We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
Admin CP Password + Notification of Failed Password Attempts; Security
Topic Started: Sep 22 2010, 02:58 PM (1,073 Views)
AimeeWilbury
Member
[ *  *  * ]
The first thing I noticed is that you have to put in the same password to get to the admin CP as the account. I haven't seen an option to change this although I may have missed it. It would be good to be able to change it in the admin CP because if a person can guess the first password they can get into the admin CP and do nasty things. I suppose you would have to open a ticket here if you had forgot your CP password.

The second is that if there are several failed password attempts on the admin account, an email may be sent to the admin with the IP of the user making the failed attempts. This way if Admin X gets an IP of 1.2.3.4 they can IP ban that one. Of course IP bans are a bit limited ...
Offline Profile Quote Post Goto Top
 
Brandon
Member Avatar


AimeeWilbury
Sep 22 2010, 02:58 PM
The second is that if there are several failed password attempts on the admin account, an email may be sent to the admin with the IP of the user making the failed attempts. This way if Admin X gets an IP of 1.2.3.4 they can IP ban that one. Of course IP bans are a bit limited ...
ZetaBoards already automatically handles this for you.
AimeeWilbury
Sep 22 2010, 02:58 PM
The first thing I noticed is that you have to put in the same password to get to the admin CP as the account. I haven't seen an option to change this although I may have missed it. It would be good to be able to change it in the admin CP because if a person can guess the first password they can get into the admin CP and do nasty things. I suppose you would have to open a ticket here if you had forgot your CP password.
The regular login is as protected as the Admin CP login. If you are certain you aren't going to forget your password you can also disable the lost password recovery in the Advanced Account Security section on your board (the link on this board is: http://if.invisionfree.com/home/?c=37 ).
Edited by Brandon, Sep 22 2010, 03:08 PM.
Offline Profile Quote Post Goto Top
 
Moonface
Member Avatar


AimeeWilbury
Sep 22 2010, 02:58 PM
It would be good to be able to change it in the admin CP because if a person can guess the first password they can get into the admin CP and do nasty things.
A lot of damage can still be done without Admin CP access. All board content can be deleted, and users can still be suspended from the board unless their groups are protected from being warned.
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · Service Discussion and Feedback · Next Topic »
Add Reply