The On-Going Hacker Attack Options

[Elemental Crisis]

For those of you who dont know as of lately (past couple of months) someone/some goup or multiple groups has been finding exploits in the IPB code allowing things like SQL Injection, changing admin account(s) passwords and other ways basiclly with a goal or runing someones forums.

Even here we've had about 5 attempts using exploits snice this started, but no worries i've been able to stop this and with the release of IPB 2.1.6 all KNOWN exploits have been fixed. 2.1.6 was released because of all the recent exploits, it was not planned at all.

At RPGCrisis in order for you to start posting you have to activate your account by accessing your e-mail and clicking on the link. A almost sure and garenteed way to stop these hack attempts here at RPGCrisis would be to ban all free e-mail service providers. I dont want to do this because almost everyone uses hotmail, yahoo GMail or another free e-mail service. But if whoever is making these exploits continue then this will pose a greater risk to RPGCrisis and I will ban all free e-mail services.

I can always ban reported IP's but anyone can change their IP, its not hard at all. Im open for suggestions so if you have any go ahead and post them here.

[ndrd]

one question... if it gets to the point where there are no more free email sign ups... will we be able to keep our account with our current hotmail-like accounts? also if we only have a hotmail or orther free email service, if the site goes down again can we email you to ask for the ability to sign up using them? if not that would suck because last time that happened to me i tried my hotmail (didnt work) and my gmail (also didnt work (IMG:style_emoticons/default/sad.gif) ) until finally i had to use one i havnt used in about 5-7 years... luckily it still worked but for those who dont have one of those may not be able to sign up and that would reduce member a fair bit... anyway just thought id ask

[Elemental Crisis]

Only new registrations would not be allowed to use them, I may just make it where I have to approve every new registration.

[The_Sick_Boy]

That would be the best way to do it...otherwise, you would turn off alot of newcomers. Who wants to pay for an email account when we can get really good ones for free?

[mylittlewindmill]

that's what happened to www.rpg-palace.com
lucky nothing's happened here yet

[ndrd]

But you have to imaging that it could become a pain in the ass to validate every new registration, especially if this site starts to pick up the pace a little. One solution to this problem would be to allow mods and maybe staff to be able to validate them aswell. but then there could be and issue, i no a bit unlikly, of corruption amongst the mods. EC could choose which mods could do it though...