Jump to content
The Dark Mod Forums

TTLG - anyone having trouble geting in ?


esme

Recommended Posts

Just tried looking at TTLG & got the following error

Database Error: SQLSTATE[HY000] [1862] Your password has expired. To log in you must change it using a client that supports expired passwords.

I get this on 2 different browsers

 

Removed all saved passwords and cookies & still get it

 

Anyone else having an issue or is it just me ?

Link to comment
Share on other sites

are you using google based browsers, they've introduced a system where if a site isn't protected by certain expensive SSL certificates they are going to block access to password protected areas on those sites.

 

I accessed it with Google Chrome just fine. Was able to login too.

Link to comment
Share on other sites

I think it was a database connectionerror on ttlg-forum's side.

 

The password it mentioned, is NOT about your password, but the account what the webserver uses to connect to ttlg mysql database, esme. (error 1862)

Edited by freyk

Info: My portfolio and darkmod graphical installer
Amnesty for Bikerdude!

Link to comment
Share on other sites

Lately there's been a lot of exposure about the vulnerabilities in google chrome over http. Now it's public it means stuff has to be done about it.

 

Can see instantly that TTLG is http only (you'll notice in chrome that there is a broken padlock in the URL bar).

What Stumpy is saying is right (it's a conspiracy!), and Freyk's also correct that it is a server-side error thanks to google's security updates.

Probably TTLG will need to update some php or mysql as it appears as if you're getting the error because mysql is restricting you to sandbox mode or the client (your chrome browser) is connecting to the server via scripts.

It's pretty old, by the looks of things...


80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) <---win server 2008 / microsoft iis7.0

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Since it's a win home server and on http, it's potentially a very soft target.
Uses ascii string for passwords and html encoding for special characters in that field. Usernames are on the forum...

Probably TTLG could fix the issue by changing password expiration.


SET GLOBAL default_password_lifetime = 0;

So that all user's passwords do not expire, whether they connect via scripts or not.

Or the admin could migrate everything to something such as freeBDS, but they've always been windows server forever - also there's a loootttt of data over the past 21 years at that place.

Best course of action would be to use a different browser (eg firefox) and mail the admin with the issue so that it can be resolved, I'd guess.
http://www.ttlg.com/forums/sendmessage.php


I'd recommend migration, as the server has no SSL cypher mapping, however the f= parameter means it is an unlikely target for sql injection "practice".
But it is a windows server and it's vbulliten 4.2.3.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recent Status Updates

    • Ansome

      Finally got my PC back from the shop after my SSD got corrupted a week ago and damaged my motherboard. Scary stuff, but thank goodness it happened right after two months of FM development instead of wiping all my work before I could release it. New SSD, repaired Motherboard and BIOS, and we're ready to start working on my second FM with some added version control in the cloud just to be safe!
      · 0 replies
    • Petike the Taffer  »  DeTeEff

      I've updated the articles for your FMs and your author category at the wiki. Your newer nickname (DeTeEff) now comes first, and the one in parentheses is your older nickname (Fieldmedic). Just to avoid confusing people who played your FMs years ago and remember your older nickname. I've added a wiki article for your latest FM, Who Watches the Watcher?, as part of my current updating efforts. Unless I overlooked something, you have five different FMs so far.
      · 0 replies
    • Petike the Taffer

      I've finally managed to log in to The Dark Mod Wiki. I'm back in the saddle and before the holidays start in full, I'll be adding a few new FM articles and doing other updates. Written in Stone is already done.
      · 4 replies
    • nbohr1more

      TDM 15th Anniversary Contest is now active! Please declare your participation: https://forums.thedarkmod.com/index.php?/topic/22413-the-dark-mod-15th-anniversary-contest-entry-thread/
       
      · 0 replies
    • JackFarmer

      @TheUnbeholden
      You cannot receive PMs. Could you please be so kind and check your mailbox if it is full (or maybe you switched off the function)?
      · 1 reply
×
×
  • Create New...