Jump to content

Site questions, comments, and suggestions

Guest

By Guest,
in Announcements

Recommended Posts

B10HAZARD.

B10HAZARD.

Posted
Posted
2 minutes ago, Ashal said:

Bottom line, lots of site requests have been made to the login page, and although most have now been blocked... I value you're potential privacy over your potential hate of filling a captcha on occasion. And no; not interested in hearing how Google is the apparent devil now.

I don't actualy mind the login capche thing, it takes like 10 seconds to click through it.

site is running lighteningly fast now Ashal.

thank you for your dedication. ? 

2
Link to comment

phillout

phillout

Posted
Posted
7 hours ago, winny257 said:

Are you crazy, I already have problems with captchas!
if something like that comes, then I can me shoot dead!

I give myself the Bullet :classic_laugh:

 

 

I don't think you understood the text at all, so you could just refrain from commenting and save the site some bandwidth.

 

A similar system guards PayPal logins and you don't see it unless you try brute-forcing their logins. They don't force you to solve pictures on login - do you really think PayPal doesn't get login brute-force attacks? Yeah, sure. 

 

Link to comment
prinyo

prinyo

Posted
Posted
3 hours ago, phillout said:

A similar system guards PayPal logins and you don't see it unless you try brute-forcing their logins.

Not showing capcha the first 2 attempts to login is definitely the best solution - you do not punish the innocent user but you do stop the bruteforce attempt early on. However LL is using a third-party forum software that probably doesn't have this as an option.

Link to comment
phillout

phillout

Posted
Posted
46 minutes ago, prinyo said:

Not showing capcha the first 2 attempts to login is definitely the best solution - you do not punish the innocent user but you do stop the bruteforce attempt early on. However LL is using a third-party forum software that probably doesn't have this as an option.

"Not showing capcha the first 2 attempts to login" is actually hard to implement in a way that allows you to stop all those login attempts coming from 1000s of sources from overloading the system with multiple requests. You need to stop the bot at the very first attempt. 

 

What you do to solve this is overriding the form's "submit" call with JavaScript code that first calls the server URL asking for an encrypted data , decrypts it in Javascrypt, encrypts it with an embedded key again, makes a short delay (like a couple of seconds - this is not a problem for a legitimate user, but is a huge problem for bots trying to use headless browsers to brute-force the page, since their effectiveness drops by hundreds of times at least) and sends it back as an extra parameter in form's POST. The first thing the server does is checking that extra parameter for validity - before even trying to access the database to lookup for the login and password, which is a costly operation. This is essentially what PP does to protect its login forms from brute-force attempts w/o any captchas at all. I did the guardian part in Go and this could be implemented in PHP as well if using Go server as a proxy for the forum software is an issue somehow. The trickiest part of this would be getting SSL cyphers working together in different languages - like encrypting in PHP and decrypting in JavaScript and vice versa. Here is a related discussion at SO. And yes, this is a deadly effective solution IME which is 100% transparent to the end-user.  The only tricky part here is obfuscating the JS code to the point that no one wants to deal with it - so it would require weeks to deal with it even for people able to perform the task, so attackers simply move on to an easier target. It's all about money for them, so just make it way too expensive, and you solved the problem. PayPal obfuscation is beyond simply incomprehensible, but LL isn't that much of a high-profile target as PP is.

Link to comment
HentaiGnome

HentaiGnome

Posted
Posted

I totally understand the reasoning behind CAPTCHAs (as much as I personally hate them), but my issue is that sometimes they glitch out. For example, just right now, before I could log in, I had to refresh my browser (updated Firefox) several times because the first time CAPTCHA was being retarded in acknowledging that I DID PICK THE EFFIN' TRAFFIC LIGHTS but it would keep switching over to a new full image with more traffic lights and then as if it didn't understand that I was choosing the traffic lights it finally gave up and made me pick bicycles, which funnily enough there were none, and so I skipped that image and then now it wanted me to get all the fire hydrants, but same issue. I refreshed my browser and now CAPTCHA wanted to be retarded where every time I pick on an image tile it would take like 8 seconds for that fade out-fade in transition for the next image, and as we all know, CAPTCHas require more than just one image to be clicked.

 

I suppose I could just choose not to clear my temporary browser cache to avoid this hassle but for privacy reasons I always clear it before I shut it off.

 

FYI I've also run into this problem with Chrome, so it's not a Firefox vs <insert some other browser> issue. Also, I don't have any viruses or malware to speak of so I know my computer is fairly safe.

