Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Aineko Macx
|
Posted - 2009.10.29 07:56:00 -
[1]
Given the latest wave of account compromises, I propose the following feature, which allows a user to detect if his account was accessed by someone other than himself:
On the character choosing screen, display the time of the last log in together with the name of the network host accessing (obtained by a reverse DNS lookup). This reveals the provider used, so if the user is a roadrunner customer but the last log in shows something like ip.hsd1.mi.comcast.net it's obvious that somebody else accessed it.
To be effective, the accesses to the account and character management pages on eve-o must also be logged and displayed. The feature can be further enhanced by using a whitelist, where the user specifies his provider or IP range. As soon as an access from outside of that whitelist happens, a warning mail is sent to the user. This could also trigger other measures, but that is to be discussed.
Share your thoughts!
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2009.10.29 08:03:00 -
[2]
|
Robdon
|
Posted - 2009.10.29 08:28:00 -
[3]
|
Sparkling Lord
|
Posted - 2009.10.29 09:19:00 -
[4]
|
darius mclever
|
Posted - 2009.10.29 09:21:00 -
[5]
|
Tyrael Primus
Paxton Industries Paxton Federation
|
Posted - 2009.10.29 09:29:00 -
[6]
|
Ravenja
|
Posted - 2009.10.29 10:08:00 -
[7]
CCP has those logs anyway, so I don't see technical problems, but currently they can only look at the data after disaster has struck. This feature gives the players a warning system.
|
Fano Phartax
|
Posted - 2009.10.30 18:56:00 -
[8]
|
Junpeir Sintara
The Professional's Club Fatal Ascension
|
Posted - 2009.10.31 07:56:00 -
[9]
|
Pax Ratlin
Serenity Ascension
|
Posted - 2009.10.31 11:15:00 -
[10]
Some or all of this plz
|
|
Orb Vex
THE R0NIN
|
Posted - 2009.10.31 11:29:00 -
[11]
|
Saju Somtaaw
Diiamond Heavy Industries MagiTech Corp
|
Posted - 2009.10.31 18:37:00 -
[12]
I'm using my 5 minute token to approve this product and/or service. ---- --- ---
|
Agent Known
|
Posted - 2009.11.01 06:14:00 -
[13]
Originally by: Saju Somtaaw I'm using my 5 minute token to approve this product and/or service.
On another note, I also have an annoying sig.
inaftertimeflux |
Aineko Macx
|
Posted - 2009.11.05 06:42:00 -
[14]
Bumping a proposal with 100% aproval |
Shai 'Hulud
Guiding Hand Social Club
|
Posted - 2009.11.05 06:50:00 -
[15]
|
Haxfar Portlaind
|
Posted - 2009.11.05 08:19:00 -
[16]
|
Scerolikk Teromni
|
Posted - 2009.11.05 08:56:00 -
[17]
Put this on the fancy new character selection screen please. Gmail does this... EVE should too.
|
Egilmonsc
Broski Enterprises No Fun Allowed
|
Posted - 2009.11.06 01:18:00 -
[18]
Where we're going, we won't need eyes to see. |
Kazuo Ishiguro
House of Marbles
|
Posted - 2009.11.06 10:50:00 -
[19]
Yes please. --- 34.4:1 mineral compression ISRC Racing, Season 7 - schedule |
Ryric Krael
|
Posted - 2009.11.06 21:53:00 -
[20]
Very sound and fesible idea. Of course if someone compromises my account I suppose it will be moot seeing as they would change my pwd and/or email address if they really wanted to do some damage.
|
|
Cryodorph
Evefleet Academy Retribution.
|
Posted - 2009.11.07 16:44:00 -
[21]
|
Hashin Kyojin
|
Posted - 2009.11.07 19:29:00 -
[22]
|
cBOLTSON
Point of No Return Gentlemen's Club
|
Posted - 2009.11.08 23:24:00 -
[23]
The proposal to have login times displayed I think is a great idea.
/supported
|
Alfons Richthofen
Die Luftwaffe
|
Posted - 2009.11.09 19:04:00 -
[24]
|
Aineko Macx
|
Posted - 2009.11.13 11:48:00 -
[25]
Bumping a proposal with 100% aproval
I found that CSM is looking into account security, but my proposal offers a different (IMHO better and simpler) solution.
|
Elaine McMenace
|
Posted - 2009.12.14 09:13:00 -
[26]
Yes please.
|
JaseNZ
|
Posted - 2009.12.14 09:55:00 -
[27]
I agree with the last logged in from xxxx.isp.net part, but showing the full address could really open a can of worms, in the form of PO'd users attacking the last accessed from ISP.
Perhaps masking or cloaking part of the complete address could be done, to maintain some matter of privacy, yet still show the user someone from some other connection has used their account, so that the full address cannot be obtained by the account user for malicious purposes.
|
Omega Flames
Last Resort Inn SYSTEM SHOCK INITIATIVE
|
Posted - 2009.12.14 15:31:00 -
[28]
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |