Is makehuman community site object of attac?

Tech support and suggestions forum. If you only have a basic question on how to get started, please use the "newbies" forum in the community section.

Moderator: joepal

Is makehuman community site object of attac?

Postby grinsegold » Fri Jan 03, 2020 3:02 pm

This is how makehuman promted after i filled in username and correct password and pressed enter (without my name. That i wrote afterwards). Should i be concerned? That's not the first time i see that.
Bildschirmfoto zu 2020-01-03 15-56-46.png
grinsegold
 
Posts: 321
Joined: Mon Jun 15, 2015 1:34 pm

Re: Is makehuman community site object of attac?

Postby joepal » Fri Jan 03, 2020 4:23 pm

No, this is phpbb playing up. I am not certain why it does this now and then, but I suspect it is because it is behind a reverse proxy and thus perceives all login attempts as coming from the same IP adress.

I've never been able to see anything looking a DoS or brute force attack when looking at the logs anyway.
Joel Palmius (LinkedIn)
MakeHuman Infrastructure Manager
http://www.palmius.com/joel
joepal
 
Posts: 4465
Joined: Wed Jun 04, 2008 11:20 am

Re: Is makehuman community site object of attac?

Postby loki1950 » Fri Jan 03, 2020 5:12 pm

Happens to me at least once a week grinsegold just mildly annoying at this point though I have complained to joel a few times :o

Enjoy the Choice :)
my box::HP Envy i5-6400 @2Q70GHzx4 8 Gb ram/1 Tb(Win10 64)/3 Tb Mint 19.2/GTX745 4Gb acer S243HL K222HQL
Q8200/Asus P5QDLX/8 Gb ram/WD 2Tb 2-500 G HD/GF GT640 2Gb Mint 17.3 64 bit Win 10 32 bit acer and Lenovo Ideapad 320-15ABR Win 10/Mint 19
User avatar
loki1950
 
Posts: 1219
Joined: Thu Dec 18, 2014 6:27 pm
Location: Ottawa,Ontario

Re: Is makehuman community site object of attac?

Postby Elvaerwyn » Fri Jan 03, 2020 11:25 pm

I have this issue constantly :S
She who knows in repose with prose...
User avatar
Elvaerwyn
 
Posts: 373
Joined: Tue Aug 22, 2017 11:28 pm
Location: Canada

Re: Is makehuman community site object of attac?

Postby grinsegold » Sun Jan 05, 2020 9:02 pm

Thanks. I can sleep better now :)
grinsegold
 
Posts: 321
Joined: Mon Jun 15, 2015 1:34 pm

Re: Is makehuman community site object of attac?

Postby nomorecookies » Sat Aug 01, 2020 11:51 pm

indeed, this happens every single time i try to login. also, the password field says it is not secure when creating an account
nomorecookies
 
Posts: 82
Joined: Thu Jul 30, 2020 1:34 pm

Re: Is makehuman community site object of attac?

Postby loki1950 » Sun Aug 02, 2020 12:55 am

The not secure is because we do not use https.

Enjoy the Choice :)
my box::HP Envy i5-6400 @2Q70GHzx4 8 Gb ram/1 Tb(Win10 64)/3 Tb Mint 19.2/GTX745 4Gb acer S243HL K222HQL
Q8200/Asus P5QDLX/8 Gb ram/WD 2Tb 2-500 G HD/GF GT640 2Gb Mint 17.3 64 bit Win 10 32 bit acer and Lenovo Ideapad 320-15ABR Win 10/Mint 19
User avatar
loki1950
 
Posts: 1219
Joined: Thu Dec 18, 2014 6:27 pm
Location: Ottawa,Ontario

Re: Is makehuman community site object of attac?

Postby RobBaer » Sun Aug 02, 2020 10:12 pm

hmm... @Joel isn't it fairly straight forward to enable https:// authentication without disabling http:// or is this something about our current hosting service? It's been a while, but I am pretty certain this is possible on Windows IIS, not sure about apache and other servers.
User avatar
RobBaer
 
Posts: 1208
Joined: Sat Jul 13, 2013 3:30 pm
Location: Kirksville, MO USA

Re: Is makehuman community site object of attac?

Postby joepal » Mon Aug 03, 2020 12:12 pm

The problem isn't enabling https per se. The problem is that we get a routing loop vs the (very old version of) mediawiki backend if enabling https on the outward facing web server while still having http on the inside of the forwarding proxy. When I last looked at it, I was not able to make that particular version of mediawiki behave in an acceptable manner.

In essence, the actual problem is that we have a stone age old and largely unmaintainable mix of different web services that have been modified on a source code level and which therefore cannot be easily upgraded to a modern version.

I have started looking into replacing the entire infrastructure with something coherent, but this requires a lot of work.
Joel Palmius (LinkedIn)
MakeHuman Infrastructure Manager
http://www.palmius.com/joel
joepal
 
Posts: 4465
Joined: Wed Jun 04, 2008 11:20 am

Re: Is makehuman community site object of attac?

Postby MTKnife » Fri Aug 07, 2020 5:18 am

joepal wrote:No, this is phpbb playing up. I am not certain why it does this now and then, but I suspect it is because it is behind a reverse proxy and thus perceives all login attempts as coming from the same IP adress.

I've never been able to see anything looking a DoS or brute force attack when looking at the logs anyway.


The reverse proxy should be able to pass the actual IP through easily enough, though the site has to be coded to read that variable. Unfortunately, I've only done this in Python with NGINX and Flask, and it sounds like you're dealing with something much more complicated.


Scott
MTKnife
 
Posts: 311
Joined: Tue Sep 01, 2015 5:22 am


Return to Bugs, problems and feature requests

Who is online

Users browsing this forum: No registered users and 1 guest