I've had a report from one user about getting randomly logged out of the site every 5 minutes or so.
Further investigation reveals them to be using AOL as their ISP. AOL use a bunch of proxy servers with varying IP addresses. This plays havoc with verifying user accounts based on IP address, but in the past AOL seem to have kept the first three numbers of the IP address constant. However today I've noticed that AOL have started to vary the IP addresses somewhat more, breaking our security checking completely, forcing users to re-authenticate.
I've disabled all IP address checking for now, as this is the only way to get AOL users working again. Users of other ISPs who have also had random logouts should also have the problem resolved.
Random logouts - resolved!
- JQW
- Posts: 29052
- Joined: 16 Jul 2003, 13:27
- Location: The Crazy Loquat, Szegerely
Random logouts - resolved!
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt. - Bertrand Russell
- Diamond Dog
- "Self Quoter" Extraordinaire.
- Posts: 69577
- Joined: 16 Jul 2003, 21:04
- Location: High On Poachers Hill
Re: Random logouts - resolved!
This is what is known as an alias amnesty.
Nicotine, valium, vicadin, marijuana, ecstasy, and alcohol -
Cocaine
Cocaine
- JQW
- Posts: 29052
- Joined: 16 Jul 2003, 13:27
- Location: The Crazy Loquat, Szegerely
Re: Random logouts - resolved!
It's nothing to do with aliases. The board software by default checks to make sure a logged in user is posting from roughly the same IP address as the one they initially logged in from, and will log the user out automatically if they address no longer matches. It does this to prevent spam networks from sharing the same login credentials.
The change I've made just disables this check. It makes us an easier target for spam networks, but as we're not getting touched by them at the moment it shouldn't be a problem. There's several other anti-spam tricks in place at the moment, with at least one more very clever one coming soon.
The change I've made just disables this check. It makes us an easier target for spam networks, but as we're not getting touched by them at the moment it shouldn't be a problem. There's several other anti-spam tricks in place at the moment, with at least one more very clever one coming soon.
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt. - Bertrand Russell
- jude
- Turkey Boy (and destroyer of Spam Filters)
- Posts: 11396
- Joined: 14 Nov 2003, 17:27
- Location: Near Bradford's surrounding areas which encompass the city of Bradford (A small village near Leeds)
- Contact:
Re: Random logouts - resolved!
How is the new software coping with spammers Paul? I'm a mod on another phpbb board and we get stuffed by spammers. If this is doing well i might advise the board admin to upgrade.
Betty Denim wrote:And, quite frankly, if I had been raped and you said to me 'well yeah, it's crap innit; it's like that time I had to have a turnip curry' I'd do more than insult you.
- JQW
- Posts: 29052
- Joined: 16 Jul 2003, 13:27
- Location: The Crazy Loquat, Szegerely
Re: Random logouts - resolved!
Jude wrote:How is the new software coping with spammers Paul? I'm a mod on another phpbb board and we get stuffed by spammers. If this is doing well i might advise the board admin to upgrade.
The main advantage so far is that the new CAPTCHA hasn't been cracked. The one integrated with phpBB2 was cracked, and most spammers used this crack to get through. I had to install a MOD to block spam in the end, and even then we got up to a dozen fake users registering per day. Luckily this mod also blocked new users from posting links, so hardly any spammer managed to post.
Another feature coming in 3.0 RC6 (or 3.0.0, whichever appears first) is that each form will contain a hidden field containing a randomly generated key. Submitting the form will send that key back to the server, and the post will only be valid if the keys match. This is to stop bots and other automated systems sending down fake posts without visiting the board first. I've no idea how this key system will work in practice, as it may cause serious problems to some of our users. Also added as the same time as the key are options to set the minimum amount of time between viewing a post screen and submitting the post - again this may too cause us some problems. I'm expecting this new release to appear at any time.
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt. - Bertrand Russell