Menu
What's New
By:
Filters

Added captcha for website login

Dmatrix said:
Ok just did that, everything looks as it should there. Any other ideas?
Click to expand...

As the website uses cache-forever in the metadata, it may be necessary in some browsers to clear your cache.

Also try a forced refresh
Windows: ctrl + F5
Mac/Apple: Apple + R or command + R
Linux: F5
 
Just tried a force refresh and also did the DNS flush, still the same issue.
 
Dmatrix said:
Just tried a force refresh and also did the DNS flush, still the same issue.
Click to expand...

last thing i can think of is getting a new ip from your router

so unplug it, leave it for 15 sec and plug it back in
 
Nikto said:
You have this issue with whole http://entropiauniverse.com/ or only with https://account.entropiauniverse.com/ ?

And what error you got in your browser? (if you got any)
Click to expand...

Only have the issue with https://account.entropiauniverse.com/

The actual website works fine, just when i click to log into my account it times out. Here is what i get on my firefox:

The connection has timed out

The server at account.entropiauniverse.com is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.


Here is what i get on Chrome:

This webpage is not available

ReloadHide details
Google Chrome could not load the webpage because account.entropiauniverse.com took too long to respond. The website may be down, or you may be experiencing issues with your Internet connection.
Check your Internet connection
Check any cables and reboot any routers, modems, or other network devices you may be using.
Allow Chrome to access the network in your firewall or antivirus settings.
If it is already listed as a program allowed to access the network, try removing it from the list and adding it again.
If you use a proxy server...
Check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server: Go to the Chrome menu > Settings > Show advanced settings... > Change proxy settings... > LAN Settings and deselect "Use a proxy server for your LAN".
Error code: ERR_CONNECTION_TIMED_OUT
 
Gonna go out on a limb here and ask if your browser is set to block pop-up windows and/or redirection for this site? I know it's obvious but sometimes, the simplest thing...
 
Dmatrix said:
Only have the issue with https://account.entropiauniverse.com/
Click to expand...
Try to open debug console (press F12) in your browser, switch to Network Tab and refresh page.
Maybe you will be able to see what exactly timeout.

Also can it be related to https? (whole site using http)
Try to check if you have https proxy in your browser (that's another way to do MITM).
 
really do have to wonder where they get sys admins, programmers and app architects from at MA. a simple account lock on x tries would be of far more use than this.
 
Other forms of Captcha. and how it could work if MA programmed it right.

Well after looking at this , while the idea is sound on paper, the actual execution is sadly shortcoming.. and here's why..

With any solve the math problem one they could easily get around it with a sspambot as someone pointed out..

However.. there could be a way around this as well to counter and it's the same type of programming that the current Gold Card Security has...

and it should be fairly simple for MA to implent.

The idea is that the captcha wouldn't be a simple math problem or a simple thing that any unaided computer could do and this includes OCR Code types (The ones that appear in a myriad of "Noise' that you have to put in correctly to access..

Antoehr item could be that they could use a picture puzzle captcha and agian no one but a human could ssemble a puzzle . only a human could..

Now here's the additional security would be..

again like the gold card, You'd get 3 chances to csolve the captcha, and if you fail the account gets temp locked.. period.. iN short, you screw up and make 3 strikes you are out of the game..

but there would be a way around as well, and in fact this would be the most dificult of them all.

And that is in fact to acutally post rather personal questions that only the players could answer.. Like your pet's first name, your mother's maiden name, the grocery you shop at or even the city you live in.. In fact a myriad of choices could be used (And this is in fact could be changed even..


In short, I've just given 3 additional security levels to the actual log in screen just by suggesting them..

The poiint is this.. The real issue would be the number of times you could log in.. and I think the 3 strikes rule would be perfect..

Now I also do have to question.. Where does MA get their programmers from Kelly Temporary Services here in teh States? (Or maybe some equivalent in sweden?) or do they just have kids who are college students whoa re paid a meager wage to program a computer


So until MA comes up with a stronger way to enforce and lock down accounts from getting hacked, the only two options are thus..

1. Change your password frequently.. and the more complex the better..

2. Get a gold card and reader... they're only at most 30 bucks and they're a lot safer than most of the current ways that MA protects the system. In fact without te gold card, there's theoretically no way someone can get in, and this is the fact that a temp lock and lost time is much better than getting robbed by a hacker..

That's all I'm going to say on this matter.

