December 16, 2019

Killing Me Softly with SPAM Protection

Christmas is coming, and we hope you are ready for that Christmas ham. But we all know that nothing screams “lump of coal” like website SPAM. Since the beginning, we’ve offered various levels of protection for your website. Let’s cover that briefly, and then we’ll unwrap this shiny new gift…

Brute Force protection from, well… brutes.

Pretty much all the horrible things that can happen to websites happen when a robot start poking around your login page. They take a peek at your code and start pasting in the most common username and password they can think of, like password, 1234, and… password1234 …stuff like that. They also need to know the username, which by default on most websites is… wait for it… admin.

So we don’t let our users use the username admin or passwords that are stupid simple. And because of that, the bots have to try a lot harder to get into your site. But our system automatically detects when a user is failing at the password attempt more than a handful of times and then it locks them out entirely. As a result, if you forget your password and try a few times, you might also be locked out. Don’t fear, though… Just come back in ten minutes and you should be able to try again. The bots will just move on to the next sorry chump.

(By the way, if you do get locked out and can’t get in, just hop over to our website and one of our amazing support reps will help you get back in.)

SSL/TLS Certification (A.K.A. “the little green padlock”)

Let’s say these bots get a little smarter, and they hire a real human to go over to your local coffee shop and attempt to intercept some of the internet traffic there. (It’s really gross… kind of like taking a sip of everyone’s drink.) If you’re in the wrong place at the wrong time, someone like this could grab your password as you send it from your laptop to our server. But we’ve taken the pleasure of installing a security certificate on every website we care for. That certificate encrypts your password as soon as it leaves your browser and keeps it encrypted all the way to us. So you don’t have to worry about someone sipping your coffee. Or stealing your password. The same goes for credit card information, because, well, you don’t want to be paying for their coffee, either.

But what is this new thing?

Okay, okay… I get it. I’ve made you wait long enough. So here’s the deal. There was one annoyance that we’ve had trouble finding a good way to prevent. See, we’ve always wanted your websites to be something that your people use to interact with your church. We want them to have a good reason to create a user account on your website. We want them to comment on your sermons, sign up for events and groups, and maybe even subscribe to email or text messages (hint: text notifications are on our roadmap) from you to stay in the loop and get better connected to your church. So we’ve made it possible for them to sign up for user accounts that have no access to the dashboard. They can’t edit any site content, but they could submit a comment on some of yours. The default role is “subscriber”, so there’s never been a concern for them to start hacking away at your website. But it’s really annoying when you look at your user list and there’s a dozen new users from Russia… So we found a way to fix that.

Beginning today, you shouldn’t see much more of that funny business. We’ve installed some new code into the system that watches for things that might identity user registrations as fake news. For instance, it probably takes most human beings longer than three seconds to type in their name, email, and password when they’re setting up a new account online. Bots do it almost instantly, so our new software watches how long it takes, and if they type at a billion words per minute, you shall not pass.


Merry Christmas!

That’s all for now, but I really hope you have an excellent Christmas season in your churches. If you’d like some help setting up a Christmas landing page or something, let us know in the support chat and we’ll help you get started. Over the next few months, we’ll be migrating our existing clients over to our latest build of the platform. It has some new features built into it and should hum a little faster as well. Hope you have a wonderful Christmas!

P.S. If you want to take a look at your user accounts on your website and remove any shady characters, now is the time. Feel free to knock them out if you don’t recognize them as part of your church.