Exodus Strength

The forum has been very slow for me over the past day or two. I've been getting a lot of "504 Gateway Time-out | nginx/1.15.10" errors.

Is it just me?

I'm getting the same.

Me too

It seems like the webhost has been doing server maintenance on weekends.

We get no warning.

@mgil Chrome has an extension that monitors your passwords and checks against known breaches. I got a notification last night that exodus-strength.com has been compromised. Should a notice to users be put out? Is it users responsibility to maintain a secure password so the site doesn't get buggered up or are we too small for that kind of hacking?

damufunman wrote: ↑Mon Aug 26, 2019 4:47 am @mgil Chrome has an extension that monitors your passwords and checks against known breaches. I got a notification last night that exodus-strength.com has been compromised. Should a notice to users be put out? Is it users responsibility to maintain a secure password so the site doesn't get buggered up or are we too small for that kind of hacking?

Thank you for the notification!

@Manveer, is there any way to verifiy this that we can see?

I don’t know. If someone tells me how to verify, I can check.

damufunman wrote: ↑Mon Aug 26, 2019 4:47 am @mgil Chrome has an extension that monitors your passwords and checks against known breaches. I got a notification last night that exodus-strength.com has been compromised. Should a notice to users be put out? Is it users responsibility to maintain a secure password so the site doesn't get buggered up or are we too small for that kind of hacking?

Which extension? Does it provide any more info than just saying breach?

I got three "gateway timeout" errors while trying to post this.

quark wrote: ↑Mon Aug 26, 2019 9:23 am

damufunman wrote: ↑Mon Aug 26, 2019 4:47 am @mgil Chrome has an extension that monitors your passwords and checks against known breaches. I got a notification last night that exodus-strength.com has been compromised. Should a notice to users be put out? Is it users responsibility to maintain a secure password so the site doesn't get buggered up or are we too small for that kind of hacking?

Which extension? Does it provide any more info than just saying breach?

I got three "gateway timeout" errors while trying to post this.

This

It seems unlikely that we could verify that since we won’t get access to Google’s data.

Hopefully people are using unique passwords for sensitive accounts (eg banking) and not the same user/pass combo as on this little site.

The gateway 504 error seems to be on the server side, so we can complain to the host. I don’t know if there is anything within our control that can fix it, besides maybe changing hosts.

damufunman wrote: ↑Mon Aug 26, 2019 9:35 am

quark wrote: ↑Mon Aug 26, 2019 9:23 am

damufunman wrote: ↑Mon Aug 26, 2019 4:47 am @mgil Chrome has an extension that monitors your passwords and checks against known breaches. I got a notification last night that exodus-strength.com has been compromised. Should a notice to users be put out? Is it users responsibility to maintain a secure password so the site doesn't get buggered up or are we too small for that kind of hacking?

Which extension? Does it provide any more info than just saying breach?

I got three "gateway timeout" errors while trying to post this.

This

I installed that, then logged out of and back in to this forum. The extension increased the number of passwords analyzed from 0 to 1 and reported "None of the passwords you recently entered were detected in a data breach".

Perhaps your exodus password (used by you or coincidentally by someone else) was found in a data breach on another site? Just guessing.

Manveer wrote: ↑Mon Aug 26, 2019 9:44 am It seems unlikely that we could verify that since we won’t get access to Google’s data.

Hopefully people are using unique passwords for sensitive accounts (eg banking) and not the same user/pass combo as on this little site.

The gateway 504 error seems to be on the server side, so we can complain to the host. I don’t know if there is anything within our control that can fix it, besides maybe changing hosts.

Changing hosts sounds like it would incur excessive hassle and expense. Complaining sounds easy.

quark wrote: ↑Mon Aug 26, 2019 9:47 am

damufunman wrote: ↑Mon Aug 26, 2019 9:35 am

quark wrote: ↑Mon Aug 26, 2019 9:23 am

damufunman wrote: ↑Mon Aug 26, 2019 4:47 am @mgil Chrome has an extension that monitors your passwords and checks against known breaches. I got a notification last night that exodus-strength.com has been compromised. Should a notice to users be put out? Is it users responsibility to maintain a secure password so the site doesn't get buggered up or are we too small for that kind of hacking?

