*CHANGED* Login Security

Started by Shadowwolf, March 22, 2010, 10:38:39 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Shadowwolf

Summary:

Log in security for the forum has been tightened slightly. Changed should go virtually unnoticed to members.


  • 3 Failed Password Attempts and 15min Lockout on all accounts.
  • More strict log-in cookie usage.
  • Email generated to account owner if a failed log-in is detected.
  • Optional IP address restriction per profile for advanced users.




Additional Info:

Because we've had a lot of account hacks, I tightened security down even more on the forum because I believe that this might be how they are breaking into some accounts. Some folks use the same password to log in here as they do for WoW so if they get the log in right here, they can get into your WoW account.

The forum will now lock out accounts that receive 3 failed log in attempts within 1 hour for 15 minutes. What this means is that if there is a bot or someone trying to hack into your forum account and they type the wrong password in 3 times, it wont allow them to continue to try and guess your password and will just display the password recovery screen for the next 15 minutes.

The browser cookies that establish sessions and log in times have been adjusted slightly to be a bit more secure.

Any time someone attempts to log in to your account with the wrong password, an email will be sent to your email address with the IP address of the person attempting to hack your account.

There is not an option in the profile settings for everyone with an account to set a specific IP address to allow log ins to your account from only those IP addresses. (Only recommended for advanced users)

If you want to specify your IP allow list in your profile, here are the steps:

Step 1

Go to your profile settings by clicking on the "Profile" link on the forum menu bar.

[attach=1]

Step 2

Click on "Account Related Settings" under the Modify Profile section on the left navigation menu.

[attach=2]

Step 3

Look for the box labeled "IP Address Account Protection" and in the box type in the IP address or addresses you want to restrict your account log in to. You can list multiple IP's by putting a comma in between them such as:

192.168.1.1,192.168.1.2

The IP's need to be your public IP's, not private internal ones. If you are behind a firewall or Proxy, thats the IP's you need to list. Again, only people with a good understanding of IP's and the Internet should be using this feature so you dont lock yourself out of your account. We can fix it for you if you do, but its easier to just not fiddle with it unless you know what you're doing.

[attachimg=3]
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess