PASSWORD Security

Discuss technical problems and features here
User avatar
luke
Orange Belt
Posts: 102
Joined: Fri Aug 07, 2015 9:09 pm
Languages: English (N). Spanish (intermediate), Esperanto (intermediate), French (intermediate)
Language Log: viewtopic.php?f=15&t=5462
x 196

Re: PASSWORD Security

Postby luke » Sun Aug 20, 2017 5:41 am

Is there a way to block the IP address of the bot or crack-engine that does the repeated attacks?
4 x

User avatar
Serafín
Yellow Belt
Posts: 70
Joined: Thu Dec 01, 2016 5:28 am
Location: Vancouver, British Columbia / Colombie Britannique, Canada
Languages: Spanish (native), English (advanced), French (intermediate), Latin (intermediate-ish reading/writing), Mandarin (beginner)
Language Log: viewtopic.php?t=5010
x 106

Re: PASSWORD Security

Postby Serafín » Mon Aug 21, 2017 3:28 pm

I have to do the log-in question every day I come here on my laptop, but I never have to on my phone. I wonder why that is.
0 x

Cainntear
Blue Belt
Posts: 870
Joined: Thu Jul 30, 2015 11:04 am
Location: Scotland
Languages: English(N)
Advanced: French,Spanish, Scottish Gaelic
Intermediate: Italian, Catalan, Corsican
Basic: Welsh
Dabbling: Polish, Russian etc
x 1780
Contact:

Re: PASSWORD Security

Postby Cainntear » Wed Aug 30, 2017 7:47 am

William Camden wrote:I have started getting those "you have logged in with the wrong password too many times" messages again (after logging in just once), even though I changed to a new password which temporarily solved the problem.

Changing the password doesn't solve the problem -- the problem occurs when the would-be hacker attempts to log in and gets your password wrong -- the problem is that they don't know your password, so changing it can't really help.

Serafín wrote:I have to do the log-in question every day I come here on my laptop, but I never have to on my phone. I wonder why that is.

Lucky timing. Literally. The problem is all down to when the attackers try to log in.
0 x
A year of Tatoeba recordings: 40 / 365 One donated recording every day in 2017.

Cainntear
Blue Belt
Posts: 870
Joined: Thu Jul 30, 2015 11:04 am
Location: Scotland
Languages: English(N)
Advanced: French,Spanish, Scottish Gaelic
Intermediate: Italian, Catalan, Corsican
Basic: Welsh
Dabbling: Polish, Russian etc
x 1780
Contact:

Re: PASSWORD Security

Postby Cainntear » Wed Aug 30, 2017 7:51 am

And as I alluded to previous, the rules for what is considered a strong password aren't worth following. There's a nice mathematical demonstration of why four lower case words are actually better than most so-called "strong" passwords. Now considering we're a bunch of polyglots, and most of us already probably use at least two different languages in our passwords, mathematically, we're all pretty safe anyway, particularly if we add in a few random symbols.
4 x
A year of Tatoeba recordings: 40 / 365 One donated recording every day in 2017.

User avatar
Voxel
Yellow Belt
Posts: 81
Joined: Thu Oct 15, 2015 7:49 am
Location: France
Languages: French (N), English (I), Russian (?), Japanese (?)
x 125

Re: PASSWORD Security

Postby Voxel » Thu Aug 31, 2017 7:22 am

Tillumadoguenirurm wrote:Had to answer several captchas just now even though I answered correctly.

I have the same problem.
phpBB3 wrote:You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below.

It's difficult to connect to my account all the time.
0 x

Morgana
Orange Belt
Posts: 108
Joined: Tue Jun 06, 2017 6:02 pm
Languages: English (N)
x 117

Re:

Postby Morgana » Thu Aug 31, 2017 7:57 am

Last edited by Morgana on Mon Nov 27, 2017 12:07 am, edited 2 times in total.
1 x

Cainntear
Blue Belt
Posts: 870
Joined: Thu Jul 30, 2015 11:04 am
Location: Scotland
Languages: English(N)
Advanced: French,Spanish, Scottish Gaelic
Intermediate: Italian, Catalan, Corsican
Basic: Welsh
Dabbling: Polish, Russian etc
x 1780
Contact:

Re: PASSWORD Security

Postby Cainntear » Fri Sep 01, 2017 12:40 am

Voxel wrote:
Tillumadoguenirurm wrote:Had to answer several captchas just now even though I answered correctly.

I have the same problem.

The idea with reCAPTCHA is that you generate training data that is used to teach machine learning algorithms. This means that sometimes you'll be presented with data where the correct answer isn't known, and then you might need to answer a second question to check that you're reliable and trustworthy.
0 x
A year of Tatoeba recordings: 40 / 365 One donated recording every day in 2017.

User avatar
emk
Brown Belt
Posts: 1287
Joined: Sat Jul 18, 2015 12:07 pm
Location: Vermont, USA
Languages: English (N), French (B2+)
Badly neglected "just for fun" languages: Middle Egyptian, Spanish.
Language Log: viewtopic.php?f=15&t=723
x 4076
Contact:

Re: PASSWORD Security

Postby emk » Fri Sep 01, 2017 12:53 pm

I have a couple of theories about what might be going on with the CAPTCHAs. Specifically, before, our setup looked like:

Internet -> phpBB forum

Now it looks like:

Internet -> nginx reverse proxy -> phpBB forum

The problem is that the phpBB software no longer sees Internet IP addresses, but now only sees the internal IP address of the nginx proxy. Usually, this should just work transparently, because nginx sets an X-Forwarded-For header with the real IP address, which phpBB is supposed to look at. But for whatever reason, I think phpBB normally ignores this. So this means that phpBB thinks that all users of the site come from the same IP address, which it probably why it's accusing random people of too many failed logins—all failed logins seem to come from nginx.

When I have a moment, I need to Google this issue and fix either our phpBB install or possible our nginx reverse proxy configuration to get X-Forwarded-For working again. Unfortunately, it's crunch time at work, and I'm pretty busy right now.

If somebody technical has some time to look into this, or even send a pull request, I'd be massively grateful. If not, I'll try to get to it as soon as I can.
4 x

User avatar
Evita
Orange Belt
Posts: 155
Joined: Tue Aug 11, 2015 7:02 pm
Location: Latvia
Languages: I speak: Latvian, English, Russian, German
I study: Korean
I'm slowly forgetting: Spanish, Finnish, French
Language Log: viewtopic.php?f=15&t=1141
x 226

Re: PASSWORD Security

Postby Evita » Sat Sep 02, 2017 6:40 am

emk, is that also the reason the main page always says there's exactly one guest user online?
1 x
: 5201 / 8000 Korean Vocabulary
: 325 / 1500 Korean Hanja

My Korean Anki decks: Grammar Sentences Vocabulary Hanja

Vedun
Orange Belt
Posts: 183
Joined: Tue Jun 21, 2016 1:36 pm
Languages: Native: Bulgarian
Fluent: English
RHW: German, Italian, Russian
RMWH: Finnish, Spanish, Portuguese, Norwegian
EDO: Polish, Hungarian, Basque
Bucket list: Most of Europe
Language Log: viewtopic.php?f=15&t=3009
x 125

Re: PASSWORD Security

Postby Vedun » Sat Sep 23, 2017 4:26 pm

Whatever happened to this? Any progress?
0 x


Return to “Technical Support and Feature Requests”

Who is online

Users browsing this forum: No registered users and 1 guest