage it.
Title: Re: Account Verification Time!
Post by: Xepher on July 15, 2007, 05:57:52 am
If you've filled out a verification form, and your account is still locked, that means you need to EMAIL ME and let me know. If you DID email me, and didn't get a response, then I didn't get your email. Post here, let me know! I've got half a dozen verifications from people that never contacted me.
Title: Re: Account Verification Time!
Post by: late on July 28, 2007, 12:04:59 am
I don't need my account, but Can I have my stuff back??? My username is late.

Thanks a lot!
Title: Re: Account Verification Time!
Post by: Xepher on July 28, 2007, 02:21:06 am
Okay, account is unlocked for now, but will not be moved to the new server. I suggest you download whatever you want in the next week or so.
Title: Re: Account Verification Time!
Post by: Kanddak on August 23, 2007, 10:00:12 pm
I shot you an email a couple weeks back and a verification a while before that for the account holyknights.
Title: Re: Account Verification Time!
Post by: Xepher on August 24, 2007, 01:53:07 am
I just got back last night from a trip to colorado... I'm digging through the "business" email right now, I see yours in there, so I'll get back to you shortly here. Sorry for the delay.
Title: Re: Account Verification Time!
Post by: Xepher on August 26, 2007, 02:04:59 am
Alright, I'm now closing down account verifications. If your account was not verified and unlocked by me, you'll have to reapply for a new account once the new server is online and stable.

The following users were found in the verification system, but never contacted me. As such, they aren't being transfered. If you're on this list, contact me soon!


Title: Re: Account Verification Time!
Post by: halfmoon on October 01, 2007, 01:19:44 am
Shoot! I'm not dead, just haven't used the account in a long time. Is it possible to keep it up? I want to use it again soon.

username is sonata

Title: Re: Account Verification Time!
Post by: Xepher on October 01, 2007, 02:02:16 pm
I'm going overseas in a couple days. When I get back and get the new server in place, talk to me then. Should be third week of October or so.
Title: Re: Account Verification Time!
Post by: fesworks on October 03, 2007, 04:22:14 am
Sounds good, have a good time!


*goes to set up a warez site while Xepher is gone*