Link to comment
Guest

Guest

Posted
Posted
10 hours ago, Ashal said:

Bottom line, lots of site requests have been made to the login page. And although most have now been blocked... I value you're password protection over your potential hate of filling a captcha on occasion. And no; not interested in hearing how Google is the apparent devil now. You have bigger, solvable, issues you need to deal with first if this is a problem for you.

 

If you think Google is selling your info, you don't understand Googles business to begin with. A good business obviously doesn't sell it's trade info (fyi, in case it needs to be said... LL has never once sold any data, I wouldn't even know how to do so?)

 

I have ZERO sympathy on this if TOR is your main browser. You should've known what you were getting into, or you shouldn't have been using TOR to begin with. 

I've pondered for several minutes before deciding to reply to this, but I assume my post will either be deleted or I'll get banned for going against the administrator, but whatever, my next mod is probably the last mod I'll publish in here as I simply can't support a website administered like this.

Also, the only time that I launch Skyrim these days is to modify or create my own mods, and 100% of the time that I am in here is to provide support for mods (mine or someone's else).

 

Starting with your claims over captchas for Tor and password protection. Guess what? I don't logout and I don't use Tor, yet I still keep getting them in randomized intervals, while never needing to enter my login credentials again, which means my authorization cookie is valid, so no brute force in there whatsoever.

More over, this is literally the only website that I visit that keeps making me input those draconian captchas. I am also a modder over at Nexus (under a different name) and I never had to deal with something like that.

 

You said you don't want to hear how Google is evil, but at the same time calls everyone who disagrees an ignorant by saying "you don't understand Googles business to begin with" without even giving a source. How convenient.

I'll give you some basic facts on why me and many others don't want Google in our lives:

  1. https://www.quora.com/Why-should-I-use-DuckDuckGo-instead-of-Google/answer/Gabriel-Weinberg?share=9560e87d&srid=zJYr This is an answer by the creator of DuckDuckGo. While you can use any privacy oriented search engine, not just DuckDuckGo, his facts about Google are still correct.
  2. Google is the biggest lobbyist in the USA (I wonder why): https://www.opensecrets.org/lobby/firm_reports.php?id=D000022008&year=2018
  3. Google is racist and sexist: https://www.westernjournal.com/lawsuit-seeks-to-expose-googles-discrimination-against-white-men/ Just one of many examples that you can find on your favorite search engine.
Link to comment
blase_hase

blase_hase

Posted
Posted

hello, managed to log in again after a few minutes.

 

since i seem to have kicked up some dirt, let me clarify the issue: i don't mind _a_ captcha, i totally see the reasoning behind this. i also understand why google's recaptcha is the most obvious choice from the dev perspective.

 

the point is more about the "UX": google's reCaptcha is insanely frustrating compared to other captchas: it takes random time to load a square after you clicked it (i have found no relation to internet speed, so it's not just images loading slow), the question whether parts of a square count, the random "please try again" even though no obvious error was made etc.

 

there are other, less frustrating options, used in e.g. the linkcrypting sites that the och downloader scene is using: "click the open circle", "sort 9 pictures onto 3 category stacks" come to mind. the latter may be as slow as grecaptcha, but it works, reliably, and is thus less frustrating. thankfully nexusmods realized that and have implemented a fallback captcha from another provider.

 

so to reiterate: a humble request for - if not changing the captcha provider - having a fallback one that is less frustrating.

 

thanks @cpu for pointing out 2FA can replace the captcha on login - i wasn't aware of that and gonna check it out. as for having the checkmark and still getting the "you failed" message, it's an issue with tor browser+noscript i managed to work around.

Link to comment
Guest

Guest

Posted
Posted
2 minutes ago, wild_guy said:

I still can't upload gif files into posts always getting "-200" error. Will this ever be fixed or should I look for another solution to show the previews?? I'm asking 3rd time and still got no answer :(

I confirm it is a problem.

 

Link to comment
Vyxenne

Vyxenne

Posted
Posted

The site seems to be accessible for the past couple of days- YAY! Thanks for all the hard work!

 

I'm not able to click on the right-hand end of a message topbar and get/copy a link to that specific post- I've tried with Firefox and MIE 11. Is everybody having this issue or is it just me, meaning there's something I need to tweak on my end?

Link to comment
Ashal

Ashal

Posted
Posted
1 hour ago, Vyxenne said:

The site seems to be accessible for the past couple of days- YAY! Thanks for all the hard work!

