DieHard Wolfers Forum Index DieHard Wolfers
A Wolfenstein 3d Fan Community


  Hosted by: MCS & Areyep.com - Designed by: BrotherTank

Original Yahoo Forum - Die Hard Archives

AReyeP HomepageAreyep Homepage DieHard Wolfenstein BunkerDieHard Wolfenstein Bunker Log inLog in RegisterRegister Banlist FAQFAQ Search ForumsSearch

  Username:    Password:      Remember me       

Number of password attempts
Page 1 of 1
DieHard Wolfers Forum Index -> Speak to Us View Previous TopicRefresh this PageAdd Topic to your Browser FavoritesSearch ForumsPrint this TopicE-mail TopicGoto Page BottomView Next Topic
Post new topicReply to topic
Author Message
Matthew
DieHard Officer
DieHard Officer


Joined: 02 Jul 2007
Last Visit: 02 Feb 2020

Topics: 103
Posts: 518

usa.gif

PostPosted: Thu Mar 14, 2013 3:25 am
   Subject: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Next PostGoto Bottom of Posts

This site currently only gives you 1 chance to get your password right when you log in. If you make just one mistake, you're locked out of your account for 1 hour.

This is stupid. Why not give 3 chances, like most such systems do? It wouldn't really make it any less secure.

Twice in the past week, I made a mistake and was locked out of my account for an hour.
BrotherTank
Forum Administrator
<B>Forum Administrator</B>


Joined: 01 Mar 2003
Last Visit: 13 Sep 2017

Topics: 153
Posts: 2248
Location: Ontario
canada.gif

PostPosted: Thu Mar 14, 2013 11:30 pm
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

Matthew wrote:
This site currently only gives you 1 chance to get your password right when you log in. If you make just one mistake, you're locked out of your account for 1 hour.

This is stupid. Why not give 3 chances, like most such systems do? It wouldn't really make it any less secure.

Twice in the past week, I made a mistake and was locked out of my account for an hour.


I'll try to be nice in answering this. It was not "Stupid". As it was a solution to a problem that we experienced a little while back. Someone was actively trying to hack accounts on the system. It was finally set to 1 attempt, with an hour break in between to make it the most difficult and time consuming. And if you think about it, that setting does add security to the system.

Now, if you had asked why it was set that way, you'd have seen this answer and that it was done for the protection of the members of the forums and not as a means of hassling them. As thus, it is again not something "Stupid" but rather an interesting way of protecting and putting yet another block into someones idea of fun.

I have changed the setting to 2 attempts, but will gladly set it back to one when it is required for the protection of the forums and it's users.

Greg
BrotherTank
Forums Admin
Matthew
DieHard Officer
DieHard Officer


Joined: 02 Jul 2007
Last Visit: 02 Feb 2020

Topics: 103
Posts: 518

usa.gif

PostPosted: Fri Mar 15, 2013 1:08 pm
   Subject: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

You are nice. Smile



BrotherTank wrote:
And if you think about it, that setting does add security to the system.


I didn't think it would make a significant difference because I was assuming that it would take a huge number of attempts to figure out a password. I suppose there are many people who use "password" or "letmein" for their passwords. Smile

http://arstechnica.com/information-technology/2012/11/born-to-be-breached-the-worst-passwords-are-still-the-most-common/
BrotherTank
Forum Administrator
<B>Forum Administrator</B>


Joined: 01 Mar 2003
Last Visit: 13 Sep 2017

Topics: 153
Posts: 2248
Location: Ontario
canada.gif

PostPosted: Sat Mar 16, 2013 9:59 am
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

It might take a huge number of attempts to figure out someones password, but at the time, the person was trying to hack all the admin on the system, all the moderators, and a few select users as well. Now if I had it set to 3 as it was at first, the person gets 3 attempts each hour to try and figure out the password. We set it back to 1 so that it would take them hours upon hours to hack into any 1 account. This addition of time seemed to have taken the wind out of their attempts as it stopped them days later. I must admit though that whoever was after the system didn't just give up easily. It took them a while to say to themselves that we were actively watching and changing things so that they couldn't gain the control that they wanted. Which was a good thing, as I've seen too many sites get hacked or highjacked and I didn't want that for the forums here.

