denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_maintenance2017-02-25 09:42 pm

Two quick things

Cloudflare


We've had people ask us about the Cloudflare leak reported a few days ago. We are Cloudflare customers, and it is possible that login cookies or passwords may have been exposed as part of the incident. We believe the risk to you is relatively low -- it was a small percentage of Cloudflare's requests that were involved over a relatively short period of time, and we haven't found any evidence that anything from us was among them. This is not an absolute guarantee that none of your accounts were affected, but we don't think the likelihood is very high.

Because we believe the risk to be low, we aren't automatically expiring everyone's session cookies and requiring you to log back in and change your password -- whenever we do that, it does lock some people who they can't remember their passwords and no longer have access to their confirmed email addresses out of their accounts, and we believe that will affect more people in this case.

Still, it's always a good idea to change your passwords regularly, and now would be a good time to do it, especially if you want peace of mind. We have a FAQ on how to change your password. If your browser logs you in automatically and you don't remember your password, you can reset it. If you've forgotten your password and no longer have access to your most recent confirmed email address, you can have the password reset email sent to any email address you've confirmed on your account by entering both your username and your old email address at the Lost Info page.

Unfortunately, if you've forgotten your password and no longer have access to any email address you've confirmed on your account, you probably won't be able to reset your password. In some cases, if you've previously paid for your account, we can validate your payment details to confirm your identity and reset your password. If you can't reset your password, but think you may have paid for your account in the past, you can open a support request in the Account Payments category and I'll check into it for you.


LiveJournal imports/crossposts/feeds


LiveJournal has temporarily blocked about 2/3rds of our webservers from contacting their site, presumably because they feel that we're requesting data from them too often. This affects the ability to import your journal, the ability to crosspost entries from your Dreamwidth account to your LiveJournal account, and whether syndicated feeds of accounts on LiveJournal will update on Dreamwidth. Those features will fail when they're unable to contact LJ because of the block.

It isn't every one of our webservers, so things will work intermittently -- if you crosspost two entries one right after the other, one might succeed while the other fails. Unfortunately, there isn't much we can do to resolve this other than contacting them and asking them to unblock us (which I'll be doing right after I hit 'post' on this entry).

EDIT 2249 EST 25 Feb: We appear to be down to zero unblocked webservers, so imports, crossposts, and feeds will all fail until LJ unblocks us.

EDIT 26 Feb noon EST: LJ unblocked and whitelisted us this morning, so all is working again!
stranger: three stars from Orion's belt (3 stars)

Perplexed

[personal profile] stranger 2017-02-26 08:45 pm (UTC)(link)
The post implies that there can be more than one email address associated with a DW account. However, I don't see a way to add emails (except "for display" which isn't what I want) so there will be more than one, in case my current email goes down for any length of time. Is there supposed to be a back-up email in place somewhere?

stranger: three stars from Orion's belt (3 stars)

Re: Perplexed

[personal profile] stranger 2017-02-26 10:44 pm (UTC)(link)
Thanks for explaining! Email maneuver performed.