+- Midnight Mansion Forums (https://actionsoft.com/forum)
+-- Forum: Announcements (https://actionsoft.com/forum/forumdisplay.php?fid=6)
+--- Forum: 008 (https://actionsoft.com/forum/forumdisplay.php?fid=30)
+--- Thread: It works! (/showthread.php?tid=1614)
Pages:
1
2
Re: It works! - RobSeegel - 09-04-2011
I took a critical look at the registration/captcha mechanism today. The key problem that I can see is that it allows the potential hacker to get multiple tries at solving the same captcha image. I looked in the logs, and saw multiple failures on a few suspicious user names before success if they succeeded. Some would-be hackers (or possible newbies, I suppose) gave up. My guess is as you make the captcha image harder it takes more attempts to get it right.
Ideally, if you have a failure, then that Captcha image should be retired and a new one generated so that multiple attempts cannot be made on a single image. Well, I have the software and it is open source, perhaps I could submit a Patch... First, I need to get it working on my computer.
Re: It works! - brell - 09-04-2011
Rob, if you spot a newbie, that has surely hacked himself in, then you are allowed to delete him without any further warning. We have already warned hackers that they will be deleted if spotted.
I myself find everyone with trash usernames, like dslijgfgiphj, and with an email ending with .ru very suspicious.
Re: It works! - RobSeegel - 09-04-2011
0313040D0D610 wrote: Rob, if you spot a newbie, that has surely hacked himself in, then you are allowed to delete him without any further warning. We have already warned hackers that they will be deleted if spotted.
I myself find everyone with trash usernames, like dslijgfgiphj, and with an email ending with .ru very suspicious.
I've already been doing that. I made a sweep of the users and I focused on those users who hadn't been online ever. A few different sorts made it very easy to find suspicious accounts. I think total users had been over 600 before I cleaned house. I agree about the things you find suspicious - I've looking at that. I've also been visiting the error logs and tracking some of the behavior. Pretty interesting - to me, anyway.
Anyway, I followed your posts on this issue in the forums with great interest.