Anyhow, I won't go much further into what they were doing or what we were or what was done on our end, but rather to say that I do take seriously the protection of the forums and the users here.

Greg
BrotherTank
Tricob
Moderator
<B>Moderator</B>


Joined: 14 Mar 2005
Last Visit: 4:56 ago.

Topics: 168
Posts: 8514
Location: Neo-traditions, Inc.
usa.gif

PostPosted: Sat Mar 16, 2013 12:55 pm
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

From what I understand, the hacker actually didn't give up, but rather the admins had blocked every single IP address he had, so he couldn't get through anymore. There were several dozen hacker addresses total that DHWs posted in the Speak To Us thread, all of which were used in this blocking method. AFAIK, every one of these blocks is still in place today, but I honestly haven't asked. Neutral
BrotherTank
Forum Administrator
<B>Forum Administrator</B>


Joined: 01 Mar 2003
Last Visit: 13 Sep 2017

Topics: 153
Posts: 2248
Location: Ontario
canada.gif

PostPosted: Sat Mar 16, 2013 11:53 pm
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

Yes, Tricob... Again,

The attempts were set to 1 to control the number of attempts that the hacker could make each hour to slow them down. This yes, created a frustration in time to the hacker, and also in some cases the user as they would have to log in before the hacker made their next attempt at hacking the account. As such, that should the user be on-line and the hacker attempt, it provided us with the DNS or IP number the hacker was using. And yes, Tricob, we were blocking DNs as well. [Seeing as that's out of the bag now too]

Hell, we were doing a lot of things to stop the hacker. Should I list them all so that they know exactly what we do, how we get information, and what we do with it all.... thus giving away all the secrets.... Hence my saying, that:

Quote:
Anyhow, I won't go much further into what they were doing or what we were or what was done on our end, but rather to say that I do take seriously the protection of the forums and the users here.


So based on that I should just hand them the keys seeing as I didn't give all the information on what we were doing... Or is there any other information that you would like to make public about the forums or it's users to just anyone? But you really have to inject what someone else told you thus saying hell with keeping the secrets.... Tricob knows a little so I'll add it and make him spill the beans....

Jeeze.... Why do I bother...

BrotherTank
Matthew
DieHard Officer
DieHard Officer


Joined: 02 Jul 2007
Last Visit: 02 Feb 2020

Topics: 103
Posts: 518

usa.gif

PostPosted: Thu Sep 26, 2019 2:08 am
   Subject: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

I actually knew about this incident before I posted this thread, because I had read the thread about it. But I didn't think of it. I should have known. Smile

It is possible that my account was one of the ones targeted. But the e-mail account on my profile is one I never have really used and don't have access to anymore. So I wouldn't have known unless I tried to log in to my account when it was blocked.

My main e-mail account is an AOL account. I actually have used it for nearly 20 years; I created it in 2000, when I was 13 years old. Smile

It originally was a Netscape account, before AOL acquired Netscape.

Is it possible for one of the admins or moderators to change the e-mail address on my profile to it? I have long wanted that done.


Last edited by Matthew on Thu Sep 26, 2019 5:41 pm; edited 1 time in total
stathmk
DieHard Officer
DieHard Officer


Joined: 21 Oct 2009
Last Visit: 8:42 ago.

Topics: 98
Posts: 567
Location: Indiana, United States
usa.gif

PostPosted: Thu Sep 26, 2019 3:58 am
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

Matthew wrote:
I actually knew about this incident before I posted this thread, because I had read the thread about it. But I didn't think of it. I should have known. Smile

It is possible that my account was one of the ones targeted. But the e-mail account on my profile is one I never have really used and don't have access to anymore. So I wouldn't have known unless I tried to log in to my account when it was blocked.

