Archived Thread

Another Security Upgrade Put Into Place

Eric from BBI : Admin : 3/4/2015 4:03 pm

We continue to work to improve site security and will be taking a number of other steps soon.

One improvement implemented today is the site is now monitored daily by Sucuri.net, a leader in website security.

BBI will now be checked for any virus/malware issues every six hours. If there is an issue, Sucuri will clean up the problem.

Nice

Big Blue '56 : 3/4/2015 4:03 pm : link

thank

bc4life : 3/4/2015 4:20 pm : link

you

Nice but having

mrvax : 3/4/2015 4:21 pm : link

Mike from "Better Call Saul" patrolling around the web server may help even more.

This is huge

Rob in CT/NYC : 3/4/2015 4:21 pm : link

BBI is ground zero for just about every piece of malware on the internet.

Eric:

mrvax : 3/4/2015 4:22 pm : link

Did you or Gary ever discover exactly how the bastid got access to your admin account? Was it SQL injection? Thx.

mrvax

Eric from BBI : Admin : 3/4/2015 4:37 pm : link

Yes on the first.

sorry Eric

Bleedin Blue : 3/4/2015 5:16 pm : link

not a techie. Quick question, it seems when I have to log in as soon as I type in my username my password is automatically filled in, is this normal???

Bleedin Blue

Eric from BBI : Admin : 3/4/2015 5:19 pm : link

Most (if not all) browsers allow you to save log in information (including financial websites). One of the things we may do soon is prevent caching.

Thanks

Bleedin Blue : 3/4/2015 5:29 pm : link

for your help

Great, Eric!

yatqb : 3/4/2015 5:45 pm : link

we've

Eric from BBI : Admin : 3/4/2015 5:54 pm : link

got some other things in the works too.

Thanks, Eric and Gary

Ira : 3/4/2015 6:22 pm : link

RE: Bleedin Blue

mattlawson : 3/4/2015 6:47 pm : link

In comment 12163682 Eric from BBI said:

Quote:

Most (if not all) browsers allow you to save log in information (including financial websites). One of the things we may do soon is prevent caching.

Prevent cache so you'd have to login every time you came to the site to post?

mattlawson

Eric from BBI : Admin : 3/4/2015 7:23 pm : link

one of the BBI IT experts says password cookies are a terrible idea.

Remind everyone

K-Gun? Pop-Gun : 3/4/2015 7:32 pm : link

Come donation time!

couple of questions

markky : 3/4/2015 8:12 pm : link

1. do you still store user passwords? if so, do you have plans to change to single sided encryption? if not, you should have language on your account setup page that says the passwords are being stored.

2. do you have the site pen tested? given that you're not storing much user info i don't think users should care, but it does increase likelihood of site being defaced

oh, also thanks

markky : 3/4/2015 8:13 pm : link

for the efforts. we all appreciate it. best site on the internet by far.

...

Eric from BBI : Admin : 3/4/2015 8:43 pm : link

Passwords are salted/hashed. Even we don't have access to passwords anymore.

We will likely encrypt e-mail addresses.

MattLawson

Bleedin Blue : 3/4/2015 8:54 pm : link

will do thank you. I didn't set it up, and it never did it before the site upgrade, I would always have to type in my password. Now when I type in my Username it automatically fills it in, but i can't see what was typed in.

Blue

Gary from The East End : Admin : 3/4/2015 8:58 pm : link

That is all controlled in your browser.

RE: Blue

Bleedin Blue : 3/4/2015 9:09 pm : link

In comment 12164119 Gary from The East End said:

Quote:

That is all controlled in your browser.

Thanks! will take care of that.

Good step Eric.

Andy in Halifax : 3/5/2015 8:41 am : link

Hope it works for you. These issues are undoubtedly unpleasant to deal with and I'm sure you'd rather focus on football stuff than "hashing & salting" passwords.

Good going, Eric

Montreal Man : 3/5/2015 9:06 am : link

And Thanks.