11
rplima2004
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/23 17:19

  • rplima2004

  • Just popping in

  • Posts: 70

  • Since: 2004/10/8


Hi guys,

I made some changes in the hack. Now its possible turn off the hack in the admin area, it is enough to define the level of security of the passwords as unsafe that hack does not appear more. The function what analyzes the quality of the passwords also changed, now its more elaborated. Not yet is the ideal, but already he is well next.

Please make download again and see the readme file (now in english too).

So, is this. Any troubles or suggestions please report me.


TheRplima

12
snow77
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/23 20:56

  • snow77

  • Just can't stay away

  • Posts: 864

  • Since: 2003/7/23


I agree with Hervet
Quote:

One thing is just missing, on the form of an option, a way to block the account after, let say, 3 unsuccessful logins.


but then considering the second issue that arises from this that irmtfan and rplima came aware of:
Quote:

If this is implemented anyone can block account of anyone, includding admin account. Really this has that to be thought better before being implemented.


which is not a nice thing at all.

It ocurred to me..to overcome this, is to do it the gmail way ...to not block the account ...but, after 3 failed intents of logging in, to make a captcha appear. This is would be make login security stronger.
www.polymorphee.com
www.xoopsdesign.com

13
giba
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/23 21:02

  • giba

  • Just can't stay away

  • Posts: 638

  • Since: 2003/4/26


Quote:

snow77 wrote:
I agree with Hervet
One thing is just missing, on the form of an option, a way to block the account after, let say, 3 unsuccessful logins.

but then considering the second issue that arises from this that irmtfan and rplima came aware of:

If this is implemented anyone can block account of anyone, includding admin account. Really this has that to be thought better before being implemented.


Yes, before 3 account, start captcha, good idea too.

Quote:

which is not a nice thing at all.

It ocurred to me..to overcome this, is to do it the gmail way ...to not block the account ...but, after 3 failed intents of logging in, to make a captcha appear. This is would be make login security stronger.


Beautfool, really one special account for it


Remember, this code is for register, for login, 3 account fail is important too captcha, but is parameter account is in admin section too and preferences.

Exist hack by Dugris for image captcha, in analysing it.

14
davidl2
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/23 21:06

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Good idea Snow... hope you can add this Giba & rplima2004

15
giba
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/23 22:58

  • giba

  • Just can't stay away

  • Posts: 638

  • Since: 2003/4/26


Quote:

davidl2 wrote:
Good idea Snow... hope you can add this Giba & rplima2004


Yes David, you is good friend XOOPS for me

Consgratz for you (apoio)

16
irmtfan
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/24 18:40

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


I always think captcha is just used to anon posting and prevent spams.i dont know why it must be used for login?


there is 2 different problem:

1- attack XOOPS by a brute force program:

i think protector can prevent this kind of abuse not captcha.

2- spam bots:
its a very improtant problem that i have with xoops. i cant open any XOOPS site for anonymouse to post because spam bots found it very soon.

i know captcha solved this. also any other solution for spam bots is very needed and must be at high level priority for XOOPS development team.

17
nekro
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/24 19:02

  • nekro

  • Quite a regular

  • Posts: 213

  • Since: 2005/11/9


I think that the CAPTCHA is the perfect way to prevent that a Bot gets inside of our site, i am sure that is very annoying to look to the image and include more information in addition of the common pass and user but is for security.

Is more i want to develop any hack to implement the CAPTCHA in the registration form too, but i dont have the time now.

As well as teh CAPTCHA feature should be developed de feature to bann users registered to login to the XOOPS system after a system administrators decides that the user hada done a malicious use of the site.

As i read someone has been trying to implement the captcha in the login no??? any success??

Luck!

18
rplima2004
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/24 19:10

  • rplima2004

  • Just popping in

  • Posts: 70

  • Since: 2004/10/8


I never tried implement captcha in xoops.

If you have a captcha code send to me that I try to place it in the register form together with hack of the safe password.


therplima at gmail dot com

TheRplima

19
nekro
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/24 19:16

  • nekro

  • Quite a regular

  • Posts: 213

  • Since: 2005/11/9


i ve got just a very simple example made by me.... you have to have the GD librarys in the PHP i will send it too you.

20
rplima2004
Re: How to force the users of ours site to use safe passwords?
  • 2006/9/24 22:58

  • rplima2004

  • Just popping in

  • Posts: 70

  • Since: 2004/10/8


Ok, i received your email and as soon as possible i work in this.

Thank you.

TheRplima

Login

Who's Online

110 user(s) are online (75 user(s) are browsing Support Forums)


Members: 0


Guests: 110


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Feb 28
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits