SWF Forum Security

[jaymassive619]

Well after yesterdays events a few questions were certainly raised. :!:

Fact is Han was able to to sign up with a new username regardless of the fact that he was previously banned however way you look at this its very poor that this could have happened. I bet a pound to penny he is still active with another username (he said this in chat and on his posts before they were deleted) and im sure he will learn from the reason he was caught out this time.

Another fact is we were all banned yet we could sign up with new user a/c's straight away within seconds with no problem. :?:

Its clear from the above that there are some security deficits (whether that's people not using them / not knowing how to use them or the tools not been there to use) i personally don't feel to comfortable with that and i know others dont either.

On other sites Admin and MOD's have very different levels of access e.g Joe could ban somebody on the Imperial Gunnery but he couldn't access the I.P data and in the case of someone using a dynamic I.P access the sites tools to block them out based on the location point of the transmission.

Does anybody on here other than Edd have Admin access?

What tools does the site have beyond a ban button to keep Han from coming back and causing more ****?

 

[Ron]

jay i kn0w n0thing abut the f0rum security

 

[jaymassive619]

jay i kn0w n0thing abut the f0rum security

Thats cool Ron im just thinking for the protection of everyone and so all users can feel like SWF is a safe place to be.

When you Ban someone do you just have a Ban Button or are there other options in the process?

 

[Ron]

y0u will need t0 ask edd ab0ut that. We can ban a IP address 0r ban s0me 1 f0r a time peri0d

 

[jimmymindtricks]

what iam wondering about is , the fact that this secret chatroom he pm'd me about

is suppose to be for mods only

so how did he know about this :?:

 

[Capetown]

Because Ron has access and he had hacked Rons account.

 

[weasel]

I know as much as Ron.
Edd is the only one with Admin access. I think we can ban IP address, although I haven't a notion how (come on, did I ever strike anyone as technologically competent!?)

I don't doubt Han has other accounts on here, but I don't know that there is any fully proof way of keeping him off. If he is THAT determined to come on he will find a way, unfortunately.

Still quite impressive that he hacked Ron's account, if also somewhat scary!

 

[jaymassive619]

y0u will need t0 ask edd ab0ut that. We can ban a IP address 0r ban s0me 1 f0r a time peri0d

Is Edd about or has anybody spoken to him regarding what happened?

Problem with banning I.P address these days is many people like myself (im with virgin) have a dynamic I.P address that will change every hour meaning these types of tools are outdated.

When the Han Duo I.D was finally banned who did it? and did they select Ban I.P as well?

 

[Ron]

i banned just the name. He then used my acc0unt t0 ban every 1

 

[weasel]

Because Ron has access and he had hacked Rons account.

As Spoons (I think) said in another thread the "secret forum" was set up to sort out buying Bollux a weddin present, way back before we realised he was a wanker! Lol. It was never closed/deleted afterwards. TBH it's very very rarely used, bar the last time Auggie came on when it was nice to have a thread that his inane mumblings WEREN'T on!

Don't worry we don't slag you all off behind your backs! We do it your faces!
Actually come to think of it half the people who could post in the secret forum aren't even posting any more, Jabba, Craig, Twofoot. That show's how up to date it is.

 

[jaymassive619]

I know as much as Ron.
Edd is the only one with Admin access. I think we can ban IP address, although I haven't a notion how (come on, did I ever strike anyone as technologically competent!?)

I don't doubt Han has other accounts on here, but I don't know that there is any fully proof way of keeping him off. If he is THAT determined to come on he will find a way, unfortunately.

Still quite impressive that he hacked Ron's account, if also somewhat scary!

Unfortunately they are lots of forums and sites on the internet dedicated to hacking PBP based forums. (I would post the links on how to do it but no doubt fat boy is reading)

Han can be kept off the site completely and the tools to do it are there these days.

For example location point banning which is what most new sites use like my G/F company swift cover uses and i think (dont quote me) that RS might use this (or similar) as well.

It basically traces the signal right down to the point of transmission and block contact from that location.

 

[weasel]

That'll be up to Edd mate, not much Ron, Bollux, Simon or myself can do on that front!

 

[Joe]

Shawn had a quick search yesterday and found a few scripts on google that can exploit various holes in the forums security which would enable him to get admin access or create an account that had it, that does open the possibility of him actually hacking the forum and Ron's pass, it also came to light that Ron had a rather weak password (sorry ron lol ).

Not sure which I believe to be honest, he does sound like a complete tool with nothing better to do than sit there and try to guess someone's password for months on end, and he also had the time to actually research and do it properly (or he paid a kid to do it lol)

I think the main thing that this incident has shown that Han is a few sandwiches
short of a picnic and he enjoys nothing more than sitting in his little room trying to piss people off on the internet, so NOTHING will surprise me in the future.

I think if Edd can update the security on here and we have some more admins on hand to help out than weasel, ron and bollux (because you aren't all online at the same times or at times at all) it will help stop this type of thing in the future.

There are people that have the trust of the board that check in every day at least once that could have admin to help share the workload for the admin team.

That's obviously something Edd can decide on or the other mods but it has been brought up in the past as well and no-one else got the chance.

 

[Ron]

Am n0t the best 1 t0 ask ab0ut f0rum security.

J0e bet i was n0t the 0nly 1 wh0 had starwars as there passw0rd

 

[jaymassive619]

Am n0t the best 1 t0 ask ab0ut f0rum security.

J0e bet i was n0t the 0nly 1 wh0 had starwars as there passw0rd

I wouldn't worry about it Ron you probably weren't the only one is was just your a MOD so if he was gonna guess passwords it would be a MOD he targets.

 

[Ron]

i think Han is 1 sad pers0n has he g0t n0thing better t0 d0 with his time

 

[Joe]

No problem Ron, Edd will have logs of what happened mate, if there was any attack it should have been flagged for him, if it just shows you logging in as per normal then I guess he did guess your password.

Hopefully Edd can get back to us with some good news on keeping him out for good and also how it happened in the first place.

 

[Joe]

Just wanted to remind everyone - He is still watching and reading, he can see most of the forums without registering and in the last 2 days we have had 1 or more guests watching at all times.

 

[weasel]

Chances are he has a few accounts.

 

[jaymassive619]

Chances are he has a few accounts.

I agree he said that in chat and on his posts in here.

Problem with updating security are the costs that it can entail but then if you have dickheads like fat boy wanting to wreck things its got to be worth it.

Jay