New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Is there...any reason you ask?
~
Deadpool?
Hack?
Yes, yes it is.
Easy.
Send a mass email detailing a forced password reset, and run:
(on your WHMCS DB)
Magic.
That would be magical if tblclients is also used for administration auth.
@WSS
Wouldn't that be fun :P
Yep. Then you can just set them all ='' and then no problem with password resets!
rm- rf easier.
You realize this guy might do it? Cmon guys, there is no common sense nowadays, don't inspire actions... plis.. LOL
hmmmmmmmmmm.
What happened?
If they are stupid enough to no research/check what they are being told to do then they deserve it. Same principle as, if he jumped of a cliff, would you follow?
Am I being chased by a grizzly? I might jump after him then.
In that even I'll be sure to jump before him
Yes you are. Right this moment.
Good news is that he's coming from northern Alaska and bears are kind of slow, so you've got a few years.
Wheew. Thanks. Ill be sure to be a Karate black belt until then so I can fight it off.
We want to make sure that all clients change their passwords on a regular basis.
try again later..
Well, your Hompage was not reachable at this time as you posted it, so its more likely for me that there was some kind of a breach and you turned your Page for security reasons offline.
But okay.
This is a terrible idea. All this will accomplish is encouraging people to pick poorer passwords, because now they regularly have to make an effort to remember/manage/sync their new password, so it's easier to just use shitty ones.
All the while not actually improving security; passwords don't go "stale" in the first place, and an exploitation window of months after a credential leak is hardly going to be any better than an exploitation window of years.
Just in case he needs a business reason not to do this too... Large number of customers will get frustrated by this and not bother logging in ever again, particularly if it wasn't announced via email & done for good reason.
@Maher, which of methods I suggested you followed or are you looking for something else?
I'll use the bulk addon.
How is it a terrible idea when you force someone to keep himself extra protected, poorer passwords? the bulk addon generates random passwords created with base64 encoding I assume, so they shouldn't be that easy to crack, however I wish if WHMCS decides one day to change their encryption method..
Base64?
Wait.. base64?
It generates a password in base64 format
That's pretty fucking stupid.