Posted on 03/16/2025 6:09:41 AM PDT by Lazamataz
I've noticed, over the years, that very old Free Republic accounts, accounts that have been inactive for months or years, suddenly reactivate.... but their politics are suddenly suspect.
Be they Zeeper-oriented (that is, super-favorable to Ukraine) or, conversely, super-favorable to Russia, or even suddenly-liberal... these accounts reactivate with a flurry of posts that are contrary to conservatism.
Are these real Freepers who have had a change of heart about their politics? Are these real Freepers who feel the need to jump on the forum with propaganda and support for one side or the other per the Ukraine/Russia war?
Or are these hijacked accounts?
People will recall some time back, quite a few accounts of active Freepers were hijacked. It created a bit of a problem. When all was said and done, the accounts were returned to their rightful owners, and the site owner (and his moderator crew) pointed out that their passwords were very easy to guess. He instructed people to have stronger passwords.
I also have a friend on Facebook who no longer participates in the forum, but still reads it, who has seen a Freeper posting who he happens to know has been dead for more than a decade.
The problem is, we have far too insecure a login process, and enemies of the forum have been exploiting that.
At the login page, you can attempted unlimited login attempts. This will allow simple brute-force password cracking.
Also, the Forget Password option sends an email with your password in clear text. Emails can easily be sniffed with the right techniques. Passwords can easily be cracked that way.
My suggestions to mitigate these critical security concerns are:
These relatively-simple security changes will stop account-hijacking.
My opinion counts
I have contributed and been here
Come on, Laz. I bet you’ve got some juicy fanciest secrets ☺️😋😎 Don’t be coy with us.
There’s a keyword stalker who defaces nearly every Freeper-generated thread, so I’ve called the cowardly punk out and he remains a coward and won’t show his punk-ass little bitch face.
What I would suggest is a nominal membership fee of about $10 or so per month for the privilege of posting threads. Replies to those threads would still be free for any member, whether they are a paying member or not.
In addition to the thousands of dollars per month benefit to FR by preferred members, this would also reduce the number of threads and make this place a more streamlined source of news.
And to repeat myself, any registered member is free to post replies, but only privileged members can post threads
Good to hear from you. Hope you have been well. :)
I think email confirmation after a period of non use is a good option for sure, maybe a month like was already mentioned. But you wouldn’t want to hassle everyone with it to log in every day. But making it default as “Remember me” is a big problem. On our site this is forced to expire after a set number of hours even if users choose the remember me option. We have to be honest, logging back in is not actually that much work. And a limit of login attempts and a waiting period for the wrong password three times in a row would be good. And/or an email confirmation after three failed attempts.
I think a lot of this worry comes from the habits of the users themselves. Strong passwords, clearing tracking cookies religiously, and using script blockers would go a long way to making their own accounts more secure. I don’t think the site is the problem so much as hitchhiking scripts from other websites logging usernames and passwords when we sign in. The FR can’t stop that, we have to ourselves.
Google is the worst about this as I pointed out with a post here one time. And you don’t have to go to Google. They have spyware on just about every site on the global internet. Land on one of these sites with hidden Google scripts and you are already compromised. All they have to do is hand that to a human and bingo the FR has a new user with an old name.
The problem is a difference between human users and bots. Bots can be dealt with fairly easy with a “honeypot” login which can be implemented. Same with auto AI loggin. But humans are the real problem. They are hard to deal with if they get the password. There is no way to keep them from getting the usernames because the front end is open to the public.
But now that this has been mentioned. Removing “public” access to profile details and posting history of users is a huge issue. This is how they find out who a missing user would be. To leave this information wide open to the general public without being logged in is a practice that has not been done for a long time now in the industry. It really is not the general public’s business, it is only community business. If they want to know more then join and log in...
But with all that said I was thinking about this today. First let me say I absolutely love this old light webscript still being used after all these years. It was one of my first comments after I joined here. It is the ultimate in old school simplicity and a lot of the member love it. So to keep it simple there is a way to prevent any compromises that would be pretty simple but it would take a minute of effort from admin or a mod once a week...