My main e-mail account is an AOL account. I actually have used it for nearly 20 years; I created it in 2000, when I was 13 years old. Smile

Is it possible for one of the admins or moderators to change the e-mail address on my profile to it? I have long wanted that done.
Hi. The way I remember it, 2 or 3 years ago I clicked on Profile and changed my email address without any problem and I didn't need help from an admin or moderator.
Matthew
DieHard Officer
DieHard Officer


Joined: 02 Jul 2007
Last Visit: 02 Feb 2020

Topics: 103
Posts: 518

usa.gif

PostPosted: Thu Sep 26, 2019 5:47 am
   Subject: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

When I registered, it wouldn't let me use my AOL account because the AOL domain is blocked.
Tricob
Moderator
<B>Moderator</B>


Joined: 14 Mar 2005
Last Visit: 4:56 ago.

Topics: 168
Posts: 8514
Location: Neo-traditions, Inc.
usa.gif

PostPosted: Fri Sep 27, 2019 3:35 pm
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

Matthew wrote:
When I registered, it wouldn't let me use my AOL account because the AOL domain is blocked.
The board has gone through a lot of changes since then. I'd like you to try it again and see what happens. Thanks. Smile
TheTalentedMrLeo
Forum Administrator
<B>Forum Administrator</B>


Joined: 14 Mar 2003
Last Visit: 15:16 ago.

Topics: 46
Posts: 739

usa.gif

PostPosted: Sat Sep 28, 2019 8:05 pm
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

AOL was originally blocked along with a bunch of other email providers to prevent spammers, and some troublesome members, from creating burner accounts. I don't think this is as big of an issue now that we are able to screen newly registered accounts, and weed out the spammers.
Matthew
DieHard Officer
DieHard Officer


Joined: 02 Jul 2007
Last Visit: 02 Feb 2020

Topics: 103
Posts: 518

usa.gif

PostPosted: Sun Sep 29, 2019 1:19 pm
   Subject: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Bottom of Posts

I just successfully changed to my AOL e-mail account.

I also changed to a more secure password.

When I did so, it disabled my account, and told me it had sent an e-mail for re-activating it. But I didn't receive it. I thought this meant that I was locked out of my account, and wasn't able to get back in. But one of the admins activated it. I then received an e-mail telling me that it had been activated, and to use the password in the previous e-mail, which I had not received. Fortunately, it was the password I had picked.

It actually was originally a Netscape account, before AOL acquired Netscape. I had forgotten that. The Netscape domain is a redirect. It was the one I had tried to use which was blocked. I didn't try the AOL domain, but I presume it was blocked too.
Display posts from previous:   
Post new topicReply to topic Time synchronized with the forum server time
DieHard Wolfers Forum Index -> Speak to Us View Previous TopicRefresh this PageAdd Topic to your Browser FavoritesSearch ForumsPrint this TopicE-mail TopicGoto Page TopView Next Topic
Page 1 of 1
Jump to:  

Related topics
 Topics   Replies   Views   Last Post 
No new posts Your account on Diehard Wolfers is blocked
Author: Zombie_Plan
37 8719 Sun Sep 29, 2019 1:48 pm
Matthew View latest post
No new posts Change Your Password.
Author: Zombie_Plan
6 2370 Sun Dec 21, 2008 10:13 am
doomjedi View latest post
No new posts A question to the site and you people.
Author: Anonymous
9 361 Wed Oct 11, 2006 6:38 pm
TheTalentedMrLeo View latest post
No new posts Can't log in/out
Author: Dugtrio17
2 1414 Fri Sep 09, 2005 6:48 pm
BrotherTank View latest post
No new posts A usefull feature for this site
Author: Sporb2000
5 2268 Tue Jun 14, 2005 8:13 pm
Chris View latest post
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
   You cannot delete your posts in this forum
You cannot vote in polls in this forum


Copyright ©2003-2008 DieHard Wolfers
A Modified subBunker Theme by BrotherTank
Powered by phpBB © 2001, 2005 phpBB Group