New build for Activation center (ACEN) has been released.
[+] Security options extended
New brute force protection options:
'Log event' - if enabled, brute force protection events will be logged.
'Notify admin' - if enabled, notification email about temporarily banned host will be delivered to selected admin user.
Brute force protection is currently implemented for the following segments of ACEN web site:
- standard login page authentication (login errors are tracked)
- new client account page (invalid serial number errors are tracked)
- web service authentication (credentials failures are tracked)
- all web licensing methods which do not require any authentication (method errors are tracked).
DDos protection options added.
'Period' - Ddos tracking period in seconds. Host tracking data is reset after this period of time.
'Min wait time' - Minimum period of time between requests in seconds.
'Max requests' - Maximum allowed number of requests per defined tracking period.
Use Recipient option to select administrator user which will receive security notifications in case 'Notify admin' option is enabled for brute force or ddos protection.
[+] Permanent bans page added
This page is used for managing permanently banned hosts. Hosts can be automatically temporarily banned by brute force protection or automatically permanently banned by ddos protection or manually banned by administrator user.
Banned host will not be able to use login page, new client account page and all web service methods.
Bans page can be accessed from main admin dashboard (Audit: Bans).
Ban single host
Enter valid host ip address and click on + button to add host address to the list of permanently banned hosts.
Unban single host
Enter valid host ip address and click on - button or click on blue trash can (table row) icon to delete host directly from the list.
Check if host is permanently banned
Enter valid host ip address and click on search button.
Delete all banned hosts
Click on red trash can button to delete all hosts.
Show all banned hosts
Click on 'Show all' button to display all currently permanently banned hosts.
[+] New web service method: ValidateSerialNumber
This method will validate serial number.
In case serial number is valid Result.Status will return STATUS_SUCCESS.
In case of error this method will always return STATUS_SERIAL_NUMBER_INVALID error code.
Detailed information about serial number validation error will not be provided for security reasons since no authorization is required for this method. Validation error may be result of invalid ProgramID value, invalid SerialNumber value or in case serial number is valid but is blacklisted.
If serial number is valid Result.Description will not include information about serial number id and features.
By default, brute force protection is enabled for all web service methods. This method includes additional wait time protection and wait time is increased each time invalid serial number is provided to this method.
[+] View program button added to Order panel.
It is now possible to easily access Program data from Order panel.
[*] MID code added to licenses filter control.
Licenses can now be additionally filtered by site code, mid code and license note.
[+] Licenses filter control added to web licenses grid.
[*] Multiple other optimizations and fixes.
[>] UPGRADING NOTES:
If you are upgrading from previous (05.00.20) version be sure to run included database upgrade script (5.00.20-5.00.30.sql).
Existing bans (if any) will be automatically moved to new table.
General upgrading procedure is available here.