Author Topic: Forum Security Updates  (Read 2236 times)

Whitney

  • Global Moderator
  • Don't Pray in My School, and I Won't Think in Your Church
  • *****
  • Posts: 7358
  • Gender: Female
  • Mysteriously Absent - Like God
    • http://fellowshipoffreethought.org
Forum Security Updates
« on: January 04, 2011, 06:12:05 PM »
For the time being I have made it a requirement that all new user passwords contain letter and numbers.  

You will also be forced to change your password every[strike:28v5j06o]30[/strike:28v5j06o] 365 days. (but if you are 'under attack' you should change it more often...policy with hacked accounts is to ban them till the correct owner can be figured out)

Max login attempts before captcha is changed to 1.

I suggest that if you are one of the people getting the exceeded mass login attempts notice that you change your password more often or make it really long to lessen the chance of it being broken.

I also found a button I could tick that checks IPs against a spam database; so I set that to yes.  It might help cut down on the spam we get every now and then.

LegendarySandwich

  • Kickin' Back With d'Holbach
  • ****
  • Posts: 1341
  • Trying to be a freethinker
Re: Forum Security Updates
« Reply #1 on: January 04, 2011, 06:13:17 PM »
We'll be forced to change our password every month? Really? My password right now is really secure...I doubt anyone will ever crack it. Do I have to create a new password?

KDbeads

  • Free of Childhood Neuroses
  • ***
  • Posts: 846
  • Currently Present
Re: Forum Security Updates
« Reply #2 on: January 04, 2011, 06:13:34 PM »
Did we just have to reset our passwords because of this, like 2 minutes ago?  Just want to be sure since I hadn't been having trouble until now!
A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. - Douglas Adams

MariaEvri

  • The quiet creative one.
  • Not Defeated by the Dark Night of the Soul
  • ****
  • Posts: 1938
  • Gender: Female
    • Poseidon's world
Re: Forum Security Updates
« Reply #3 on: January 04, 2011, 06:29:21 PM »
Quote from: "KDbeads"
Did we just have to reset our passwords because of this, like 2 minutes ago?  Just want to be sure since I hadn't been having trouble until now!

yeah took me a while to understand what was going on, but finally i changed my password and I managed to log in...
God made me an atheist, who are you to question his wisdom!
www.poseidonsimons.com

Whitney

  • Global Moderator
  • Don't Pray in My School, and I Won't Think in Your Church
  • *****
  • Posts: 7358
  • Gender: Female
  • Mysteriously Absent - Like God
    • http://fellowshipoffreethought.org
Re: Forum Security Updates
« Reply #4 on: January 04, 2011, 06:37:03 PM »
those that didn't have a complex password couldn't change their password so I took off the complex requirement (people should still use complex passwords, at some point I will make that a requirement again and those that don't have complex alpha numeric passwords won't be able to log in without help).

You can theoretically change your password to the same password (I think) This is not advised unless you are really confident in how secure your password is.  I'm using a really complex password and plan to change it very frequently until this hacker threat passes since if my account gets hacked it will be a huge pain in the ass to recover it (in that event that it does happen I will pull the plug on the board while I'm fixing it so that no further damage can be done; I am making more frequent board backups too just in case)

I had to do something to make sure everyone changed their passwords to something new, this is just a temporary thing eventually they'll get tired of trying to crack the accounts.  I'll go ahead and change it to 365 days so it only forces it every year but still makes everyone have to have a new password today.

Tank

  • Administrator
  • Excellent and Indefatigable Guardian of Reason
  • *****
  • Posts: 31464
  • Gender: Male
Re: Forum Security Updates
« Reply #5 on: January 04, 2011, 08:39:16 PM »
:pop:
If religions were TV channels atheism is turning the TV off.
“Religion is a culture of faith; science is a culture of doubt.” ― Richard P. Feynman
'It is said that your life flashes before your eyes just before you die. That is true, it's called Life.' - Terry Pratchett
Remember, your inability to grasp science is not a valid argument against it.

Velma

  • Touched by His Noodly Appendage
  • *****
  • Posts: 2314
  • Gender: Female
Re: Forum Security Updates
« Reply #6 on: January 04, 2011, 10:59:45 PM »
Quote from: "Whitney"
those that didn't have a complex password couldn't change their password so I took off the complex requirement (people should still use complex passwords, at some point I will make that a requirement again and those that don't have complex alpha numeric passwords won't be able to log in without help).

