 |
View Old Forum Thread
Old Forum Index » Baseball Beta Testing » Beta News » Security/Stability Changes
Admin
I have been working on some fixes for a while, and I am starting to lay them in to Beta. Right now, the player card has had some extra security applied to it and there has been changes to the framework that affects all pages.
The security code will look for things that look like attempts to compromise the system and will reject the input and warn you for milder cases, but for cases that the system decides are obviously hack attempts, it will instantly ban you from the system. We will have a log showing what page you were on, what field you were trying to set and what rule was triggered to generate the warning, so if you see one of these warnings on accident, please let us know. Especially if you get auto-banned. :) The ban will not prevent you from reaching the forum, or affect your regular teams, just beta.
Also, we have had someone trying to guess people's passwords, so if you enter an incorrect password five times you will get locked out of the system for 5 minutes.
It is important that everyone play Beta like it's a real league, using as much of the site as possible, so we can find and fix the bugs. Please let us know if you see anything out of place.
Chris
Security/Stability Changes
August 01, 2013 at 03:58PM View BBCode
As you all know, there have been recent attempts to compromise the site, and a number of site outages. In a way, these issues are related.I have been working on some fixes for a while, and I am starting to lay them in to Beta. Right now, the player card has had some extra security applied to it and there has been changes to the framework that affects all pages.
The security code will look for things that look like attempts to compromise the system and will reject the input and warn you for milder cases, but for cases that the system decides are obviously hack attempts, it will instantly ban you from the system. We will have a log showing what page you were on, what field you were trying to set and what rule was triggered to generate the warning, so if you see one of these warnings on accident, please let us know. Especially if you get auto-banned. :) The ban will not prevent you from reaching the forum, or affect your regular teams, just beta.
Also, we have had someone trying to guess people's passwords, so if you enter an incorrect password five times you will get locked out of the system for 5 minutes.
It is important that everyone play Beta like it's a real league, using as much of the site as possible, so we can find and fix the bugs. Please let us know if you see anything out of place.
Chris
Admin
Chris
August 01, 2013 at 04:15PM View BBCode
(Note: The password lockout only locks you out from the same IP address, so someone can't use this to lock out someone else to annoy them.)Chris
tm4559
August 02, 2013 at 11:16AM View BBCode
chris, i don't know if its related, but the teams button is messed up again. i open the beta side, one of my teams comes up, i can see the scedule, the standings, all of that. but if i go under teams and click one (in either the beta leauge or the ASL beta league), i get the apache thing. i tried it all kinds of ways and can't make it work.
Admin
Chris
August 05, 2013 at 05:25PM View BBCode
The test security code actually caught and blocked a real hack attempt on Beta... so whoever you are, anonymous hacker, thank you for the help testing! :DChris
CaseyStengel
August 05, 2013 at 09:06PM View BBCode
I get the following message when trying to access the Standings page.CaseyStengel has attached this image:
cowboymatt43
August 06, 2013 at 05:31AM View BBCode
Okay. So I was logged in to beta at work today. When I came home and tried to log in (on the same laptop but through a different ISP) I was autobanned.Pages: 1