Welcome! Log In Create A New Profile Recent Messages

Advanced

Forum Security

Posted by Scott Finegan 
Forum Security
January 15, 2013 12:29PM
Security issues.

We get many attempts to log in using common usernames and random passwords.
We get hundreds of attempted spam registrations some days. We are also visited by robots that scrape the content of the forums, which uses bandwidth. Other scrapers are looking for email addresses. Some visitors are looking to deface the site.


Passwords are too short.
.. Please change your password to something 12 or more characters.
.. Please use upper case, lower case, a number and a symbol.
.. If you insist on using something simple like "bob" repeat it four times to get 12 characters.



I have added a security script that runs every time anyone accesses the Forums.

It checks for and blocks registrations and logins by robots, or people from known spammer ip addresses.
It looks for sql injections (hackers attempting to corrupt the data base, or bypass security by passing additional characters with the URL).
It blocks certain networks from Russia, China, and the US. These networks are known to support hackers, or are not service providers, but hosts.

It has the potential for blocking legitamate access on occasion.
The tip off is a 403, or 503 error. If you aren't Instabanned there is an email button on the warning page to begin resolving the issue.

A page that indicates the site is temporarily unavailable with no email button means you were probably banned.
If you get one of these email me at blocked (at) steamautomobile. com so the cause can be investigated.
Attachments:
open | download - spamreg.bmp (213 KB)
Re: Forum Security
July 18, 2013 04:04PM
About password strength. A small sentence written correctly is much stronger vs robots than a 12 character word with numbers and upper/lowercases, and it is much easier to remember for a human.

Such that "Steam huff puff" is much much harder for a robot to crack than "Pw96rtAL+tyk"
Re: Forum Security
February 15, 2014 01:51PM
Hello Scott,

It seems to me that if robots are trying to access the Phorum then they would have to make many trys. If that is the case, perhaps a waiting period between trys of say one minute might be enough to frustrate them. Sixty trys an hour isn't going to crack a lot of passwords.

Also, perhaps, having to answer a simple question before logging in should be frustrating. A human answered question such as " How much is eight plus nine ??" or " What is the next prime number after thirteen??" Should slow them down.

The Phorum doesn't seem to be near as active as it was a few years ago, so a minute between logins shouldn't bother anyone.

I hope you and all others are doing well. I am plotting a come back!

Best,

Bill G.
Sorry, only registered users may post in this forum.

Click here to login