Follow SMF on Twitter.
Started by ACAMS, January 11, 2011, 11:11:02 PM
Quote from: Cal O'Shaw on February 16, 2011, 01:02:43 AM@robbie93,With your portal and all, you may not wish to do so. But then you need to make your usernames different from your display names (either by telling your users to change them or to use something like the email login MOD).But I would like to have the OPTION as there is no benefit in our case to displaying names.As you noted, hiding the names will not stop THIS ATTACK. But you can be sure someone will use the script and try again. Wouldn't you like to stop THE NEXT ATTACK. Because it's going to come. You've been under attack for over a month you say. You think they're just going to take their ball and go home? This type of attack will come again. It's sophisticated enough that it can't be stopped by IP, it doesn't blast you so you can halt it that way. It runs so slow that you can't be sure it's not a regular user without checking the IP against where you know the user lives.It seems the only way to reduce (I didn't say stop) is by cloaking your site (hide membernames) and/or making sure what names are displayed are not valid for logging in. We take additional precautions, limiting what boards are visible, and limiting guests to seeing only the first post (which may help explain why the target list used against our site is so small; there wasn't a lot to harvest). We blocked the Info Center as we felt there was no valid reason for guests to see that information. We figure if they want to see more they will register (and we review them before accepting them).Sorry if I come off as a Johnny One-Note, but it seems to be a repeated need to point out some of the features of this attack and that what works for one site will not work for another (hence my saying that maybe robbie93 doesn't see a need to hide names, but we most assuredly do want to hide them).Cal
Quote from: Arantor on February 16, 2011, 02:13:04 PMYou do realise that the mod I wrote only hides the names from guests, not to members, right? Hardly giving into anyone.I should note, I've just started a much (much) more thorough logging of this spate of bots and already have a few ideas on how to block them until they get smarter again.
Quoteso why bother?
QuoteI dont see this site hiding names from guests on info center isnt this site getting hit? and what have you guys done on this site to stop them?
Quote from: Arantor on February 16, 2011, 02:30:49 PMHow do you know this site isn't being hit? There's no guarantee of that at all! (In my case I am immune here because I have a different login name to display name )
Quote from: Kindredmemberlist.....
Quote from: Cal O'Shaw on February 16, 2011, 04:06:29 PMYou have to change the permission for guests. I believe it is on by default (we switched it off years ago, so I could be quite wrong on default setting).Cal
Quote from: Kindred on February 16, 2011, 04:03:04 PMmemberlist.....