Professor Paddle: Server Feedback vanlinelogistics.com Seattle Washington (WA) Warehousing & Order Fulfillment vanlinelogistics.com Seattle Washington (WA) Warehousing & Order Fulfillment vanlinelogistics.com Seattle Washington (WA) Commercial Relocation vanlinelogistics.com Warehousing & Order Fulfillment
Professor Paddle Professor Paddle
  RegisterRegister  LoginLogin
Home Calendar Forum FSBO Gallery PPages Reviews Rivers Links
  Active TopicsActive Topics  Display List of Forum MembersMemberlist  Search The ForumSearch
Ideas / Issues / Problems / Fixes / Updates
 Professor Paddle : Site Support : Ideas / Issues / Problems / Fixes / Updates
Message Icon Topic: Server Feedback Post Reply Post New Topic
Author Message
James
Admin
Admin
Avatar
Sum Dum Guy

Joined: 31 Dec 2004
Online Status: Offline
Posts: 3595
  Quote James Replybullet Topic: Server Feedback
    Posted: 23 Jul 2008 at 1:00pm
I am in the process of doing a bunch of work on our codebase and our server.

My goal is to optimize the speed of our SQL server by refining SP's and of course by locking down the access tighter to prevent these super annoying SQL insertion attacks that are almost occurring daily now.

This thread is for members to offer feedback on any error's they are receiving or problems they are having when they log in. Or if you see a great improvement in speed let me know so I can see were on the right track.


Were using a new Member Baning tool that bans IP ranges and users that register with certain email addresses and certain forum names. If your IP, Username, or email address is listed on this page, your going to have difficulty using the site. http://www.stopforumspam.com/

Further more if you are in certain regions of Russia and China you might be banned simply because I think your regional IP is prone to abusive and malicious people. If that pisses you off, go talk to your neighbors and try to figure out who is giving you a bad name before the whole internet bans you for the stupid actions of your comrades.

Thanks
James
IP IP Logged Send Private Message Send Private Message
septimus prime
Big Boofer
Big Boofer
Avatar

Joined: 02 Jun 2007
Online Status: Offline
Posts: 502
  Quote septimus prime Replybullet Posted: 23 Jul 2008 at 1:05pm
Hey James,
 
Yesterday when I tried to log on through firefox, it would say log in successful returning to last page, but when I got there I was still not logged on.
 
When I used internet explorer, I had no problems.
Jon Shell Bee
IP IP Logged Send Private Message Send Private Message
RemAcct2
Limited Access
Limited Access
Avatar

Joined: 15 Jun 2005
Online Status: Offline
Posts: 2643
  Quote RemAcct2 Replybullet Posted: 23 Jul 2008 at 5:22pm

James - I am happy to help you with this.  The key is to seperate the reader account from the writer account, and make sure that the reader account can't do updates.  Additionally, only logged in users should be able to utilize the writer account.  Also, none of the accounts should have access to the calls which enumerate tables (access to system tables should be blocked).  While IP addresses are a good measure, the main point of banning IP addresses is to minimize denial of service attacks at the router/firewall level.  The best solution is to contain all database access in a middle tier - either .Net components or TSQL stored procedures, but that will take a while to refactor.

With respect to Jon's issue, I have the same problem.  Best I can tell, PP uses two different, and sometimes incompatible ways to fetch/store cookies.  I could tell you more, but I'd need to examine the codebase.
IP IP Logged Send Private Message
James
Admin
Admin
Avatar
Sum Dum Guy

Joined: 31 Dec 2004
Online Status: Offline
Posts: 3595
  Quote James Replybullet Posted: 23 Jul 2008 at 5:34pm
Leif thanks for the feedback, of course I am not sure why you keep offering to help when you have no intention of doing so. As always I have the same list of things that I have suggested to you, if you ever want to help let me know but don't keep offering if you don't want to help.

The site uses two seperate accounts a reader and a writer and a few others for different purposes, gauges ect...

Were getting DOS attacks, and SQL attacks from member accounts that have signed up with Gmail accounts, activated and then launched attackes as a signed in user. I am taking additional steps to prevent this stuff but it just means locking down the site more and more.

The problem Jon is having is seperate, I have a gliche where if you visit the error not logged in page then sign it it redirects you to your last page, being the not logged in page. I have known about that but it has been a low priority.
IP IP Logged Send Private Message Send Private Message
RemAcct2
Limited Access
Limited Access
Avatar

Joined: 15 Jun 2005
Online Status: Offline
Posts: 2643
  Quote RemAcct2 Replybullet Posted: 23 Jul 2008 at 7:21pm
So, James, I would like to help, though I am not sure I have the time to take on larger, stand-alone projects.  As you know, I have a fairly demanding work schedule, though I would like to find a way to contribute to this site.
IP IP Logged Send Private Message
Post Reply Post New Topic
Printable version Printable version

Forum Jump 		You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum