If you have a support question or comment, click the Post New Topic link below.
Current Version: 4.2.0 | Sytist Manual | Sytist Articles  | Common  Issues

Two Factor Authentication

 
Please log in or Create an account to post or reply to topics.
 
GC
34 posts
Sun Sep 18, 22
10:46 PM
I did a search and saw someone else asked about this in 2018. Any chance 2 factor authentication could be implemented for the admin account?

My main site is a wordpress based web site and it regularly gets hammered. This morning there were over 20 attempts to get in. Fortunately I use Wordfence that locks them out, as well as 2 factor authentication on my phone.

I just made my sytist password extremely long (over 30 characters) out of a genuine fear that my Sytist site which generates most of my revenue now, has minimal protection should it get targeted for brute force attacks.

However the ability to lock people out after a set number of brute force attempts, as well as 2 factor authentication would be very appreciated for peace of mind.

This is more elegant than asking my hosting company to institute a VPN tunnel and admin log in rules for me that would prevent any unauthorised internet log ins
 
 
 
 
 
Trailboy
240 posts
Mon Sep 19, 22
12:46 AM
I have very similar concerns and would appreciate the hardening of the security of sytist with totp. captcha isn't enough.
Edited Mon Sep 19, 22 2:58 AM by Trailboy
Elizabeth Andrews
97 posts
Wed Sep 21, 22
4:43 PM
Until such security features are available, I thought I'd share some of the things I do to help security and would be interested in hearing what other people do too.

SSL is a must.

Change the default login page address, don't advertise, or link it, and even exclude it from robots.txt and sitemaps.

I filter visitors by country, I only allow a handful of countries to even connect to my site. My clients are in Canada so they need to be able to connect, and I monitored the main search engine crawlers to find out which other countries and IP addresses I needed to allow as to not adversely impact my #1 position on google, bing etc. Outside that, I block everyone else, especially the "problem countries" where attacks generally originate such as Russia, China and the entire African continent. If they don't even know you are there, they can't get you!

Disable or severely limit SSH access to your host(s).

Make regular backups of your site and databases.

Use harsh DMARC policies on your domains, and 2 factor on your email - avoiding free services that harvest your data (such as google, hotmail etc).

As these are all things you can do now, it might give you some comfort until site specific solutions are developed.
 
 
 
 
 
GC
34 posts
Fri Sep 23, 22
10:35 AM
Much thanks.

Looking at this, most of this are things I need to discuss with my hosting company.

SSL isn't a problem. I think Google has us over a barrel with this and most modern browsers have made it next to impossible to be non-SSL and expect to stay in business.

I will need to talk to my hosting company about the default login page. Are you meaning its port value?

VPNs render blocking countries difficult now. Many of the hack attacks on me come from the USA, Canada, UK, Germany, Finland, and South Korea, as well as Ukraine and Russia which were once considered the home of these things. Curiously African nations as well as India are conspicuously absent in these attacks even through they are notorious. So the usage of VPNs by these people has made it difficult. Incidentally I am based in Malaysia, and I see hackers geo-tagged from here as well and I cant block them either.

SSH done

Back ups: Yes..regularly

DMARC - Google...how I hate thee. Many of my clients use Google and something in an email i sent to one f my customers triggered something in Google that has caused them to black list my main domain. I have friends involved i the set up of my countries email servers, as well as setting up for publically listed companies, ad after reviewing the "offending emails" told me that Googles algorithms are a god unto themselves. I have to use Gmail now sadly in my communications.

I do hope others have ideas, but 2 factor would really help me sleep better. Not sure why the admins have been silent on this topic. Hopefully they have it in the works.
 
 
 
 
 
Loading more pages
Loading more pages

Sign up for email promotions.

Your information is safe with us and won't be shared.

Thank you for signing up!

 
©2003 - 2021 Grissett, LLC. All Rights Reserved.

By continuing to browse or by clicking Accept Cookies, you agree to the storing of cookies on your device necessary to provide you with the services available through our website.

    Accept   Privacy & Cookie Policy
Loading More Photos
Scroll To Top
Close Window
Loading
Close