Assuming “Remember me” times out after a number of hours. An additional field could be added to the login page. This additional field would require an additional secret second password distributed from the site to members once a week. The distributed password for the second field would be good for the following week. A logged in member only can see and find the link to this weekly password. And if it is not also filled in correctly three times it defaults to a waiting period and/or email confirmation.
So two passwords one from the user and one secret distributed from the site it’s self. Or it defaults to a waiting period and/or email confirmation. And the second password could just be a long randomly generated number users could copy and paste to their notes for the week. Just a thought...
Keyboard jerks like that truly are cowards, literally posting from mommy’s basement. Probably uses mommy’s car to drive DoorDash. She still pays his bills and washes his clothes, too. Hides behind her skirt. Never had a girlfriend either. He’ll get no respect from me.
Hmmm.
Evidently Grok has inside information that Laz now prefers non-gender specific pronouns.
Fees not a part of the design
—————————————————
But 365 day freepathons are. If this model pays the bills then I’m fine with it. I just wonder if more mainstream, traditional ways of running a website like this wouldn’t be more financially productive.
“What I would suggest is a nominal membership fee of about $10 or so per month for the privilege of posting threads. Replies to those threads would still be free for any member, whether they are a paying member or not.
In addition to the thousands of dollars per month benefit to FR by preferred members, this would also reduce the number of threads and make this place a more streamlined source of news.
And to repeat myself, any registered member is free to post replies, but only privileged members can post threads”
Ok. That sounds reasonable. That would allow lurkers and those seeking the truth (that can’t afford to pay) to still be able to access the forum. I can’t argue with that proposal.
Keyword stalkers. As you probably know the moderators know who posts these keywords, and from time to time they will post the names of the punk ass little bitches as a warning to STFU.
“this would also reduce the number of threads and make this place a more streamlined source of news.”
I don’t want the number of threads reduced! I want MORE posts, more threads, more comments.
And that somehow is bad?
““this would also reduce the number of threads and make this place a more streamlined source of news.”
I don’t want the number of threads reduced! I want MORE posts, more threads, more comments.”
That was not my comment. It was quoted from Responsibility2nd.
I never have to login in to FR except with a new browser, but I have been a single user for decades.
I think a lot of this worry comes from the habits of the users themselves.
Exactly.
Google is the worst about this as I pointed out with a post here one time. And you don’t have to go to Google.
Yet Google does seem to take security seriously as regards outside threats. If I login on a different browser or PC then it tells me, and last week it told me of some of my info being on the dark web. And it has called me even on a landline with a one-time passcode sometimes.
y I absolutely love this old light webscript still being used after all these years. It was one of my first comments after I joined here. It is the ultimate in old school simplicity and a lot of the member love it. So to keep it simple
Indeed, thank God. As said, an edit feature would be good, but for a desktop user at least, it is superior to any forum I have been on.
Assuming “Remember me” times out after a number of hours. An additional field could be added to the login page. This additional field would require an additional secret second password distributed from the site to members once a week.
I think most would object.
Surely you are not serious, but Musk should deal with Groks Wokecoding. And recommend fanciestism anonymous.
“When and if our participants decide we are no longer needed or viable, we will close down shop and go away.”
And that will never happen.
Yes. This forum is for conservatives, not people who have “met the meaner side of conservatism.... Some folks are quite scary.”
I would grumble a bit at that but I would get used to it. When my credit union dropped that call-with-a-number I went in to the office and explained to them that I was annoyed that they were making my account easier to hack. I think some others had the same complaint and the two factor numbers got reinstated with two more digits.
And? So you want an echo chamber?
“I think most would object.”
Well here is the reality of that. If you implement anything that even requires one extra mouse click it will immediately be unpopular because it is “too much work”.
Well, leave it insecure then so that no one has to make that one extra click with the mouse. At some point common sense priorities have to be made...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.