[ home / bans / all ] [ qa / jp / cry ] [ sum ] [ f / ec ] [ b / poll ] [ tv / bann ] [ toggle-new / tab ]

/b/ - Boson Technology

Also known as Boson /g/

New Reply

Options
Comment
File
Whitelist Token
Spoiler
Password (For file deletion.)
Markup tags exist for bold, itallics, header, spoiler etc. as listed in " [options] > View Formatting "


Nen Refugee Thread Please be kind and welcoming to nen friends!

[Return] [Bottom] [Catalog]

File:1599680017788.png (17.44 KB,753x401)

 No.4370

I thought I should let you know your login page could use a security update. I don't feel like spending the day or so of time brute forcing my way in, but someone else might.

 No.4371

the hacker known as 4chan has arrived

 No.4372

it's been suggested a few hours ago and I think that's the way people break in on other vichan sites. The team has passwords that get the pass on https://howsecureismypassword.net/ and my server login is unique to kissu only.

 No.4373

also, worth putting this into practice for the captchas too

 No.4375

wtf happened to the thumbnail

 No.4378

The following steps add a max post counter to thwart low effort brute force attacks on passwords.
It has an anti-lockout mechanism by remembering a mod's login IP so you shouldn't get locked out of your account in many common scenarios.
Unless a cracker is on an IP you've used before this will prevent them from using proxy farms to bruteforce.

1) create modlogins table(this will be entered into on an unsuccessful password attempt):
CREATE TABLE modlogins(name VARCHAR(255), ip VARCHAR(255)NOT NULL, attempt_unix INTEGER(11), success INTEGER(1));

(backup before replacing)
2) Replace mod_login in inc/mod/pages.php
3) Replace login in inc/mod/authphp

4) in config.php add:
$config["max_login_attempts_refresh_time"] = 60 * 60; // 1 hour
$config["max_login_attempts"] = 10;
$config["error"]["max_logins_reached"] = "You have reached the maximum number of login attempts.";

 No.4382

キタ━━━(゚∀゚)━━━!!

 No.4386

>>4378
Why replace?

 No.4388

File:bruteforce-saftei.zip (23.95 KB)

>>4386
because it modifies behaviour of the login routine




[Return] [Top] [Catalog] [Post a Reply]
Delete Post [ ]

[ home / bans / all ] [ qa / jp / cry ] [ sum ] [ f / ec ] [ b / poll ] [ tv / bann ] [ toggle-new / tab ]