Read the blogs!
Started by ACAMS, January 11, 2011, 11:11:02 PM
Quote from: Arantor on February 15, 2011, 09:36:05 AMAre profiles accessible to guests?
Quote from: szinski on February 15, 2011, 09:40:34 AMA simple solution would be to create a mod that obfuscates (or simply hides) display names when a guest views the forum. Like the way eBay does it... instead of displaying "EagleMan" it'd display "E***n".
Quote from: Elysia on February 15, 2011, 09:47:44 AMNo that won't stop it, as the display name isn't the issue. The username is the issue and that does not appear on the board at all - it's the display name which shows in post and it's not that which is being used for the login attempts. I have an example where the login name is all capitals (e.g. FRED) and the username normal case (e.g. Fred) and the login failures are showing FRED not Fred.
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
Quote from: Arantor on February 15, 2011, 09:55:12 AMThat's where it's getting it from. It ISN'T what's being typed.
Quote from: Ziggy on February 15, 2011, 09:58:35 AMSo if you simply put an "!" (or something else) is will stop them?Like "Ziggy!" or "Arantor!"
Quote from: crash56 on February 15, 2011, 09:53:31 AMThis is really weird because my forums always show the display name on all the login attempts ... including my own when I simply botch my password. I assumed it was the default set up by the SMF software, not something that relied on what the person (or bot) was using to login.
Quote from: Arantor on February 15, 2011, 10:04:03 AMOr better, just have it say 'HIDDEN' for everyone
Quote from: Astral2000 on February 15, 2011, 10:13:50 AMI do not have profiles accessible to guests.
Quote from: Astral2000 on February 15, 2011, 10:13:50 AMI put the forum in maintenance mode overnight, but the errors still appeared. Anybody know why that should happen?
Quote from: szinski on February 15, 2011, 10:19:01 AMDoes anyone have a log of what password(s) the bots are using?
Quote from: 青山 素子 on February 15, 2011, 10:21:40 AMThe login form still exists in standard maintenance mode to allow for admins to login, so that won't do a thing. Setting maintenance mode to 2 would as it turns off everything. Doing so is a manual edit.
Quote from: Illori on February 15, 2011, 10:23:05 AMthere is no way to tell the difference in valid users trying to log in and the bots, so if you did find a way to catch the passwords it would be a security breach for all your members.
Quote from: Arantor on February 15, 2011, 10:33:01 AMYou almost never get the real password; it's invariably sent encrypted in the first place.In other news, I'm feeling very generous: http://arantor.org/index.php?topic=262.msg4580#msg4580
Quote from: Arantor on February 15, 2011, 10:33:01 AMIn other news, I'm feeling very generous: http://arantor.org/index.php?topic=262.msg4580#msg4580