DieHard Wolfers Forum Index DieHard Wolfers
A Wolfenstein 3d Fan Community


  Hosted by: MCS & Areyep.com - Designed by: BrotherTank

Original Yahoo Forum - Die Hard Archives

AReyeP HomepageAreyep Homepage DieHard Wolfenstein BunkerDieHard Wolfenstein Bunker Log inLog in RegisterRegister Banlist FAQFAQ Search ForumsSearch

  Username:    Password:      Remember me       

Number of password attempts
Page 1 of 1
DieHard Wolfers Forum Index -> Speak to Us View Previous TopicRefresh this PageAdd Topic to your Browser FavoritesSearch ForumsPrint this TopicE-mail TopicGoto Page BottomView Next Topic
Post new topicReply to topic
Author Message
Matthew
DieHard SS
DieHard SS


Joined: 02 Jul 2007
Last Visit: 24 Dec 2017

Topics: 92
Posts: 466

usa.gif

PostPosted: Thu Mar 14, 2013 3:25 am
   Subject: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Next PostGoto Bottom of Posts

This site currently only gives you 1 chance to get your password right when you log in. If you make just one mistake, you're locked out of your account for 1 hour.

This is stupid. Why not give 3 chances, like most such systems do? It wouldn't really make it any less secure.

Twice in the past week, I made a mistake and was locked out of my account for an hour.
BrotherTank
Forum Administrator
<B>Forum Administrator</B>


Joined: 01 Mar 2003
Last Visit: 13 Sep 2017

Topics: 153
Posts: 2255
Location: Ontario
canada.gif

PostPosted: Thu Mar 14, 2013 11:30 pm
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

Matthew wrote:
This site currently only gives you 1 chance to get your password right when you log in. If you make just one mistake, you're locked out of your account for 1 hour.

This is stupid. Why not give 3 chances, like most such systems do? It wouldn't really make it any less secure.

Twice in the past week, I made a mistake and was locked out of my account for an hour.


I'll try to be nice in answering this. It was not "Stupid". As it was a solution to a problem that we experienced a little while back. Someone was actively trying to hack accounts on the system. It was finally set to 1 attempt, with an hour break in between to make it the most difficult and time consuming. And if you think about it, that setting does add security to the system.

Now, if you had asked why it was set that way, you'd have seen this answer and that it was done for the protection of the members of the forums and not as a means of hassling them. As thus, it is again not something "Stupid" but rather an interesting way of protecting and putting yet another block into someones idea of fun.

I have changed the setting to 2 attempts, but will gladly set it back to one when it is required for the protection of the forums and it's users.

Greg
BrotherTank
Forums Admin
Matthew
DieHard SS
DieHard SS


Joined: 02 Jul 2007
Last Visit: 24 Dec 2017

Topics: 92
Posts: 466

usa.gif

PostPosted: Fri Mar 15, 2013 1:08 pm
   Subject: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

You are nice. Smile



BrotherTank wrote:
And if you think about it, that setting does add security to the system.


I didn't think it would make a significant difference because I was assuming that it would take a huge number of attempts to figure out a password. I suppose there are many people who use "password" or "letmein" for their passwords. Smile

http://arstechnica.com/information-technology/2012/11/born-to-be-breached-the-worst-passwords-are-still-the-most-common/
BrotherTank
Forum Administrator
<B>Forum Administrator</B>


Joined: 01 Mar 2003
Last Visit: 13 Sep 2017

Topics: 153
Posts: 2255
Location: Ontario
canada.gif

PostPosted: Sat Mar 16, 2013 9:59 am
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

It might take a huge number of attempts to figure out someones password, but at the time, the person was trying to hack all the admin on the system, all the moderators, and a few select users as well. Now if I had it set to 3 as it was at first, the person gets 3 attempts each hour to try and figure out the password. We set it back to 1 so that it would take them hours upon hours to hack into any 1 account. This addition of time seemed to have taken the wind out of their attempts as it stopped them days later. I must admit though that whoever was after the system didn't just give up easily. It took them a while to say to themselves that we were actively watching and changing things so that they couldn't gain the control that they wanted. Which was a good thing, as I've seen too many sites get hacked or highjacked and I didn't want that for the forums here.

