But I can't log in etc etc etc etc
As Ron says, the GUI has no idea how to log you in so that will just take you directly to the Registration page. There is no code in there other than links that would take you directly to any other page - unless you successfully Log On.
But each time up until now just going to the site has taken me straight to my stats page.
Can I please strongly suggest that you ask for help first on what the problem might be next time rather than hurl your toys out of the pram and scream and shout in public. If there is a problem for you that others apparently don't have, we can locate and fix it if possible.
Well, I thought this was the preferred place to look for help.
I'm sorry if I was rather irate about it, but Id been up all night fighting with routers, modems and reconfiguring networks to ensure that there weren't any problems on my own internal network (there weren't as I suspected).
That may sound trivial, but it isn't when you can't walk unaided and the router and modem are not within reach of the PC, and at a height which means dragging myself upright and wedging myself in a rather painful position so I have my hands free to swap cables around.
In answer to your question, your uploads ceased with the last one being at 08:17 this morning - you might want to check the upload terminal details as the web site Log On data has no connection with the upload at all. One person recently changed their username inadvertantly but that causes loggable errors and there haven't been any from you. It was working for you so something apparently has to have changed and there have been no changes with the upload side code for some time now. Unless you have disabled it since posting of course.
I did mention, I think, that I'd had to change back to the locked HG612 and TG582n combination, to be able to eliminate any fault with the modem/router. I wouldn't expect uploads to have continued after that.
As said before, if you have cookies that are not destroyed when you finish the session, close the browser or whatever, then you should NOT have to log on again for a long time if atall. And if you do you'll only need to enter your UserName and Password, again as I've said before - all providing you have permanent cookies. It sounds like you do not I'm afraid. But I could be wrong of course.
I still have cookies stored in my browser for mydslwebstats.co.uk - FID1, FID2, FID3, FID4, FID5, User, Theme, and PHPSESSID.
The captcha IS needed when first logging on in my opinion - it is an easier server entry point than the Registration.
I'm seeing exactly the same as when I was first registering.
Which took about a dozen tries, but I got there in the end.
As stated, I'd never even seen the login screen after that - each time I'd connected it just went straight to my stats page.
I have also worked on programming including security for Government and other entities over the past 22 years and am very conscious of the need for it after servers have been compromised. It isn't primarily to protect the data as such, which as you say is not particularly sensitive. It's there to protect the server itself as you should well know if you have worked in security. When you have the ability to see tens of thousands of continuous root (and other account) automated login attempts caught and the IPs banned by cPHulk, it tends to bring the risk home.
Well, disabling root login from the web interface would seem to be the simplest way of avoiding that - and restricting SSH (or whatever remote control you do use, if it's not a local machine), to specific IP addresses owned by or known to you. Anything else will just see a closed port, or no port at all if it's properly stealthed.
The blanket statement it is useless in its current form is untrue, it's your own opinion of your own experience. Since yesterday morning nine people have logged on at the first attempt and two have failed through invalid passwords but succeeded on 2nd attempt. Other people have mailed to say they have no problems.
As explained before at some length, please check that you are retaining Cookies permanently for the site. IE11 is particularly agressive in this repect. I don't think I've logged in on any of the browsers and terminals I use (4 workstations and 2 laptops, each of which has up to 5 browsers available for testing this and other projects etc).
I'm certainly retaining cookies (I'm using firefox, and didn't try a different browser as I'm aware that they wouldn't have the cookies which would allow them to be "remembered").
Please bear in mind that this is currently a FREE access project for everyone out there (with an option to Donate to keep it going that is being pretty well ignored except by one kind soul) that four people have given up their time and energy, also for free, over the past three months to get it going after the initial idea came up.
I fully intend to donate as the concept is a good one.
But I really think the over aggressive security has some problems - I note from other posts on here that I'm not the only one to have had problems registering, so there seems to be something a bit awry - repeated attempts got it working for me.
The fact that it's dropped me back to the registration style page seems to confirm this.
This isn't intended to be a rant, but constructive feedback to help you fix whatever the problem is.
There were a lot of problems that had to be worked around, at one point we had to give up and start again with the uploads to find a much more secure method that otherwise threatened the entire project.
I fund the dedicated server myself out of my own pocket and like to protect it from the nutters out there as far as possible as you might possibly imagine.
I'm in full agreement with the need to protect it, but I do think that you are going about it the wrong way.
You send an email with the validation key for uploading data anyway - couldn't the same key be used to validate an interactive user?
Once you are getting validated data from an IP address, it shouldn't be necessary for much more than username and password (which my browser have remembered) in the way of validation for login attempts from that same address. Maybe a bit more if they attempt to log in from somewhere else - I can see that has some benefit.
There is also now a monitor on the Cookies and their expiry dates in an effort to see if anything unexpected might be happening and to see why yours might be failing if you want to try again. There should already be specific evidence of this in the logs but I can't find anything at the times you were trying.
So. if you want help PLEASE ASK FIRST. I don't see any major problems with the security requirements looking at the logs that would cause me to change the requirements at this moment, certainly the extra effort needed initially is not a valid reason. Changing your account details etc is underway but needs some more work that I could have continued attended to had I not spent hours working on this reply in between other chores/mails/phone.
OK, tell me please what I need to do to get back in, because at the moment I'm stumped
You have my email address, so if you need to send a validation token or something, you can.
Putting an "I've forgotten my password" link on the login page to automate this would seem to be a sensible precaution as the site grows - this could just mail a temporary password (with a change requirement) to the email address associated with the account.
Ron: re ISP details. As roseway says, a Host lookup on the the IP Address that is returned to the server by everyone (and I have a massive cache of Host lookups) will return enough info to determine it in 90% of cases, the others need a bit more work - such as our Swiss LIVE user. And OK on it as an option which I may well do. Most people on TBB state their ISP in their sigs anyway, not so much though on Kitz. I've removed them for now until I can attend to the user comments later.
I'm not worried who knows I'm with Zen
But it would seem more sensible to use the IP address that the data comes from for the ISP lookup, rather than the one the user is logging in from.
Not a bad idea to make it optional though.