CrazyMinh wrote: My friend hasn't used my computer to log in...in fact I don't even think they've used the website yet...but I've apparently got 24 attempts left to log in before I'm IP blocked...bug much?
No. Not a bug. This is pretty standard security software for site protection. Any time you have a failed login, any time you log in from a different IP address than the one originally registered to you, any time you simultaneously login... these trip 'counters' on your account and/or IP address. Given reasonable amounts of time between them, the counter discharges and your account/IP address clears. But if they continue to happen with very little time between them, the counter builds to a point where the server will mail you a warning. From that point you have a set number of additional attempts before you are automatically locked out.
Why? Well... these are the most common indications of brute force methods ot attacking a site and/or account.
Why don't you see this with other sites? Well.. you do, technically. They aren't as likely to warn you, you'll simply be locked out... or your data will be flagged and put on a watch list in front of a warm body in an IT department.
When / if you get locked out, those places tend to have someone on customer service that an get you unblocked 24/7 if you call in with a reasonable argument for why you got flagged. They also have access to more of your outside world data (phone numbers, email accounts, real names) that can be used to verify who you are and that you're not trying to hack the system. That sort of security is necessary when you have people's credit cards or personal info on file.
Here? Well... the only thing I really have to protect is the site itself. As long as we don't lose content or too much conversation/feedback... its not a catastrophe. We more or less lost the entire site to hacking four years ago and didn't even have official backups to work from to rebuild. Now? the most annoying thing would be if we have to revert to a backup a couple months ago. Or... even if we have to rebuild, I have 'real' backups that would allow us to recover content and forums directly, instead of generating them from internet archives. But I have no credit cards to protect. Not many people even provide a real email address, let alone one that can connect to them directly, fewer still provide other real data - address, phone, etc.
Anyway... we don't need to be hardcore about protecting things like a corporation might. But we do have our malicious trolls. Some of whom don't like TG fiction or TG anything. Some of whom do and don't like our representation of it. Some of whom don't care and their malice is personal. So we do have security, and it is automated in ways that don't shut people down for mistakes or exotic usage of the site (like reading while online in a taxi or train as you cross through twenty different cell zones, each time causing a drop off from the site and a new login from a different IP address) If one of these trips on you, it is a temporary ban for around 24 hrs. Warren and I can clear it sooner than that, but getting hold of us and making it happen faster isn't always possible.
And no
Topic Author
