Security issues.

We get many attempts to log in using common usernames and random passwords.
We get hundreds of attempted spam registrations some days. We are also visited by robots that scrape the content of the forums, which uses bandwidth. Other scrapers are looking for email addresses. Some visitors are looking to deface the site.


Passwords are too short.
.. Please change your password to something 12 or more characters.
.. Please use upper case, lower case, a number and a symbol.
.. If you insist on using something simple like "bob" repeat it four times to get 12 characters.



I have added a security script that runs every time anyone accesses the Forums.

It checks for and blocks registrations and logins by robots, or people from known spammer ip addresses.
It looks for sql injections (hackers attempting to corrupt the data base, or bypass security by passing additional characters with the URL).
It blocks certain networks from Russia, China, and the US. These networks are known to support hackers, or are not service providers, but hosts.

It has the potential for blocking legitamate access on occasion.
The tip off is a 403, or 503 error. If you aren't Instabanned there is an email button on the warning page to begin resolving the issue.

A page that indicates the site is temporarily unavailable with no email button means you were probably banned.
If you get one of these email me at blocked (at) steamautomobile. com so the cause can be investigated.

About password strength. A small sentence written correctly is much stronger vs robots than a 12 character word with numbers and upper/lowercases, and it is much easier to remember for a human.

Such that "Steam huff puff" is much much harder for a robot to crack than "Pw96rtAL+tyk"

Hello Scott,

It seems to me that if robots are trying to access the Phorum then they would have to make many trys. If that is the case, perhaps a waiting period between trys of say one minute might be enough to frustrate them. Sixty trys an hour isn't going to crack a lot of passwords.

Also, perhaps, having to answer a simple question before logging in should be frustrating. A human answered question such as " How much is eight plus nine ??" or " What is the next prime number after thirteen??" Should slow them down.

The Phorum doesn't seem to be near as active as it was a few years ago, so a minute between logins shouldn't bother anyone.

I hope you and all others are doing well. I am plotting a come back!

Best,

Bill G.

Why can I access this forum but not the web site? My membership is current

Lohring Miller

This forum and the web site have separate user names and passwords.

Please contact David Lewis using the contact form [www.steamautomobile.com]

The security code makes the email so secure that I can't send a message through that forum. I always get the error message. I've tried several times on different days.

Lohring Miller

I see it now.

I will contact David about this problem.