I understand that this was unfortunate, but guess how many times i hear word '' Grobar hacked us'' and from how many servers? This is too old to be naive to believe that this will not happen to next new server. This was too predictable... people just believe and hope that this wont happen to their server.... but guess what, it always will.
I dont know maybe I dont understand something or anything at all. However what Nicos did after all the hacking were just first half of true foolproof method. Which I assume that he changed everyone's password, and told them to change into a new better stronger password under new policy. This is not client work, this is all website/panel work.
Steps:
User Press *register*
User Enters his *information*
User Enters his *email* which has to be 100% true.
Webserver sends email to users account with random password
The website generate for user a random password into the database
User wants to set up different password
Panel request validation by sending request on to your email.
Request is numbered code or Link which is better
*Warning in big red letters not to use same password from other servers*
User Changes the password with strong password policy (1 Capital, 1 number, 1 symbol, 9 total)
User successfully changes his/her password.
User Wants to change secret ID(must go through validation of email, same as with password change)
Same thing for any other information on request of change.
Only after that all, you can blame the users. This is only a simple sketch... Nobody will persuaded me that this is not possible, because this is all website work.
{PS} Maybe for a small server, this is hard because it involves a lot of coding, but for server like you have Nicos, this should have been done.
Bookmarks