Page 12 of 23

Re: Webmaster's Blog

Posted: Mon Jun 16, 2014 7:41 am
by Credible
Are those requests all login attempts? If so, one approach - if you have the appropriate level of control - is to deliberately slow down the login process, so they don't get a response for 0.5 to 1 second. (Or more.)

Re: Webmaster's Blog

Posted: Mon Jun 16, 2014 7:58 am
by Benckj
Wonder what would be gained in gaining access to our forum, extortion perhaps?

Good on ya Charlie for keeping it safe.

Re: Webmaster's Blog

Posted: Mon Jun 16, 2014 10:56 am
by thelinuxwarrior
Never used it to protect phpbb3 but we use "failtoban" on our firewall and webservers.
Basically you setup a filter to go through the log files and after X login/access attemps (normally 5) it will block the ip address for Y minutes (normally 30mins)
If you are running this on a linux server it should be reasonably easy to configure, all it does behind the scenes is block the ip address using iptables.

http://www.fail2ban.org/wiki/index.php/Apache" onclick="window.open(this.href);return false;

Re: Webmaster's Blog

Posted: Mon Jun 16, 2014 10:59 am
by thelinuxwarrior
Also as suggested, you can whitelist certain ip address and only allow those access to certain subdirectorys (admin) using apache.
Although if you need access from dynamic ip addresses this won't really work...

Re: Webmaster's Blog

Posted: Mon Jun 16, 2014 11:51 am
by Wayne
If he's hosting at home he can make it local access only

Re: Webmaster's Blog

Posted: Mon Jun 16, 2014 10:49 pm
by mickeyduck
Thanks guys. Yeah all those kind of measures are in place but it's funny how much these clowns will still throw at the attempt. Like I said, I guess they just see it as a challenge. Anyway the traffic graph is a lot more mellow tonight. Hopefully it stays that way!

Re: Webmaster's Blog

Posted: Tue Jun 17, 2014 10:25 am
by Hayden
What sort of traffic to the site do you get Charlie? If you were looking at allowing users to download large files like service manuals and such I'm happy to host an FTP server at mine, though a Dynamic DNS service would be a must as I can't get a static IP.

I'm one of the lucky few who have fibre, and we sit on a 100Mbps down, 50Mbps up line. Can set up QOS to guarantee traffic to upload server takes priority.

PM me Charlie if your interested, there won't be any charge for internet access etc, only thing that will need to be paid for \ sorted out is DDNS service.

Re: Webmaster's Blog

Posted: Tue Jun 17, 2014 10:26 am
by Hayden
Just though I'd add in if it wasn't already obvious, we're sitting on an unlimited data cap.

Re: Webmaster's Blog

Posted: Sat Jun 21, 2014 8:18 am
by mickeyduck
Thanks Hayden. Probably my next step will be a migration to Rackspace or Azure. No panic regards hosting as I now have VDSL which is pretty good.

Looks like they are going to dig up the road soon so perhaps we'll be able to get fibre in the next year or two too.

The hits have been nice and normal since I tightened things up so that's good.

And I haven't heard anyone say they are shut out, except for our Membership Officer being locked out of the membership database, but that's since been sorted. :lol:

Re: Webmaster's Blog

Posted: Mon Jun 23, 2014 4:32 pm
by Benckj
Might be worth consideration Charlie to host off site.

Already have fibre down here. You still talking through strings?

Re: Webmaster's Blog

Posted: Wed Oct 29, 2014 1:53 pm
by mickeyduck
Home sick. Going back to work tomorrow. As an experiment to see if my brain is back to moderate working order I decided to upgrade the forum to phpBB 3.1 which has just been released today. It includes responsive functionality to cater for mobiles etc. Just tried it on my iPhone 5S and it seems pretty good. Certainly a lot easier to read and use.

Not sure which mods we'll miss as none of them could be upgraded. Meh. :P

OK might take a look at Rackspace hosting on Ubuntu next... :idea:

Re: Webmaster's Blog

Posted: Wed Oct 29, 2014 2:11 pm
by Grrrrrrr!
Massive amounts of wasted screen real estate either side of my desktop screen now, and all the users profile information is now published beside each post. Buy bigger monitor, website only uses half if it anyway. :lol:

Just tried it on mobile, not atrocious like a certian other mr2 sites mobile version, but think i'd rather stick with the desktop version.. but can't find a way to say "do not want mobile version".

Re: Webmaster's Blog

Posted: Wed Oct 29, 2014 2:27 pm
by KWAFA
I like it! We need a logo for the forum though.

Is this working on Tapatalk now?

Re: Webmaster's Blog

Posted: Wed Oct 29, 2014 4:20 pm
by mickeyduck
Gimme a chance you grumpy old bugger... :P
Grrrrrrr! wrote:Massive amounts of wasted screen real estate either side of my desktop screen now, and all the users profile information is now published beside each post. Buy bigger monitor, website only uses half if it anyway. :lol:

Re: Webmaster's Blog

Posted: Wed Oct 29, 2014 6:04 pm
by mickeyduck
OK made it wider and slimmed down the profile bizzo. Can't yet figure how to add the link to the Gallery in to the header as the whole theme structure has changed drastically. In fact I can't even find how to refresh the theme cache cos the usual stuff isn't in the ACP anymore. Meh.

Meh-key Duck.