YTFC Forum

darren · Joined: 28 Dec 2005 Posts: 334 Location: Yeovil, Somerset

Thanks to feedback from some members, I have made a few changes to how this forum is set up.

Firstly some background into why problems are occurring.

As you are probably aware, this site got hacked within two weeks of it appearing, resulting in a loss of all the posts and users. To avoid a repeat of this, I installed some security software on the forum which would automatically ban users who appeared to be using known hack attempts.

One common attempt at attacking a site such as this one is to repeatedly try to log in as a user, in an attempt to 'guess' that user's password. To avoid this, the number of incorrect login attempts allowed was set to 3. If this was reached, the user's IP address was 'banned' for a few hours. This would make any real attempt at attacking this site very difficult for an attacker.

What has happened in many cases is that a user has typed the incorrect password (possibly with CAPS LOCK on), and repeatedly attempted to type the same password. The forum software interprets this as an attack and therefore bans that user for a few hours. In the meantime, the user asks for their password to be sent to them, which then resets their password. When the ban is lifted a few hours later, the user's password is then invalid, as it has been reset.

Another problem that compounds this is that some users do not get the password reset instructions, as they either supplied an invalid email address when they signed up or have mistyped the address. You'd be surprised how many people have mis-spelt yahoo or hotmail.

I have relaxed some of the security requirements applied by this software, and made changes to the way the forum software deals with attacks, which I believe should correct the problems for the majority of users.

Please accept my apologies for any problems that this security software caused anyone. If you have previously had an account with this site, I would encourage you to participate again.