Ideas / Issues / Problems / Fixes / Updates: Server Feedback

Server Feedback

Printed From: ProfessorPaddle.com
Category: Site Support
Forum Name: Ideas / Issues / Problems / Fixes / Updates
Forum Discription: Find something broken, Have an Idea, Find something new!
URL: http://www.professorpaddle.com/forum/forum_posts.asp?TID=7134
Printed Date: 24 May 2025 at 8:13am

Topic: Server Feedback

Posted By: James
Subject: Server Feedback
Date Posted: 23 Jul 2008 at 1:00pm

I am in the process of doing a bunch of work on our codebase and our server.

My goal is to optimize the speed of our SQL server by refining SP's and of course by locking down the access tighter to prevent these super annoying SQL insertion attacks that are almost occurring daily now.

This thread is for members to offer feedback on any error's they are receiving or problems they are having when they log in. Or if you see a great improvement in speed let me know so I can see were on the right track.

Were using a new Member Baning tool that bans IP ranges and users that register with certain email addresses and certain forum names. If your IP, Username, or email address is listed on this page, your going to have difficulty using the site. http://www.stopforumspam.com/

Further more if you are in certain regions of Russia and China you might be banned simply because I think your regional IP is prone to abusive and malicious people. If that pisses you off, go talk to your neighbors and try to figure out who is giving you a bad name before the whole internet bans you for the stupid actions of your comrades.

Thanks
James

Replies:

Posted By: septimus prime
Date Posted: 23 Jul 2008 at 1:05pm

Hey James,

Yesterday when I tried to log on through firefox, it would say log in successful returning to last page, but when I got there I was still not logged on.

When I used internet explorer, I had no problems.

-------------
Jon Shell Bee

Posted By: RemAcct2
Date Posted: 23 Jul 2008 at 5:22pm

James - I am happy to help you with this. The key is to seperate the reader account from the writer account, and make sure that the reader account can't do updates. Additionally, only logged in users should be able to utilize the writer account. Also, none of the accounts should have access to the calls which enumerate tables (access to system tables should be blocked). While IP addresses are a good measure, the main point of banning IP addresses is to minimize denial of service attacks at the router/firewall level. The best solution is to contain all database access in a middle tier - either .Net components or TSQL stored procedures, but that will take a while to refactor.

With respect to Jon's issue, I have the same problem. Best I can tell, PP uses two different, and sometimes incompatible ways to fetch/store cookies. I could tell you more, but I'd need to examine the codebase.

-------------

Posted By: James
Date Posted: 23 Jul 2008 at 5:34pm

Leif thanks for the feedback, of course I am not sure why you keep offering to help when you have no intention of doing so. As always I have the same list of things that I have suggested to you, if you ever want to help let me know but don't keep offering if you don't want to help.

The site uses two seperate accounts a reader and a writer and a few others for different purposes, gauges ect...

Were getting DOS attacks, and SQL attacks from member accounts that have signed up with Gmail accounts, activated and then launched attackes as a signed in user. I am taking additional steps to prevent this stuff but it just means locking down the site more and more.

The problem Jon is having is seperate, I have a gliche where if you visit the error not logged in page then sign it it redirects you to your last page, being the not logged in page. I have known about that but it has been a low priority.

-------------

Posted By: RemAcct2
Date Posted: 23 Jul 2008 at 7:21pm

So, James, I would like to help, though I am not sure I have the time to take on larger, stand-alone projects. As you know, I have a fairly demanding work schedule, though I would like to find a way to contribute to this site.

-------------

Print Page | Close Window