 

I'm not able to click on the right-hand end of a message topbar and get/copy a link to that specific post- I've tried with Firefox and MIE 11. Is everybody having this issue or is it just me, meaning there's something I need to tweak on my end?

Fixed

2
Link to comment
worik

worik

Posted
Posted
On 3/26/2019 at 10:23 PM, CPU said:

In case you don't like the captcha, you can always turn on the double authentication (like I do), in this case you will need to authenticate again (with your samrtphone) only if you use a brand new browser or computer.

:classic_huh: How do I do that? This double authentication? I think, I would like to do that.

Is that this thing with another security question? I have that but I still get this annoying google thing?

Link to comment
Guest

Guest

Posted
Posted
10 minutes ago, worik said:

:classic_huh: How do I do that? This double authentication? I think, I would like to do that.

Is that this thing with another security question? I have that but I still get this annoying google thing?

Go in editing your profile:

Capture0.PNG

 

Then enable the Google authentication:

Capture.PNG

 

You need to download the google authentication app in your phone.

 

Link to comment
Guest

Guest

Posted
Posted

Not complaining , just reporting that the cursor became invisible after posting emoji and the posting further text after emoji in blog section is impossible. Didn't want to report earlier until it became a often problem.

Link to comment
Tirloque

Tirloque

Posted
Posted

I think parts of the issue have been reported, but I wished to mention it as a whole :

— Forum's engine does not embed images's links into images anymore

— Forum's engine does not embed blog/threads links into embedded links anymore

— Forum's engine does not embed video links into video players anymore

 

=> Forum's embedding engine seems down (at least in the blog section and for youtube).

 

As a matter of fact I am not displeased that the forums does not eats images links automatically anymore, as I know the bbcode to get them displayed anyway. The thing is, we don't know the codes to embed videos or blog entries, so for those two types of content there's a pure loss of functionality (despite the forum handling perfectly well previously embedded videos). Is there someone (at IP Boards ?) that could give us the code to embed those type of contents ourselves ? I couldn't find any valid code from google on the topic. :classic_angel:

 

On a side note my thanks to Ashal for managing to make the site stable again ; and I am not bothered by capchas, which seem like a very small price to pay if it can avoid ddos attacks.

 

Link to comment
Vyxenne

Vyxenne

Posted
Posted

+1 for me too- I haven't tried blog threads/links, but I can attest that videos no longer self embed, and the [youtube][/youtube] pseudoBBcode that works elsewhere doesn't work here.

 

Image links are easy to hand-embed using standard BBCode tags but I can't find any BBCode tags to embed videos and the YouTube "Embed" links don't work either.

Link to comment
Tirloque

Tirloque

Posted
Posted
On 4/1/2019 at 1:38 PM, Tirloque said:

=> Forum's embedding engine seems down (at least in the blog section and for youtube)

16 hours ago, Vyxenne said:

+1 for me too- I haven't tried blog threads/links, but I can attest that videos no longer self embed, and the [youtube][/youtube] pseudoBBcode that works elsewhere doesn't work here.

 

 

My thanks to the admins, all the embedding is working again ! Smiley_jap_HFR.gif

 

 

 

 

 

 

 

 

Link to comment
Tirloque

Tirloque

Posted
Posted
1 hour ago, Rektas69 said:

I'm yet to be able to edit my topic, it's nearly 2 months and I can't change anything in there besides posting comments. 

If the buf can't be fixed, maybe you can work around it ? Why not copy-paste the content of your topic into a new, unbugged one ? And then just ask a moderator to redirect from the old topic to the new ? :classic_angel:

Link to comment
Guest

Guest

Posted
Posted
1 hour ago, Rektas69 said:

...

 

7 minutes ago, Tirloque said:

...

If you need help to edit a post, just ping me. Better on Discord.

I will help, if possible.

Link to comment
MadMansGun

MadMansGun

Posted
Posted
On 4/1/2019 at 4:38 AM, Tirloque said:

embed blog/threads links into embedded links

NOOOOOOOO I FUCKING HATE THAT FEATURE.

 

it makes posting many links at the same time a fucking nightmare.

it makes editing a post a fucking nightmare.

it makes doing any fucking thing a fucking nightmare.

 

 

Link to comment
Guest
This topic is now closed to further replies.
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

View Community Rules

Help Support LoversLab

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. For more information, see our Privacy Policy & Terms of Use