Some comments were made in the staff chat about our security, that people feel I went overboard.
People also believe that other websites in the gmod community specially prime hacker targets does not use the same security.
I come on video to prove a point.
Just 2 days ago we had 56 attack attempts on our config files Trying to take our site over. which i posted in the staff chat.
Ask any staff member to confirm this.
Think twice and do a little bit of research before lobbying to the admins and staff to have the protection removed.
We have hundreds of players here probably over 6 figures in dollars in total games and items in peoples accounts in total.
But Fish I Hear You Exclaim!
Our steam passwords are not logged on our site our passwords are safe
My reply:
A hacker can produce a man in the middle attack modify our links and make fake phishing pages to send plain coded passwords to them.
It is real easy just use google.
In fact let me google that for you
http://lmgtfy.com/?q=how+to+create+a+fak...login+page
MyBB is not a professional forum with paid round the clock 24/7 security staff to thwart attacks like Enjin.
It is an amature project made by some people, perhaps some fresh college grads trying to make a name for themselves to get noticed, who got together to make a free forum.
They do their best, but I have seen for my self MyBB hacked, passwords stolen, and put on the black market in a matter of moments.
Think about others, and think about dinkleberg's liability if security is breached.
Thats all.
Thank you.
Also another thing....
We dont have encryption on this website We do not have a SSL from a CA something we desperately should have
A SSL from a CA costs money. I cant afford to pay for one I am sorry. I'm out of work right now due to a surgery, I cannot do it.
What is a SSL?
"SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers."
Read more on an SSL here
So again before you say something about the security....
We are not secure
We have ZERO encryption here
Everything transmitted on our website is PLAIN TEXT that ANYONE can see and possibly even inject their own code into since its plain text
(can you imagine an injection attempt without our current security They wouldnt even need an account they could inject code into a forum view from an admin and use their account like what they did on 4thlife)
Perhaps someone or a few of you would like to step forward and donate some money towards a SSL certificate from a CA so we could be further protected that would be really thoughtful.
The price of an SSL can range greatly and have an anual cost
The cheapest are about 9$ a year and provide minimal low bit encryption (still better than nothing) to 40$ a year for medium bit encryption and 250$ for strong 256bit encryption. Some providers even come with insurance in case the server is hacked they cover the cost of repairs and loses. Such as RapidSSL at 12$ a year has 10k$ worth of insurance in case of a loss or damage, 256bit encrypted, domain verification to prevent phishing and, site seal, and has 24/7 support so i can call someone for help.
For such a low cost encryption and 10k$ worth of insurance would be nice you could pay for someone to come here and rebuild the server and compensate a players losses if we got trashed.
Here is a like to some cheaper providers if someone wants to consider helping out.
https://aboutssl.org/worlds-top-15-cheap...ders-2017/
Many of these companies offer 30 day trials that we can also test to make sure they work before we purchase which is very important.
So if you wanna help discuss it below
Let me get a trial before tossing money at one of these companies.
Most companies also offer a 30 day refund too some dont. We need to make sure they are server compatible and browser trusted.
![[Image: insecure.png]](https://preview.ibb.co/eJ8hAG/insecure.png)
![[Image: insecure2.png]](https://preview.ibb.co/gXescw/insecure2.png)
People also believe that other websites in the gmod community specially prime hacker targets does not use the same security.
I come on video to prove a point.
Just 2 days ago we had 56 attack attempts on our config files Trying to take our site over. which i posted in the staff chat.
Ask any staff member to confirm this.
Think twice and do a little bit of research before lobbying to the admins and staff to have the protection removed.
We have hundreds of players here probably over 6 figures in dollars in total games and items in peoples accounts in total.
But Fish I Hear You Exclaim!
Our steam passwords are not logged on our site our passwords are safe
My reply:
A hacker can produce a man in the middle attack modify our links and make fake phishing pages to send plain coded passwords to them.
It is real easy just use google.
In fact let me google that for you
http://lmgtfy.com/?q=how+to+create+a+fak...login+page
MyBB is not a professional forum with paid round the clock 24/7 security staff to thwart attacks like Enjin.
It is an amature project made by some people, perhaps some fresh college grads trying to make a name for themselves to get noticed, who got together to make a free forum.
They do their best, but I have seen for my self MyBB hacked, passwords stolen, and put on the black market in a matter of moments.
Think about others, and think about dinkleberg's liability if security is breached.
Thats all.
Thank you.
Also another thing....
We dont have encryption on this website We do not have a SSL from a CA something we desperately should have
A SSL from a CA costs money. I cant afford to pay for one I am sorry. I'm out of work right now due to a surgery, I cannot do it.
What is a SSL?
"SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers."
Read more on an SSL here
So again before you say something about the security....
We are not secure
We have ZERO encryption here
Everything transmitted on our website is PLAIN TEXT that ANYONE can see and possibly even inject their own code into since its plain text
(can you imagine an injection attempt without our current security They wouldnt even need an account they could inject code into a forum view from an admin and use their account like what they did on 4thlife)
Perhaps someone or a few of you would like to step forward and donate some money towards a SSL certificate from a CA so we could be further protected that would be really thoughtful.
The price of an SSL can range greatly and have an anual cost
The cheapest are about 9$ a year and provide minimal low bit encryption (still better than nothing) to 40$ a year for medium bit encryption and 250$ for strong 256bit encryption. Some providers even come with insurance in case the server is hacked they cover the cost of repairs and loses. Such as RapidSSL at 12$ a year has 10k$ worth of insurance in case of a loss or damage, 256bit encrypted, domain verification to prevent phishing and, site seal, and has 24/7 support so i can call someone for help.
For such a low cost encryption and 10k$ worth of insurance would be nice you could pay for someone to come here and rebuild the server and compensate a players losses if we got trashed.
Here is a like to some cheaper providers if someone wants to consider helping out.
https://aboutssl.org/worlds-top-15-cheap...ders-2017/
Many of these companies offer 30 day trials that we can also test to make sure they work before we purchase which is very important.
So if you wanna help discuss it below
Let me get a trial before tossing money at one of these companies.
Most companies also offer a 30 day refund too some dont. We need to make sure they are server compatible and browser trusted.