You can theoretically change your password to the same password (I think) This is not advised unless you are really confident in how secure your password is.  I'm using a really complex password and plan to change it very frequently until this hacker threat passes since if my account gets hacked it will be a huge pain in the ass to recover it (in that event that it does happen I will pull the plug on the board while I'm fixing it so that no further damage can be done; I am making more frequent board backups too just in case)

I had to do something to make sure everyone changed their passwords to something new, this is just a temporary thing eventually they'll get tired of trying to crack the accounts.  I'll go ahead and change it to 365 days so it only forces it every year but still makes everyone have to have a new password today.
I don't blame you.  I was on staff at a forum when a hacker got the password for the site admin (the forum was just one part of a larger site).  What a nightmare that was!!  

Everyone should watch out for phishing scams - any communication that claims to be from HAF that asks for your password should be deleted without clicking on any links.
Life is but a momentary glimpse of the wonder of the astonishing universe, and it is sad to see so many dreaming it away on spiritual fantasy.~Carl Sagan

KDbeads

  • Free of Childhood Neuroses
  • ***
  • Posts: 846
  • Currently Present
Re: Forum Security Updates
« Reply #7 on: January 04, 2011, 11:56:09 PM »
Quote from: "Whitney"
Max login attempts before captcha is changed to 1.
Hmmmmmmmmmmmmm.......

I just had to do the whole security thingy, me thinks le-hacker is now trying to use me  :mad:
A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. - Douglas Adams

terranus

  • Out of the Religious Closet
  • **
  • Posts: 422
    • http://www.terranus.org/
Re: Forum Security Updates
« Reply #8 on: January 06, 2011, 04:02:10 PM »
Think someone tried to hack my account. Got captcha'd on the way in today.
Trovas Veron!
--terranus | http://terranus.org--

Will

  • Global Moderator
  • Touched by His Noodly Appendage
  • *****
  • Posts: 2698
Re: Forum Security Updates
« Reply #9 on: January 06, 2011, 11:44:42 PM »
Thanks for the new policy, Whitney. While it might seem a bit frustrating, the security of accounts is important. I see it as analogous to preventing identity theft IRL.
I want bad people to look forward to and celebrate the day I die, because if they don't, I'm not living up to my potential.

Tank

  • Administrator
  • Excellent and Indefatigable Guardian of Reason
  • *****
  • Posts: 31464
  • Gender: Male
Re: Forum Security Updates
« Reply #10 on: January 07, 2011, 10:21:44 AM »
Since the log in attempts have been dropped to one I have buggered up logging in 4 out of 5 times so far :upset:
If religions were TV channels atheism is turning the TV off.
“Religion is a culture of faith; science is a culture of doubt.” ― Richard P. Feynman
'It is said that your life flashes before your eyes just before you die. That is true, it's called Life.' - Terry Pratchett
Remember, your inability to grasp science is not a valid argument against it.

The Magic Pudding

  • The black swan of trespass
  • Blessing Her Holy Hooves
  • *****
  • Posts: 4913
Re: Forum Security Updates
« Reply #11 on: January 07, 2011, 10:47:09 AM »
Quote from: "Tank"
Since the log in attempts have been dropped to one I have buggered up logging in 4 out of 5 times so far :upset:

Yes I've had some trouble passing as human, it's not easy being a pudding.
I suspect the cracked password was very simple.
I changed my password once, but I don't plan on doing it again soon, its 20+ characters, some upper-case, some numerical, no special characters though.

terranus

  • Out of the Religious Closet
  • **
  • Posts: 422
    • http://www.terranus.org/
Re: Forum Security Updates
« Reply #12 on: January 07, 2011, 02:26:09 PM »
Quote
no special characters though

Can we use special characters in our passwords? I imagine that would help increase their overall strength.
Trovas Veron!
--terranus | http://terranus.org--

McQ

  • Administrator
  • Has an Invisible Dragon in Their Garage
  • *****
  • Posts: 3672
  • Foolproof and capable of terror.
Re: Forum Security Updates
« Reply #13 on: January 07, 2011, 03:17:29 PM »
Quote from: "terranus"
Quote
no special characters though

Can we use special characters in our passwords? I imagine that would help increase their overall strength.

Yes, and I recommend doing so in every password you use on the Internet. Our hacker is a rank amateur, but others out there are more sophisticated, and getting more so every day. Special characters strengthen a password and make it harder to crack.
Elvis didn't do no drugs!
--Penn Jillette

terranus

  • Out of the Religious Closet
  • **
  • Posts: 422
    • http://www.terranus.org/
Re: Forum Security Updates
« Reply #14 on: January 09, 2011, 11:15:17 PM »
Cool. Yeah I usually do use special characters but I didn't know if this board supported it or not.

Thanks!
Trovas Veron!
--terranus | http://terranus.org--