Forum Security
Posted by Scott Finegan
|
Forum Security January 15, 2013 12:29PM |
Admin Registered: 12 years ago Posts: 361 |
Security issues.
We get many attempts to log in using common usernames and random passwords.
We get hundreds of attempted spam registrations some days. We are also visited by robots that scrape the content of the forums, which uses bandwidth. Other scrapers are looking for email addresses. Some visitors are looking to deface the site.
Passwords are too short.
.. Please change your password to something 12 or more characters.
.. Please use upper case, lower case, a number and a symbol.
.. If you insist on using something simple like "bob" repeat it four times to get 12 characters.
I have added a security script that runs every time anyone accesses the Forums.
It checks for and blocks registrations and logins by robots, or people from known spammer ip addresses.
It looks for sql injections (hackers attempting to corrupt the data base, or bypass security by passing additional characters with the URL).
It blocks certain networks from Russia, China, and the US. These networks are known to support hackers, or are not service providers, but hosts.
It has the potential for blocking legitamate access on occasion.
The tip off is a 403, or 503 error. If you aren't Instabanned there is an email button on the warning page to begin resolving the issue.
A page that indicates the site is temporarily unavailable with no email button means you were probably banned.
If you get one of these email me at blocked (at) steamautomobile. com so the cause can be investigated.
We get many attempts to log in using common usernames and random passwords.
We get hundreds of attempted spam registrations some days. We are also visited by robots that scrape the content of the forums, which uses bandwidth. Other scrapers are looking for email addresses. Some visitors are looking to deface the site.
Passwords are too short.
.. Please change your password to something 12 or more characters.
.. Please use upper case, lower case, a number and a symbol.
.. If you insist on using something simple like "bob" repeat it four times to get 12 characters.
I have added a security script that runs every time anyone accesses the Forums.
It checks for and blocks registrations and logins by robots, or people from known spammer ip addresses.
It looks for sql injections (hackers attempting to corrupt the data base, or bypass security by passing additional characters with the URL).
It blocks certain networks from Russia, China, and the US. These networks are known to support hackers, or are not service providers, but hosts.
It has the potential for blocking legitamate access on occasion.
The tip off is a 403, or 503 error. If you aren't Instabanned there is an email button on the warning page to begin resolving the issue.
A page that indicates the site is temporarily unavailable with no email button means you were probably banned.
If you get one of these email me at blocked (at) steamautomobile. com so the cause can be investigated.
|
Re: Forum Security July 18, 2013 04:04PM |
Registered: 8 years ago Posts: 237 |
|
Re: Forum Security February 15, 2014 01:51PM |
Registered: 12 years ago Posts: 1,215 |
Hello Scott,
It seems to me that if robots are trying to access the Phorum then they would have to make many trys. If that is the case, perhaps a waiting period between trys of say one minute might be enough to frustrate them. Sixty trys an hour isn't going to crack a lot of passwords.
Also, perhaps, having to answer a simple question before logging in should be frustrating. A human answered question such as " How much is eight plus nine ??" or " What is the next prime number after thirteen??" Should slow them down.
The Phorum doesn't seem to be near as active as it was a few years ago, so a minute between logins shouldn't bother anyone.
I hope you and all others are doing well. I am plotting a come back!
Best,
Bill G.
It seems to me that if robots are trying to access the Phorum then they would have to make many trys. If that is the case, perhaps a waiting period between trys of say one minute might be enough to frustrate them. Sixty trys an hour isn't going to crack a lot of passwords.
Also, perhaps, having to answer a simple question before logging in should be frustrating. A human answered question such as " How much is eight plus nine ??" or " What is the next prime number after thirteen??" Should slow them down.
The Phorum doesn't seem to be near as active as it was a few years ago, so a minute between logins shouldn't bother anyone.
I hope you and all others are doing well. I am plotting a come back!
Best,
Bill G.
|
Re: Forum Security April 08, 2017 06:30PM |
Registered: 3 years ago Posts: 128 |
|
Re: Forum Security April 08, 2017 09:13PM |
Admin Registered: 12 years ago Posts: 361 |
This forum and the web site have separate user names and passwords.
Please contact David Lewis using the contact form [www.steamautomobile.com]
Please contact David Lewis using the contact form [www.steamautomobile.com]
|
Re: Forum Security April 11, 2017 08:17AM |
Registered: 3 years ago Posts: 128 |
|
Re: Forum Security April 11, 2017 09:55AM |
Admin Registered: 12 years ago Posts: 361 |
Sorry, only registered users may post in this forum.