Am thinking how to limit the damage a hacker could do if they got into your VPS and it was logged into Bet Angel (running overnight Bots etc).
If u turn on confirm bets or limit exposure, it would help but might affect how bots would run.
Parking money on a dormant market might also help, as they wouldn't know how to find the account.
Mabe its over-stressing, but have had 3 VPS accounts hacked in 2 yrs.
VPS hacked
-
ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
Losing the Admin account will help cos they have to guess the userID and the password, not just a brute force attack on the password. And setting the #invalid attempts to 5 before it locks out for 30mins is a massive help too. Really slows down any attack.megarain wrote: ↑Thu Jul 30, 2020 3:04 pmAm thinking how to limit the damage a hacker could do if they got into your VPS and it was logged into Bet Angel (running overnight Bots etc).
If u turn on confirm bets or limit exposure, it would help but might affect how bots would run.
Parking money on a dormant market might also help, as they wouldn't know how to find the account.
Mabe its over-stressing, but have had 3 VPS accounts hacked in 2 yrs.
But as an extra layer of security maybe BA should have a locked mode when you leave it doing it's thing?....with a password to unlock it....with optional 2 stage authentication as belt and braces.
That would be v useful.But as an extra layer of security maybe BA should have a locked mode when you leave it doing it's thing?....with a password to unlock it....with optional 2 stage authentication as belt and braces.
-
firlandsfarm
- Posts: 2721
- Joined: Sat May 03, 2014 8:20 am
It's good practice even with your PC to only use the Admin account when you want to make administrative changes then log out and log back in as a Standard user.
Managed to lock myself out doing this, should have tested the user first before rebooting like you said in the previous postShaunWhite wrote: ↑Wed Jul 29, 2020 10:45 pmI've not looked at this for a year or more but this is/was my checklist. I think #6 might point to the place you'd enable/disable it?
Screenshot_4.png
Yeah .. its tough.
A lot of forum members have computer skills at a v high level, and assume others can follow instructions.
I am waiting for the post Euler promised, or will also resort to trying myself, and no doubt stuffing it up.
You have my sympathies.
A lot of forum members have computer skills at a v high level, and assume others can follow instructions.
I am waiting for the post Euler promised, or will also resort to trying myself, and no doubt stuffing it up.
You have my sympathies.
-
Dublin_Flyer
- Posts: 689
- Joined: Sat Feb 11, 2012 10:39 am
Ah man I remember way before the whole News of The World voicemail hacking was public, we'd sit in the pub on a sunday, pick someone we didn't like and call their voicemail directly, enter the 0000 and change their voicemail greeting.ShaunWhite wrote: ↑Thu Jul 30, 2020 2:08 pmThat would work. Although I always set up a 2nd user and then disable Admin. That's incase I have a problem and want to look at what the default settings were.
The defaults have to be set to something and Admin is just what it is. All VPSs are the same. It's like phone passwords being 0000.
"Hi it's Helen, I can't answer right now, I'm busy with 3 guys and a llama behind the bike sheds at the community centre. You can join in too if you bring a bag of chips for me, see ya soon!"
Early 20's = easily entertained!
Ok, I got this : ( I think - I am just guessing, but had to do something)
Here are a mass of photos : I will add text as we go.
At every step, I recommend u take pictures of what u are changing. And write down in a secure place, everything u change.
So, when u get a VPS from Bet Angel, it comes with a default setting as Administrator.
This is apparently pretty unsecure, so we are gonna create a new account name, with Admin privaledges, and rename the existing Administrator to something esle, in this case Freddy the Fox
DONT delete the administrator account, or you will lose all your settings and probably cause a mountain of grief.
In Pic 1, u can see 2 accounts : PokerStars which I created as a test, and the Administrator.
Click User Accounts
To create a new account, u click add a user account. I will name the new account 'Secure Username' and enter your password, which windows requires u to be pretty secure
Here are a mass of photos : I will add text as we go.
At every step, I recommend u take pictures of what u are changing. And write down in a secure place, everything u change.
So, when u get a VPS from Bet Angel, it comes with a default setting as Administrator.
This is apparently pretty unsecure, so we are gonna create a new account name, with Admin privaledges, and rename the existing Administrator to something esle, in this case Freddy the Fox
DONT delete the administrator account, or you will lose all your settings and probably cause a mountain of grief.
In Pic 1, u can see 2 accounts : PokerStars which I created as a test, and the Administrator.
Click User Accounts
To create a new account, u click add a user account. I will name the new account 'Secure Username' and enter your password, which windows requires u to be pretty secure
You do not have the required permissions to view the files attached to this post.
Last edited by megarain on Sat Aug 01, 2020 6:54 am, edited 9 times in total.
So now we have a new user account, called 'Secure Username' but it has local privaledges. We need to change them to Admin privaledges.
So we click on the account, and select change account type.
So we click on the account, and select change account type.
You do not have the required permissions to view the files attached to this post.
Last edited by megarain on Sat Aug 01, 2020 5:15 am, edited 4 times in total.
We now change the account type from standard (local account) to Administrator
At this point, we have 2 ways to access the computer. So, u might want to reboot, before we change the Administrator name, and make sure
its working.
When u are asked for the username, enter 'Secure Username' and password.
If it doesn't work, u have done something wrong, but the old Administrator settings will still be there.
Once u have checked u can access with the new account (Secure Unername), we want to change the original Administrator account name to Freddy the Fox.
The local security policies can be found by entering local security in the seach box.
Cant add picture as limited to 3 pics per post. - the picture is called security policy 10 - will have to add at end.
At this point, we have 2 ways to access the computer. So, u might want to reboot, before we change the Administrator name, and make sure
its working.
When u are asked for the username, enter 'Secure Username' and password.
If it doesn't work, u have done something wrong, but the old Administrator settings will still be there.
Once u have checked u can access with the new account (Secure Unername), we want to change the original Administrator account name to Freddy the Fox.
The local security policies can be found by entering local security in the seach box.
Cant add picture as limited to 3 pics per post. - the picture is called security policy 10 - will have to add at end.
You do not have the required permissions to view the files attached to this post.
Last edited by megarain on Sat Aug 01, 2020 5:27 am, edited 8 times in total.
Once u are on the local security policies, look for security options and rename the Administrator name to Freddy The Fox.
After this reboot, and try log in with the Secure Username u have created. If not, Freddy the Fox should still work.
Its possible stuff should be done to the account privileges, but we have something to work with
After this reboot, and try log in with the Secure Username u have created. If not, Freddy the Fox should still work.
Its possible stuff should be done to the account privileges, but we have something to work with
You do not have the required permissions to view the files attached to this post.
Last edited by megarain on Sat Aug 01, 2020 5:31 am, edited 4 times in total.
You do not have the required permissions to view the files attached to this post.
Search box at bottom left of computer screen.
You do not have the required permissions to view the files attached to this post.
If u create a new log-in account, it will be a clean slate, with just Bet Angel.
Your existing settings are saved in the account you have renamed from Administrator.
Your existing settings are saved in the account you have renamed from Administrator.