Benjamin Ben Coyote (Spacepilot Callsign "Coytoe)
a.k.a. "The Blind Sniper" and "His_Dog_Spot"
 
BenCoyote said:
(...)
2. Get a gold card and reader... they're only at most 30 bucks and they're a lot safer than most of the current ways that MA protects the system. In fact without te gold card, there's theoretically no way someone can get in, and this is the fact that a temp lock and lost time is much better than getting robbed by a hacker..
(...)
Click to expand...

This is SO NOT TRUE! :).

Gold card should prevent hacker from logging in if he knows your login+password - fact.

It does not protect you vs "man in the middle" attack assuming hacker has virus on your computer - fact.

If you do not know how the attack could be executed i can explain in PM if you like.

@edit:
assuming that you have virus on computer but you still have proteced e-mail account that hacker does not have acces to it yet - better soltuon is making safe machine list on MA servers. Without access to e-mail he cannot add his computer to safe list - can't log in.
So that is way better protection (you could use totally different e-mail for Entropia that you would log in only when adding new machines - of course before doign so - make absolute sure you are logging in from no virus machine) than GC and has no costs and is much more convinient than GC system.

Falagor
:bandit:
 
Last edited:
Just get a Gold Card and then all the captcha crap is a non-issue
 
attachment.php
 
Mehhh, 80 posts on a simple CAPTCHA announcement and in less than 24 hours :eyecrazy:

Posting my fav Bluebell Pic as I'm sure no one will get this far into the post, as they will have lost to the will to live many posts ago :wise:





Have a nice day everyone!

Dirk
 
Dmatrix said:
Still doesnt work. Ok so here is what i found. I reset my internet, still wont load the log in page. So i tried logging in from my phone after disabling my Wifi and it loaded the new login page. So my question is this. Why isnt my internet loading the new login page, it just times out. Before this additional login security i never had a single issue loading the login page. Any help would be greatly appreciated.
Click to expand...

That is weird and raises some flags to me. Maybe the IP target for hostname entropiauniverse.com was changed to redirect you to another site to phish your password.

I'd suggest to check hostfile and DNS settings if you see anything suspicious there. Maybe that was the way the hackers gor your credentials ?

edit: Ah my bad, way too late...
 
Dirk said:
Mehhh, 80 posts on a simple CAPTCHA announcement and in less than 24 hours :eyecrazy:

Posting my fav Bluebell Pic as I'm sure no one will get this far into the post, as they will have lost to the will to live many posts ago :wise:





Have a nice day everyone!

Dirk
Click to expand...
Nice pic! :beerchug:
 
math captcha is just to thwart machined attempts

gold card best to thwart humans, 2 step authentication
 
Why do people keep saying that? Math captcha is absolutely the easiest thing in the world for a brute force bot to bypass. It will add nearly no slow down to any modern brute force program.

Its the fact that MA seems to have no protection against brute forcing, which should be system security 101, compounded with the fact that they think match captcha will stop it that makes me deeply disturbed about the security of this game going forward.



MA was able to skimp on security by being too small or too unknown to most organizations. Now that the chinese gold scammers are here its going to get a lot worse before it gets better.
 
I also can not access the account page. I tried google dns and that made no difference.
I can access the main entropiauniverse.com page just fine but when trying to access the account one it cant.
 
Can't access the account page also

narfi said:
I also can not access the account page. I tried google dns and that made no difference.
I can access the main entropiauniverse.com page just fine but when trying to access the account one it cant.
Click to expand...

Same problem :/ now i can't keep track of total ped ammount...

(Problem solved by restarting rooter)
 
Last edited:
useless

Brute force take years in standard 8 password digits
and if guy get keylloger captcha dont help much and most time i feel annoying type this crapy

if you want make somekind block if guy enter password wrong 5 type get ban for 5min (i dont like to) since usual i need remember whats pass for specify site i drop(yes 1 for each damm site in web/account)
 
I guess someone didn't like my post in this thread. New posts and it didn't list in my User CP today.:scratch2:
 
Wollongong said:
What does this mean? If you have a GC, nothing changed? Or...if you have a GC, everything will be as you have been used to, AFTER you pass the captcha?
Click to expand...
Sadly you need to enter CAPTCHA _before_ GC one time code. So just extra waste of time. Yes, it's just 1-2 seconds, but still.
 
and outcome ...
my disciple got hacked TODAY
so another +-200 peds for those:censored:
 
worthless form of additional level security
 
Problem to login on website with GC

I can login on website with the captcha login, than i enter goldcard numbers, bad code, but it's not bad code...

I successfully log on ingame by doing same thing, bug or not? :confused:

Support Case made on this matter
 
You must log in or register to reply here.
Back
Top