Which extension? Does it provide any more info than just saying breach?

I got three "gateway timeout" errors while trying to post this.

This

I installed that, then logged out of and back in to this forum. The extension increased the number of passwords analyzed from 0 to 1 and reported "None of the passwords you recently entered were detected in a data breach".

Perhaps your exodus password (used by you or coincidentally by someone else) was found in a data breach on another site? Just guessing.

Good point.

I can't change my password.

I've tried two ways: the in the forum user settings thing

and then the feature when you log in (forgot your password).

quark wrote: ↑Mon Aug 26, 2019 9:50 am

Manveer wrote: ↑Mon Aug 26, 2019 9:44 am It seems unlikely that we could verify that since we won’t get access to Google’s data.

Hopefully people are using unique passwords for sensitive accounts (eg banking) and not the same user/pass combo as on this little site.

The gateway 504 error seems to be on the server side, so we can complain to the host. I don’t know if there is anything within our control that can fix it, besides maybe changing hosts.

Changing hosts sounds like it would incur excessive hassle and expense. Complaining sounds easy.

Of course... I was not actually suggesting changing hosts as the first option.

mbasic wrote: ↑Mon Aug 26, 2019 1:18 pm I can't change my password.

I've tried two ways: the in the forum user settings thing

and then the feature when you log in (forgot your password).

Need more information. What happens when you go to user CP-->Profile-->Edit account settings and then enter new password twice along with current password?

The host makes you jump through a bunch of hoops to open a ticket or chat with help. I don't have all the required access at the moment since I am not the site owner.

Site hits have tripled since April or so... that may be contributing to the errors. Or they could be doing maintenance, as @mgil said.

Manveer wrote: ↑Mon Aug 26, 2019 9:44 am

mbasic wrote: ↑Mon Aug 26, 2019 1:18 pm I can't change my password.

I've tried two ways: the in the forum user settings thing

and then the feature when you log in (forgot your password).

Need more information. What happens when you go to user CP-->Profile-->Edit account settings and then enter new password twice along with current password?

I do the above, and it does nothing....just sits there idle. No new window like:"your password has been reset" or anything.

I tried to fake like I lost my password with the log in window. But I never received the help email to reset the password (or sometimes they generate a temp one for you).

Weird .

I get those 504 timeouts too

mbasic wrote: ↑Mon Aug 26, 2019 6:33 pm

Manveer wrote: ↑Mon Aug 26, 2019 9:44 am

mbasic wrote: ↑Mon Aug 26, 2019 1:18 pm I can't change my password.

I've tried two ways: the in the forum user settings thing

and then the feature when you log in (forgot your password).

Need more information. What happens when you go to user CP-->Profile-->Edit account settings and then enter new password twice along with current password?

I do the above, and it does nothing....just sits there idle. No new window like:"your password has been reset" or anything.

I tried to fake like I lost my password with the log in window. But I never received the help email to reset the password (or sometimes they generate a temp one for you).

Weird .

I get those 504 timeouts too

I dunno man. I just changed my password and it gave me a confirmation message in the browser.

@manveer

I just did it successfully from my phone.
I was using my desk PC all day, maybe that was the problem.

Hey guys. Sorry about that. I'm not sure what was causing the issue, but if it continues until tomorrow, I'll look into it first thing in the morning.

I was able to change my password just now successfully. It took no more than maybe 2 seconds. I'm thinking what was happening earlier today might have been a fluke, if not work-related restrictions or anything. I have noticed that the site is performing a little slower on Safari than it is on Chrome.

We are getting a lot more traffic to the forum now than in the past, and we are on shared hosting rather than dedicated hosting. Since this forum is still a hobby/side thing for us and not a business, we'll need to weigh our options in the future for dedicated hosting because it is far more costly than shared hosting.