Fort Knox Security

[no clue]

OK not that I really care that much, but after a few months of being off the site a bunch of RBL and NF clan member's found each other on FaceBook and we are looking at playing a few games, so I try to log on here and to my HORROR its all but impossible to get anywhere without answering questions that are to easy to get wrong and typing stuff backwards when I have no idea if its case sensitive or if the space needs to be in it, WTF is that crap. Out of all the forums I belong to and its been many over the years because of my years of beta testing games and I have NEVER seen anything like this, even on sites you needed to do NDA's before getting into a beta it was not this bad.

Yes I know spambots can be a problem but even when I helped run Pumpkin2 we really didn't have that many hits from them each year to go through all these hoops just to log in. The idea should be to make things user friendly not bug the heck out of the user.

So I log on with my name and old pw that was not changed in the past year and saved to my phone, but missed the CAPTCHA question maybe 2 times not sure, then I have to go to a totally different page, HELLO people check forums these days by smartphones and its not that easy to copy and paste web pages and go look for an answer to a question some people may not even have a clue to, like ME.

You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below.

So I end up with this and things go downhill from here, not sure what was wanted I tried web site addy and a few different combos nothing works. I think maybe its best to reset my pw and even here this was a major task, so I figure screw it wait till I get home and go and try everything on my laptop, but once again its a total pain in the azz to get anywhere. So its either give up or make a new account and post about this issue, and well your reading about it so now you can guess what I did.

Anyways I want to get back on RBL-4NiK8r, I also think someone needs to redo much of the things needed to get back on to the site after a few months, because I highly doubt I will waste 2 hours of my life again trying to get back on here.

4nE

[Staff]

Sorry for the trouble, but spambots are much more prevalent these days then they ever have been.
You should see all the attempts by bots that are never ending, 24/7.

As for your specific issues, I admit, the site design isn't optimized for smartphone use (ironic, it is called smartphone, when you are severely limited in many ways, making it a very dumb terminal...)

The Captcha questions are pretty basic:
Where is our official Github repository located at ? Answer is located on this page: http://developer.wz2100.net/wiki/CompileGuide
and
Type 'Warzone 2100' backwards. (no quotes)

This has held back lots of bots, but, some still get through, but, I think they are easy enough to understand.

In any case, leave all the info about the account in question, and someone should be able to help you as soon as they can.
All info you post is moderated, so, it isn't public viewable.

Thanks.

[_se5a__]

So why all this security, and requiring complex passwords, yet not using SSL when logging in?

This is kind of a big soapbox for me. if you're going to require the users to jump through hoops, the least you could do is protect the users from man in the middle attacks.

[Staff]

We don't have a wildcard certificate, so, we can't offer SSL for the forums.

[_se5a__]

You don't think that maybe the part of the site where people are sending passwords across the interwebs would be more important to secure?

[Cyp]

Hmmm, I was going to suggest: https://letsencrypt.org/2015/06/16/lets ... edule.html (Doesn't exist yet, though, maybe tomorrow it will spontaneously exist?)

But it seems there's already a valid https certificate for wz2100.net and www.wz2100.net, just not forums.wz2100.net. For now, you can click to ignore the warning that the certificate isn't valid for forums.wz2100.net.

[_se5a__]

Ah yes, I'd come across that previously, seems september is here already! keeping an eye on it.

[vexed]

As was mentioned, we can only have a certificate for the top level, not for anything else.
If we would have a wildcard certificate, then we could use it everywhere, but, that costs $$$, and we don't have much $$$ to allocate for a wildcard certificate.

We rather spend all funds on server cost, to keep this site and game lobby, and everything else we support running.

Please see http://donations.wz2100.net/ for details.

Thanks.

[Tzeentch]

this a rented out server paying by month? is it possible to move any parts out to individual persons/admins who can run a private server by their own accord?

[vexed]

this a rented out server paying by month? is it possible to move any parts out to individual persons/admins who can run a private server by their own accord?

Yes, it is rented by the month.
Sure, it is possible, but, who has that kind of bandwidth at home, unless you are on fiber.