I finally got the error codes from the software upgrade eliminated in my admin panel. ..........Only to discover some new ones popping up showing login errors. LOTS of them! Seems SMF forums have been under attack from a new bot threat. The idea of it seems to be getting user names and passwords. The purpose is probably to try to use them somewhere else? No one knows for sure. Have any of you have been logged out even though you didn't? Guess this was one of the features of this bot too. That part was fixed in the RC5 version software I just updated to.
From what I read the attacks started somewhere around the first week of February? Not all sites were/are getting hit or all the time. I didn't notice anything too unusual before I started the recent software upgrade. After that I had so many error codes I probably would have missed the login errors.
I will be implementing a few changes to the site in the next few days to deal with bot and other security threats. We already have a great deal in place but more is needed.
Here is some of what I have done/will do.
#1. I just adjusted the login attempts to 1. That means if you fail you will be given your security question, etc. to get logged in.
#2
Changing login to your email. You will NOT be using a password but Email to get logged in. This will be done in the next 24 hours or so.
#3 User names will be blocked from guests.
#4 Multiple changes behind the scenes. Adding a few mods and pieces of software.
All these changes will help with the current attack and also future ones.
Sorry for any inconvenience but I feel we need to keep user information as secure as possible.
As a side note..... The features we had should be working and error codes should be minimal for users at the moment? The only feature I had that still isn't working is the URL rewrite. I'm going to attempt another mod to do that as the one we had doesn't work with this version of software. Will get back to this after I deal with the security issues.
