T.C.,

SQL injection protection and they turned it off?! <face-palm>

It's happened to me for long PMs and forum posts but not always. Yes, sometimes I get an SQL database error or a 500 server error then get locked out. So, the website host is employing some anti-spam/malware routines to block suspected malicious users and it's not a DNS problem.

Except, of course, when it is a DNS problem but an entry in your HOSTS file should take care of that so you'll never see it unless the IP address assigned to the site gets changed, then you won't be able to connect again until you fix the HOSTS file.

If the software is properly written the SQL injection is not a problem anyways. SQL injection is only possible if the forum software is not using parameterized queries or stored procedures to read/write to and from the database. It's not really that hard to prevent SQL injection attacks, but it takes a little more effort when writing the code to access the database than if you don't bother to protect yourself against them. It's what I do for a living, and the stuff I write while it will use queries that in theory can have an sql injection attack used on them, they are ones that no user input is involved in, based entirely on internal system variables that are vetted before use. I can understand the rule there, and it's almost exactly what I thought was happening, but I think the exposure it little to none, unless the board software is really poorly written, which I've not heard in my travels around the internet.

Cy, I don't think the website hosts are trying to protect anything specific, they're just blocking when their monitor picks up any activity that looks like someone might be attempting to be naughty.


Exploits of a Mom

I understand, I'm just saying it's a moot point if the software developers are doing THEIR job, because an SQL injection attack can't get through anyways. Done properly, an SQL injection will just end up as the contents of the field in the database as it won't be executed, where if not done properly, it can become code and that is how you get pawned in today's world. Of course the other bad one that lazy developers do is to store users passwords in plain text. I can't believe people still do that, it was common practice back in 95, but even back then I stored passwords as non-reversible hashes, as I always treated databases as something that could be stolen, in the old days by copying to disk, now it's by downloading them.

I'm afraid I don't understand what you guys are talking about. I did just get kicked off again. I'm at home.

What is it you get as a message? There are two things that can happen with two different causes.

1. Basically if you know how to check your browser gets a connection reset when trying to connect, this means you are getting the problem that TC is talking about.
2. An error reporting the server cannot be found, which if you dig further is reported as a DNS error. This is caused apparently by the DNS servers as the host site getting overloaded or some other problem. This problem is usually short lived.

Now it's possible that you found another way to get error number one, and have by getting an error (I'm guessing you got an error with the system before you got locked out) doing something, it's how it always happened for me. As is mentioned in the thread, there is a free vpn service that will get you in that work better than a proxy, AND if you use a hotel network/wireless which is often not secure and even then you don't know who is listening since others on that network can sniff your traffic will secure you session is a good idea for that, so I'm keeping it installed on my laptop just for that use.

I believe I got option #2. It's as if I'm looking for a site that doesn't exist.

VPN? I've heard the term, but beyond that, I'm clueless.

If your having to use a proxy to get to the site, google "hotspot shield", which is a free vpn service. It works pretty well, better than a proxy, and it secures your data with industrial quality encryption, so it protects your data on public hotspots or in hotels, and did I mention it's free. You just have to watch a short add when you connect.

All the proxies I tried without exception made following links on the site not work and lots of other functions not work, where hotspot shield has only one small side effect that I saw, that the back button often needs to be pressed more than once when using the vpn. So, if your having to use a proxy you might want to give it a try. But I believe that if you can get to the site through a proxy your actually getting #1, #2 has never in my experience lasted more than about 5 minutes, and a proxy has never been able to get around it for me.

PS, this works in a way that you don't have to know anything about how it works, it's designed for the normal user.

Cy, where were you when the Pentagon database got hacked the other day!?


Marty, you can set the IP address of XS11.com with the HOSTS file.

With a HOSTS file entry if the site is working and you haven't tripped a naughty filter somewhere then your computer will already have the IP address so your browser will just 'go' to the site. The entire Domain Name System (DNS) can keel over and die and you would still be able to connect to the site.

