Hey, Just a small suggestion that might be a lot of help and also provide more security for server owners. So you know how people can simply use a password to access someone's server on the toplist, to edit it etc.

Usually done my people using the same passwords everywhere - Well I think this could be a good solution. It's like a Pin System, If you have a bank account you'll understand online banking etc. This is my solution; when a user creates a server on the Top List as well as a password they have 2 extra *optional security procedures; 1 a unique 4 digit number; this will work like a basic pin code as you would for example in Runescape and or real life banking. A 4 digit number which also has to be entered when entering the password to gain access, since no other server status offers this (from what I'm aware off) this will provide a stronger security option.

Secondly a 6 digit creation code, basically this will be a tickbox - (Tick to generate a creation code). This will be also a option 6 digit code automatically generated by the top list. The user will submit the form and a 6 digit number will be provided. If the user ticked to use the creation code they can then login using the password and if used their 4 digit pin. They will be then asked to provide the 6 digit number.

Now if anyone susses out the password and 4 digit the pin, the 6 digit creation code will provide a time-out system. After 3 failed attempts of entering the correct code the system will lock out from entering another code for 30 seconds, this prevents any brute force attack, I don't think anyone will wait months for a brute force.

If the user forgets the creation code. They can request it to be e-mailed to them, providing they enter the correct password and pin. An e-mail will be sent to them, asking them to confirm the new creation code by clicking a url to confirm the new code, another e-mail will be sent providing a new generation url; if clicked they will be redirected to a secure page where another code will be generated.

Sorry it's a long winded process but I think this may provide that extra security some users may wish to have for larger servers.

Thats not such a bad idea, i like the pin idea, but the whole 6 letter code generating i dont really get, but i think ikiliki would like this, he's sleeping though :p

Thats not such a bad idea, i like the pin idea, but the whole 6 letter code generating i dont really get, but i think ikiliki would like this, he's sleeping though :p

Thank you, Basically the 6 digit code is like a system generated code, therefore nobody can predict it and the only people who will have this number will be the server owner, and the database of which in the database it will most likely be encrypted. It's just an extra option to help keep it secure. It's like if you ever had cPanel, they offer a password generator, it's a bit like that. But the 6 digit number will be almost impossible to brute force due to the time-out system.

It's sort of complicated but not very. But thanks. Hopefully Ikiliki will read this and may help future security issues.

Not really needed as the issue is resolved. The only reason this hacker is still able to edit those toplists is because their owners haven't changed their psasword yet...

Not really needed as the issue is resolved. The only reason this hacker is still able to edit those toplists is because their owners haven't changed their psasword yet...

Exactly but, this is for future protection. You would be surprised how many people use the same password on every site / server. This Pin system will prevent people exploiting the Top List etc... It makes more sense if you've ever used On-line Banking etc.. :)

"Runelocus Online Banking"

No, I like the idea.

"Runelocus Online Banking"

No, I like the idea.

You my friend deserver a spot in my signature.

Hey, Just a small suggestion that might be a lot of help and also provide more security for server owners. So you know how people can simply use a password to access someone's server on the toplist, to edit it etc.

Usually done my people using the same passwords everywhere - Well I think this could be a good solution. It's like a Pin System, If you have a bank account you'll understand online banking etc. This is my solution; when a user creates a server on the Top List as well as a password they have 2 extra *optional security procedures; 1 a unique 4 digit number; this will work like a basic pin code as you would for example in Runescape and or real life banking. A 4 digit number which also has to be entered when entering the password to gain access, since no other server status offers this (from what I'm aware off) this will provide a stronger security option.

Secondly a 6 digit creation code, basically this will be a tickbox - (Tick to generate a creation code). This will be also a option 6 digit code automatically generated by the top list. The user will submit the form and a 6 digit number will be provided. If the user ticked to use the creation code they can then login using the password and if used their 4 digit pin. They will be then asked to provide the 6 digit number.

Now if anyone susses out the password and 4 digit the pin, the 6 digit creation code will provide a time-out system. After 3 failed attempts of entering the correct code the system will lock out from entering another code for 30 seconds, this prevents any brute force attack, I don't think anyone will wait months for a brute force.

If the user forgets the creation code. They can request it to be e-mailed to them, providing they enter the correct password and pin. An e-mail will be sent to them, asking them to confirm the new creation code by clicking a url to confirm the new code, another e-mail will be sent providing a new generation url; if clicked they will be redirected to a secure page where another code will be generated.

Sorry it's a long winded process but I think this may provide that extra security some users may wish to have for larger servers.
Or people could not be retarded and just not use the same passwords lolwat

Eh, I don't like the idea.

And if your server is really big and your like top 3, A cellphone txt pin would be nice too. Because, The pin system wouldn't of mattered since the emails were hacked and if it occurs again if this happens to come out.

Or people could not be retarded and just not use the same passwords lolwat
who told u my old pass??????

And if your server is really big and your like top 3, A cellphone txt pin would be nice too. Because, The pin system wouldn't of mattered since the emails were hacked and if it occurs again if this happens to come out.

I don't think a cell-phone pin would be required. Doesn't need that much in-depth security.

And if your server is really big and your like top 3, A cellphone txt pin would be nice too. Because, The pin system wouldn't of mattered since the emails were hacked and if it occurs again if this happens to come out.

thats fucking stupid,like really?