PDA

View Full Version : Last Night's Down Time



Rick
June 1st, 2011, 5:35 PM
I just wanted to let you all know that the down time last night was due to an important upgrade that was necessary out of security concerns in the last version.

That's why we decided to initiate the password expiration and the password "Strikes" system. It is to prevent a brut force attack on your password. Probably a bit of overkill, but better safe than sorry. The expiration is set at six months, but I suggest that everyone change their passwords now, even if the software didn't force you to do it when you logged on today.

Most of you know that I don't like taking the board down for maintenance during busy times, especially during the week, but felt it was necessary to do so last night.

It went well, absolutely no problems and the longest down time occurred while I was backing up the database.

Thanks to the user who tipped me off to the issue. :thumbsup

Spartan
June 1st, 2011, 5:47 PM
Well... that's a relief. I was thinking that CTT had crashed. Then, when I tried to log on today it asked me for a new password and then would not accept it... blocking me out for 15min. Then I thought OK they figured out a sneaky way to get me off the forum and keep me off... Paranoia sucks!

Gramps
June 1st, 2011, 6:02 PM
Well... that's a relief. I was thinking that CTT had crashed. Then, when I tried to log on today it asked me for a new password and then would not accept it... blocking me out for 15min. Then I thought OK they figured out a sneaky way to get me off the forum and keep me off... Paranoia sucks!

Same thing happened to me. I changed my password and was allowed to log in to CTT, but when I clicked the New Posts link, it asked for my password again. Wouldn't accept my new password. Wouldn't accept my old password. Blocked me out out for 15 minutes.

Rick
June 1st, 2011, 6:29 PM
You might need to clear your cookies if that keeps happening. It seems to be a sporatic problem whenever I upgrade. I'll check the settings on this end too.

xzochye
June 1st, 2011, 8:50 PM
It did the same thing to me. I was panicked when I couldn't even send Rick and Scarlett a pm!

Scarlett
June 1st, 2011, 8:55 PM
I got several panic text messages. Lol.

Brian McCall
June 1st, 2011, 9:47 PM
I heard the distant sound of sky cracking and beginning to fall. I just finished writing a post and was afraid it would be lost.

Scarlett
June 1st, 2011, 9:49 PM
THAT would have been simply tragic.

THEMEANOGRE
June 1st, 2011, 9:53 PM
I had no problems. I did have to change my password. But when I did, it was accepted right away.

Texas Immigrant
June 1st, 2011, 10:20 PM
Good thing you didn't do this on the day the world was supposed to end!!

Rick
June 1st, 2011, 10:44 PM
I couldn't, I was out maxing out my credit cards...darnit!

Brian McCall
June 2nd, 2011, 6:25 AM
THAT would have been simply tragic.

Yeah I know, right?

Fortunately I was able to submit it the next morning, and the world was saved from yet another senseless tragedy.

Mestral
June 2nd, 2011, 4:26 PM
I take it the rule here will be 3 strikes and 15 minutes?

I set my personal system up for 5 stikes and 5 minutes. I figure if I can slow the attack to less than one per minute, even a moderately good password will hold up, but with a public system, you would need something better (like 3 and 15) since you don't know how good the users passwords are. (would your logs show if there were something like 2880 failed attempts on some account?)

Rick
June 2nd, 2011, 5:11 PM
It's 5 strikes, 15 minutes. That's not changeable, I can only turn the strikes system on and off. And no, the logs don't show that. There might be a modification for that, but I haven't seen it.

Mestral
June 2nd, 2011, 5:23 PM
Well, at 5 and 15, an attack might succeed if it went on for several days. I think that is how they took down my former hang out. We had made enemies of Islamists, and a couple other classes of degenerates. I think they eventually hacked the database administrator's password, since they deleted his programs and scripts. Our real downfall was the board owner had backups of all the data, but not the program scripts. In addition, they launched a distributed denial of service attack that went on for a couple of weeks. But what really did us in was the fact that the board owner could not rebuild the board software in a reasonable amount of time, and alas, life went on without it.