Anyhow, I won't go much further into what they were doing or what we were or what was done on our end, but rather to say that I do take seriously the protection of the forums and the users here.

Greg
BrotherTank
Tricob
Moderator
<B>Moderator</B>


Joined: 14 Mar 2005
Last Visit: 9:46 ago.

Topics: 161
Posts: 8033
Location: Neo-traditions, Inc.
usa.gif

PostPosted: Sat Mar 16, 2013 12:55 pm
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Next PostGoto Bottom of Posts

From what I understand, the hacker actually didn't give up, but rather the admins had blocked every single IP address he had, so he couldn't get through anymore. There were several dozen hacker addresses total that DHWs posted in the Speak To Us thread, all of which were used in this blocking method. AFAIK, every one of these blocks is still in place today, but I honestly haven't asked. Neutral
BrotherTank
Forum Administrator
<B>Forum Administrator</B>


Joined: 01 Mar 2003
Last Visit: 13 Sep 2017

Topics: 153
Posts: 2255
Location: Ontario
canada.gif

PostPosted: Sat Mar 16, 2013 11:53 pm
   Subject: Re: Number of password attempts
   [ IP : Logged ]
Reply with quote
Goto Top of PostsGoto Previous PostGoto Bottom of Posts

Yes, Tricob... Again,

The attempts were set to 1 to control the number of attempts that the hacker could make each hour to slow them down. This yes, created a frustration in time to the hacker, and also in some cases the user as they would have to log in before the hacker made their next attempt at hacking the account. As such, that should the user be on-line and the hacker attempt, it provided us with the DNS or IP number the hacker was using. And yes, Tricob, we were blocking DNs as well. [Seeing as that's out of the bag now too]

Hell, we were doing a lot of things to stop the hacker. Should I list them all so that they know exactly what we do, how we get information, and what we do with it all.... thus giving away all the secrets.... Hence my saying, that:

Quote:
Anyhow, I won't go much further into what they were doing or what we were or what was done on our end, but rather to say that I do take seriously the protection of the forums and the users here.


So based on that I should just hand them the keys seeing as I didn't give all the information on what we were doing... Or is there any other information that you would like to make public about the forums or it's users to just anyone? But you really have to inject what someone else told you thus saying hell with keeping the secrets.... Tricob knows a little so I'll add it and make him spill the beans....

Jeeze.... Why do I bother...

BrotherTank
Display posts from previous:   
Post new topicReply to topic Time synchronized with the forum server time
DieHard Wolfers Forum Index -> Speak to Us View Previous TopicRefresh this PageAdd Topic to your Browser FavoritesSearch ForumsPrint this TopicE-mail TopicGoto Page TopView Next Topic
Page 1 of 1
Jump to:  

Related topics
 Topics   Replies   Views   Last Post 
No new posts Your account on Diehard Wolfers is blocked
Author: Zombie_Plan
36 5569 Fri Apr 01, 2011 4:37 pm
Schabbs View latest post
No new posts Change Your Password.
Author: Zombie_Plan
6 1569 Sun Dec 21, 2008 10:13 am
doomjedi View latest post
No new posts A question to the site and you people.
Author: Anonymous
9 360 Wed Oct 11, 2006 6:38 pm
TheTalentedMrLeo View latest post
No new posts Can't log in/out
Author: Dugtrio17
2 886 Fri Sep 09, 2005 6:48 pm
BrotherTank View latest post
No new posts A usefull feature for this site
Author: Sporb2000
5 1287 Tue Jun 14, 2005 8:13 pm
Chris View latest post
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
   You cannot delete your posts in this forum
You cannot vote in polls in this forum


Copyright ©2003-2008 DieHard Wolfers
A Modified subBunker Theme by BrotherTank
Powered by phpBB © 2001, 2005 phpBB Group