PASSWORD Security

Discuss technical problems and features here
Cainntear
Black Belt - 3rd Dan
Posts: 3468
Joined: Thu Jul 30, 2015 11:04 am
Location: Scotland
Languages: English(N)
Advanced: French,Spanish, Scottish Gaelic
Intermediate: Italian, Catalan, Corsican
Basic: Welsh
Dabbling: Polish, Russian etc
x 8662
Contact:

Re: PASSWORD Security

Postby Cainntear » Fri Sep 01, 2017 12:40 am

Voxel wrote:
Tillumadoguenirurm wrote:Had to answer several captchas just now even though I answered correctly.

I have the same problem.

The idea with reCAPTCHA is that you generate training data that is used to teach machine learning algorithms. This means that sometimes you'll be presented with data where the correct answer isn't known, and then you might need to answer a second question to check that you're reliable and trustworthy.
0 x

User avatar
emk
Black Belt - 1st Dan
Posts: 1620
Joined: Sat Jul 18, 2015 12:07 pm
Location: Vermont, USA
Languages: English (N), French (B2+)
Badly neglected "just for fun" languages: Middle Egyptian, Spanish.
Language Log: viewtopic.php?f=15&t=723
x 6326
Contact:

Re: PASSWORD Security

Postby emk » Fri Sep 01, 2017 12:53 pm

I have a couple of theories about what might be going on with the CAPTCHAs. Specifically, before, our setup looked like:

Internet -> phpBB forum

Now it looks like:

Internet -> nginx reverse proxy -> phpBB forum

The problem is that the phpBB software no longer sees Internet IP addresses, but now only sees the internal IP address of the nginx proxy. Usually, this should just work transparently, because nginx sets an X-Forwarded-For header with the real IP address, which phpBB is supposed to look at. But for whatever reason, I think phpBB normally ignores this. So this means that phpBB thinks that all users of the site come from the same IP address, which it probably why it's accusing random people of too many failed logins—all failed logins seem to come from nginx.

When I have a moment, I need to Google this issue and fix either our phpBB install or possible our nginx reverse proxy configuration to get X-Forwarded-For working again. Unfortunately, it's crunch time at work, and I'm pretty busy right now.

If somebody technical has some time to look into this, or even send a pull request, I'd be massively grateful. If not, I'll try to get to it as soon as I can.
3 x

User avatar
Evita
Orange Belt
Posts: 182
Joined: Tue Aug 11, 2015 7:02 pm
Location: Latvia
Languages: I speak: Latvian, English, Russian, German
I study: Korean
I'm slowly forgetting: Spanish, Finnish, French
Language Log: viewtopic.php?f=15&t=1141
x 289

Re: PASSWORD Security

Postby Evita » Sat Sep 02, 2017 6:40 am

emk, is that also the reason the main page always says there's exactly one guest user online?
1 x
: 6480 / 8000 Korean Vocabulary

My Korean Anki decks: Grammar Sentences | General Korean Sentences | Vocabulary | Hanja

Vedun
Orange Belt
Posts: 215
Joined: Tue Jun 21, 2016 1:36 pm
Languages: Bulgarian, English
German, Italian
Russian, Finnish
Language Log: viewtopic.php?f=15&t=3009
x 149

Re: PASSWORD Security

Postby Vedun » Sat Sep 23, 2017 4:26 pm

Whatever happened to this? Any progress?
0 x

User avatar
emk
Black Belt - 1st Dan
Posts: 1620
Joined: Sat Jul 18, 2015 12:07 pm
Location: Vermont, USA
Languages: English (N), French (B2+)
Badly neglected "just for fun" languages: Middle Egyptian, Spanish.
Language Log: viewtopic.php?f=15&t=723
x 6326
Contact:

Re: PASSWORD Security

Postby emk » Sat Oct 14, 2017 5:37 pm

Vedun wrote:Whatever happened to this? Any progress?

I'm actually working on this right now.
4 x

Spoonary
Blue Belt
Posts: 876
Joined: Mon Jul 20, 2015 3:45 pm
Location: England
Languages: English (N)
Español (Adv), Italiano (Int), Esperanto (I try)
x 1656

Re: PASSWORD Security

Postby Spoonary » Wed Jan 10, 2018 8:38 pm

Sorry to bring up an old issue and sound like a whiner, but these CAPTCHA questions are pretty annoying. Are we any nearer to a solution? :?

Please tell me if it's none of my business :|
0 x

User avatar
rdearman
Site Admin
Posts: 7231
Joined: Thu May 14, 2015 4:18 pm
Location: United Kingdom
Languages: English (N)
Language Log: viewtopic.php?f=15&t=1836
x 23125
Contact:

Re: PASSWORD Security

Postby rdearman » Wed Jan 10, 2018 8:48 pm

Spoonary wrote:Sorry to bring up an old issue and sound like a whiner, but these CAPTCHA questions are pretty annoying. Are we any nearer to a solution? :?

Please tell me if it's none of my business :|

No nearer a solution I'm afraid. Nobody has time to delve into the issue.
2 x
: 0 / 150 Read 150 books in 2024

My YouTube Channel
The Autodidactic Podcast
My Author's Newsletter

I post on this forum with mobile devices, so excuse short msgs and typos.

cathrynm
Orange Belt
Posts: 246
Joined: Sun Jul 19, 2015 7:11 am
Location: Berkeley, California
Languages: Japanese(JLPT N3), Finnish(beginner), English(native)
Language Log: viewtopic.php?f=15&t=721
x 249
Contact:

Re: PASSWORD Security

Postby cathrynm » Thu Jan 11, 2018 4:45 am

The spammers are pretty persistent. I think it's just how it is.
0 x

Cainntear
Black Belt - 3rd Dan
Posts: 3468
Joined: Thu Jul 30, 2015 11:04 am
Location: Scotland
Languages: English(N)
Advanced: French,Spanish, Scottish Gaelic
Intermediate: Italian, Catalan, Corsican
Basic: Welsh
Dabbling: Polish, Russian etc
x 8662
Contact:

Re: PASSWORD Security

Postby Cainntear » Thu Jan 11, 2018 11:09 am

Mildly annoying, but far less annoying than spammers.

Thanks to the team for implementing a working solution. Very much appreciated.
1 x

Spoonary
Blue Belt
Posts: 876
Joined: Mon Jul 20, 2015 3:45 pm
Location: England
Languages: English (N)
Español (Adv), Italiano (Int), Esperanto (I try)
x 1656

Re: PASSWORD Security

Postby Spoonary » Thu Jan 11, 2018 6:31 pm

Cainntear wrote:Thanks to the team for implementing a working solution. Very much appreciated.

I second this. Thanks guys! And thank you for your prompt response rdearman :)
2 x


Return to “Technical Support and Feature Requests”

Who is online

Users browsing this forum: No registered users and 2 guests