Worrying

Post Reply

Page <1 4 567 >

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
l15aRd Members Profile Find Members Posts Groupie Joined: 24 May 2002 Location: England Status: Offline Points: 121	Post Options Post Reply Quote l15aRd Report Post Thanks(0) Quote Reply Posted: 15 October 2003 at 1:47am
	he's using a packet sniffer and retrieving info from the intercepted packets so it's not a problem with the forum software and generally not a problem (as such) with the security on the server as he can only alter the forum with the passwords he gets, we have blocked a range of addresses that the individual used most frequently, and we have reported him to easynet and blueyonder, who have assured us that they sort it, but he must have access to another computer that uses BT internet, so we have the address of that and if the individual keep gaining access we'll report the ip he's using to them.... unbeknown to the individual we have friends who does that sort of thing of fun as well, he obviously has a very blinkered view on the WWW Edited by l15aRd
	DrunkenTechie.net You can logoff, but you can never leave

dvoss Members Profile Find Members Posts Newbie Joined: 13 February 2003 Location: United States Status: Offline Points: 18	Post Options Post Reply Quote dvoss Report Post Thanks(0) Quote Reply Posted: 17 October 2003 at 11:19am
	That explains it. Thanks for taking the time to explain how we was getting in. I'm glad you were able to figure out how we was getting access. Hopefully he'll be taken care of and won't hassle you guys anymore.

l15aRd Members Profile Find Members Posts Groupie Joined: 24 May 2002 Location: England Status: Offline Points: 121	Post Options Post Reply Quote l15aRd Report Post Thanks(0) Quote Reply Posted: 20 October 2003 at 7:22am
	I'm currently looking into creating my own certificate which I've done, but need to created the reply file, the only way I've found so far is to use openssl which looks like it only comes in the Linux variety, anyone had any experience with created these???
	DrunkenTechie.net You can logoff, but you can never leave

michael Members Profile Find Members Posts Senior Member Joined: 08 April 2002 Location: United States Status: Offline Points: 4670	Post Options Post Reply Quote michael Report Post Thanks(0) Quote Reply Posted: 20 October 2003 at 7:33am
	As you have your own server you can install certificate server, the only problem is that, as it is not a trusted source to your clients they will get a security warning till they add it to their trusted pool. As you said a "normal" certificate is out of your budget I don't think there is any cheaper solution for windows.
	Blog \| MPG Tracker

Da_Mental_One Members Profile Find Members Posts Newbie Joined: 24 May 2002 Location: United Kingdom Status: Offline Points: 23	Post Options Post Reply Quote Da_Mental_One Report Post Thanks(0) Quote Reply Posted: 23 October 2003 at 11:38am
	I've worked out how to implement the Certificate, just have to do so!

l15aRd Members Profile Find Members Posts Groupie Joined: 24 May 2002 Location: England Status: Offline Points: 121	Post Options Post Reply Quote l15aRd Report Post Thanks(0) Quote Reply Posted: 30 October 2003 at 3:31am
	They've finally told us how they were getting in, which has been plugged, and lets just say it wasn't with the server or the software. Someone gave me an idea as well, if a user doesn't login to the forums for say a month, would there be anyway that the next time they login it expires their password and they have to change it, abit like the password expirey policies on NT based O/s's??? Edited by l15aRd
	DrunkenTechie.net You can logoff, but you can never leave

l15aRd Members Profile Find Members Posts Groupie Joined: 24 May 2002 Location: England Status: Offline Points: 121	Post Options Post Reply Quote l15aRd Report Post Thanks(0) Quote Reply Posted: 30 October 2003 at 3:40am
	just had another idea, this one get to be a pain thou, so an option to turn it off might be an idea, but how about if someone is trying to login as a moderator/admin/special group and they get the password wrong the forum sends admin an email stating the username and mail address of the individual and time, so admin can contact them and just let them know that someone or themselve has got the password wrong and should think about changing it.... Edited by l15aRd
	DrunkenTechie.net You can logoff, but you can never leave

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 30 October 2003 at 5:57am
	Some good ideas I'll look into implementing some in future versions. The only problem could be after a month the person may not remeber their password, but you could set it up that veryone changes their password every 30 days. I can see a protetial problem with the email if the password is wrong, if someone tries 100 times to log in on another account, the forum admin could be flooded with 100 emails.
	Web Wiz Forums Hosting ASP.NET Web Hosting

Post Reply	Page <1 4 567 >

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum