Home Forum Community 2FA enabled

  • Creator
    Topic
  • #249640

    Hi forum users,

    So I discovered this morning that capitalaspower.com has been the subject of a long-term bot attack. To date, we’ve had over 400,000 failed logins, many of which seem to have user names scraped from the forum.

    As a precaution, I’ved enabled two-factor login for all users. You’ll be prompted to set it up on login, and you should be able to use any authenticator of your choice. (For now, no SMS or email.) If you have any problems, please email casp.editorial@gmail.com.

    Also, to stop the bots, I’ve implemented an IP banning protocol. If an IP has more than 2 failed logins, it’s banned for a preset period. So if you forget your password, it’s best to reset immediately. And if for some reason you do get banned, email casp.editorial@gmail.com and we’ll fix it.

Viewing 0 reply threads
  • Author
    Replies
    • #249649

      After some consideration, we’ve decided that two-factor identification is overkill for forum users. We’ll keep it for site admin, but everyone else can just login with their passwords.

Viewing 0 reply threads
  • You must be logged in to reply to this topic.