Jump to content


Community Members
  • Posts

  • Joined

  • Last visited

pesapower's Achievements


Discens (2/14)



  1. Thank you for clarification. Anyway I think that this forum or the site play0ad.com can try Colobe for a time period, then if the administrators will think that the service is bad (or other) they will be able to remove it. Because before of this post the play0ad.com site hasn't any system of protection for the login page... and I have uploaded into this thread the PHP file that is required from the service (and the WordPress plugin code is open source). Then, if some people in this forum think that my service (that I have made in free time, I'm a student) is not secure for this community (for any reasons) I will close this thread for ever. Simply
  2. Sorry! I have just uploaded the file into MediaFire Download link: colobe-lib.php
  3. It's right, but I think that it's wrong say that the closed source security technology is not secure before trying it, or not?
  4. Hi, I have a question for you: have you never used some antivirus softwares on your personal computer? I use Avast antivirus, it is closed source but I never thought that it is NOT secure because its algorithms are hidden!
  5. You're welcome. Thank you for your feedback about Colobe's documentation. In oder: - "How does it detect malicious users before they try to brute force?" Colobe does NOT detect a malicious clients before before they try to brute force, it is not magical. BUT if a client try to brute force a site (for example pippo.com) he being detect, then if the same client try to attacks any other site that using Colobe, he will be detected before to attacking. Every client added to the list of Colobe has a "warning level" that indicates if he is more or less reliable. - "I see documentation about a library, which I cannot download until I register for your service. But nothing about the working of the API." The algorithms used by Colobe are not public for a safety reason. Sorry if you can't download a sample copy of the library! Here you can download a copy of the library: colobe-lib.php. - "Warning! In the library there is also the Secret Key associated with the site! This Key must remain secret!" Yes, there is a secret key and an ID in the library that an user can download after adding a site into Colobe. - "One thing that I also wonder about: how do you warrant privacy for 3rd parties (the customers of your customers)? Your privacy statement talks about a person's personal privacy; what about their users? Since I cannot access your library and do not have any API documentation, I can't know exactly -what- is sent to your service, but there is user data sent along with every API request I'm sure. What happens with this data? What is stored, where is it stored, how securely is it stored and what is it used for?" The only informations that the library (or the WordPress plugin) sends to Colobe are: an IP address and a boolean value (0 or 1). Any username, password or email is NOT send to Colobe, for 2 reasons: privacy and security for the sites that use this service. The informations are stored into Colobe's databases and they are used only to identified the malicious clients and to improve the service. "how securely is it stored?" I don't say it to others. - "While I think everyone here appreciates you offering your services, I honestly don't see it happening with the current tidbits of information you have provided. Especially not in exchange for advertising space." Your question is right. Colobe is a economic cost for me but I have decided to not sell advertising space because I think that a secure service without advertising is more professional and also because I want guarantee the privacy and the security of my users. To return from the costs Colobe use a service of plans where the users that have a commercial (or non-personal) site pay to use the service in proportion to size of site. For personal sites that don't gain money (beyond their cost) and for open source project sites with small-medium size that don't gain money the service is free. I hope to have answered your questions in a comprehensive manner
  6. So, is there someone from on the team that intends to try Colobe into this forum?
  7. The privacy is very very very very very very important! But really does people should use Tor to logged into THIS forum??
  8. It's correct, anyway who use Tor to logged into an account of play0ad.com or wildfiregames.com/forum?! And use the IPs has the advantage that if a Bot server that attacks a site, it won't can attack any other sites that use Colobe for protect the login page.
  9. Yes, a "malicious" IP is blocked for a determined period of time, also the recidivism of a malicious client is important to determine the block time. Anyway an attack with multiple IPs is more sophisticated but with the time the list of malicious clients will automatically be updated.
  10. Sorry, play0ad.com doesn't locking anything, and I think (imho) that stopping a malicious user (client) is more intelligent that blocking an account because if you block an account the malicious client can attacks other accounts during those famous 15 minutes, block an account is a way but stop a client is another better way, imho.
  11. Thanks for the correction. I don't think that my plugin contains backdoors because the code of the plugin is very simple, anyway if you want see it check out here http://wordpress.org...olobe-security/
  • Create New...