Re: How to force the users of ours site to use safe passwords? [XOOPS Core Hacks]

11

Re: How to force the users of ours site to use safe passwords?

2006/9/23 17:19
rplima2004
Just popping in
Posts: 70
Since: 2004/10/8

Hi guys,

I made some changes in the hack. Now its possible turn off the hack in the admin area, it is enough to define the level of security of the passwords as unsafe that hack does not appear more. The function what analyzes the quality of the passwords also changed, now its more elaborated. Not yet is the ideal, but already he is well next.

Please make download again and see the readme file (now in english too).

So, is this. Any troubles or suggestions please report me.

TheRplima

12

Re: How to force the users of ours site to use safe passwords?

2006/9/23 20:56
snow77
Just can't stay away
Posts: 864
Since: 2003/7/23

I agree with Hervet
Quote:

One thing is just missing, on the form of an option, a way to block the account after, let say, 3 unsuccessful logins.

but then considering the second issue that arises from this that irmtfan and rplima came aware of:
Quote:

If this is implemented anyone can block account of anyone, includding admin account. Really this has that to be thought better before being implemented.

which is not a nice thing at all.

It ocurred to me..to overcome this, is to do it the gmail way ...to not block the account ...but, after 3 failed intents of logging in, to make a captcha appear. This is would be make login security stronger.

www.polymorphee.com
www.xoopsdesign.com

13

Re: How to force the users of ours site to use safe passwords?

2006/9/23 21:02
giba
Just can't stay away
Posts: 638
Since: 2003/4/26

Quote:

snow77 wrote:
I agree with Hervet
One thing is just missing, on the form of an option, a way to block the account after, let say, 3 unsuccessful logins.

but then considering the second issue that arises from this that irmtfan and rplima came aware of:

If this is implemented anyone can block account of anyone, includding admin account. Really this has that to be thought better before being implemented.

Yes, before 3 account, start captcha, good idea too.

Quote:

which is not a nice thing at all.

It ocurred to me..to overcome this, is to do it the gmail way ...to not block the account ...but, after 3 failed intents of logging in, to make a captcha appear. This is would be make login security stronger.

Beautfool, really one special account for it

Remember, this code is for register, for login, 3 account fail is important too captcha, but is parameter account is in admin section too and preferences.

Exist hack by Dugris for image captcha, in analysing it.

14

Re: How to force the users of ours site to use safe passwords?

2006/9/23 21:06
davidl2
XOOPS is my life!
Posts: 4843
Since: 2003/5/26

Good idea Snow... hope you can add this Giba & rplima2004

15

Re: How to force the users of ours site to use safe passwords?

2006/9/23 22:58
giba
Just can't stay away
Posts: 638
Since: 2003/4/26

Quote:

davidl2 wrote:
Good idea Snow... hope you can add this Giba & rplima2004

Yes David, you is good friend XOOPS for me

Consgratz for you (apoio)

16

Re: How to force the users of ours site to use safe passwords?

2006/9/24 18:40
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

I always think captcha is just used to anon posting and prevent spams.i dont know why it must be used for login?

there is 2 different problem:

1- attack XOOPS by a brute force program:

i think protector can prevent this kind of abuse not captcha.

2- spam bots:
its a very improtant problem that i have with xoops. i cant open any XOOPS site for anonymouse to post because spam bots found it very soon.

i know captcha solved this. also any other solution for spam bots is very needed and must be at high level priority for XOOPS development team.

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

17

Re: How to force the users of ours site to use safe passwords?

2006/9/24 19:02
nekro
Quite a regular
Posts: 213
Since: 2005/11/9

I think that the CAPTCHA is the perfect way to prevent that a Bot gets inside of our site, i am sure that is very annoying to look to the image and include more information in addition of the common pass and user but is for security.

Is more i want to develop any hack to implement the CAPTCHA in the registration form too, but i dont have the time now.

As well as teh CAPTCHA feature should be developed de feature to bann users registered to login to the XOOPS system after a system administrators decides that the user hada done a malicious use of the site.

As i read someone has been trying to implement the captcha in the login no??? any success??

Luck!

18

Re: How to force the users of ours site to use safe passwords?

2006/9/24 19:10
rplima2004
Just popping in
Posts: 70
Since: 2004/10/8

I never tried implement captcha in xoops.

If you have a captcha code send to me that I try to place it in the register form together with hack of the safe password.

therplima at gmail dot com

TheRplima

19

Re: How to force the users of ours site to use safe passwords?

2006/9/24 19:16
nekro
Quite a regular
Posts: 213
Since: 2005/11/9

i ve got just a very simple example made by me.... you have to have the GD librarys in the PHP i will send it too you.

20

Re: How to force the users of ours site to use safe passwords?

2006/9/24 22:58
rplima2004
Just popping in
Posts: 70
Since: 2004/10/8

Ok, i received your email and as soon as possible i work in this.

Thank you.

TheRplima

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Re: How to force the users of ours site to use safe passwords?

Re: How to force the users of ours site to use safe passwords?

Re: How to force the users of ours site to use safe passwords?

Re: How to force the users of ours site to use safe passwords?

Re: How to force the users of ours site to use safe passwords?

Re: How to force the users of ours site to use safe passwords?

Re: How to force the users of ours site to use safe passwords?

Re: How to force the users of ours site to use safe passwords?

Re: How to force the users of ours site to use safe passwords?

Re: How to force the users of ours site to use safe passwords?

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}