Be aware that it's not a permanent solution because if the nice people hosting the website change the IP address they assigned to the site you will not be able to connect and you will have to edit the HOSTS file again to put in the new IP address or disable/remove the entry so your browser will be able to look up the IP address from the DNS. That's why the DNS was invented in the first place but after more than a few decades just like most of us the DNS has put on some weight and it gets a little cranky sometimes.

In Windows XP the HOSTS file is found in:
C:\WINDOWS\system32\drivers\etc

The file is just named HOSTS in uppercase letters with no file extension.

If you are not using Windows XP just do a web search for instructions like: "edit HOSTS file name_of_your_operating_system_here" and follow the instructions for your operating system.

The HOSTS file is an important system file so it must be edited and saved with a plain text editor like Windows notepad.exe and you must have Administrator access to make any changes or the operating system will just laugh at you and give you a nice note telling you to go tell your mother she wants you.

Some security software like Spybot monitors the HOSTS file and might not allow any changes without wrassling with it a little first or the file could be set as 'Read Only' to prevent casual changes.

When you have made and saved the changes you will have to stop and restart the network connection so the changes will be picked up and used. If you don't know how to restart the network connection just reboot and don't worry about it.


Here is the relevant part of the HOSTS file on my computer:

Well, it's happening again!

Just wanted to post this for the possible NEW MEMBERS trying to get registered, that my access to the ADMIN section is once again being compromised. I was just making a POST to the site in another thread, and it dropped me, tried to get back, and got the connection reset error. It's happening with both my laptop and my desktop...both going thru the same router/FIOS modem. I'll be looking at trying the HOSTs file change, but I think I tried that before, and it didn't work...which I think tells me/us that it wasn't necessarily a DNS problem. I'm currently using a proxy server to access the site.

I emailed the prospective members with this information, but wanted to post it here as well so that they might see that it is an actual problem that we've encountered before!

Thank goodness for Proxies, and this thread!

Hey Cy, 3Phase, folks,

I downloaded the HotSpot Shield and installed it, and I was back into the site and the ADMIN section like I had never left!!! I don't know what was wrong with the reply to the thread I was working on that got my IP addy kicked off, but I'm back for now! The 4 waiting new members are now registered!

I'll try contacting the hosting company and let them know what happened AGAIN, and see if they can figure it out and UNBLOCK ME/my IP.

T.C.

I'm back!

Okay, sent the HOST company the information about my recent access loss, my current IP addy and such, they wrote me back today that they did find my IP in their FIREWALL....WHY ? they didn't say, but they removed it and added it to their allowed listing, so hopefully I won't get caught up in their security program again!?

T.C.

Sometimes I'll try to get on here and I'll get an error message saying "Internet Explorer cannot display this page". If I wait a few minutes and keep trying it will go through.

Sometimes the site will drop even when I'm on.

This happens on my home computer, work computer and my phone.

Glad my finding that proxy worked out for that situation. It's the one that really lets things work as if things are normal even when things are a mess, at least most of the time. It's nice to have all my experience and work over the years enable me to give advice that actually works unrelated to working on bikes. I'm hoping my brain disfunction from my accident gets better enough soon so I can fix up my auto cancel mod article so it can be properly published, I just can't do it right now, I'm not even spending very much time on the site because I can't tolerate the computer a lot of the time. I'm hoping my Dr's will be able to help me with it some more after my appointment later this week, cause this not being able to enjoy time online is getting old .

Whatever it is, it's happening on my computer too.
Say 25% of the time I hit my XS11 bookmark it says it can't find the site.
That's both from the bookmark and from the e-mail links.
Which is mildly annoying but I could go do something productive instead, eh?
What really gets to me is the 25% of the time when I painfully use my typing finger to spell out a post and hit the "submit reply" button and then the site bombs out and I lose it all.
WTF, I can Ctrl + c to save the message but I shouldn't have to eff around like that.