question about 401...
 

just wondering if you set anything for your 401 page...
or is it just a waste of time?

Anything that can make a site look more professional isn't a waste of time. The way I figure, when people get an error, they need extra reassurance, so error pages should be slick and customized.

Also, if anyone should get a page with some links on it, it is someone who didn't have a password but wanted in. Right? :)

I like the way you have yours laid out.

Right now, I just have a bunch of links to free stuff, thinking that mostly hackers and password theives would get that page anyway. But perhaps I should change it a bit and just offer links back to my site.

I guess that's the thing to determine... who is it that usually gets that page?

Custom 401 pages are quite userful. We have a short help file detailing common logon problems and links for expired/new members to signup. About 3% of our joins come from this page.

would you mind showing an example?
I promise not to copy it,
I'd just like to get an idea as to what you say.

i have 2 domains for 1 paysite....the members section is on its own domain, but if you go to that domain it loads a page that looks exactly like a regular 401 :Graucho

but i dont use a custom 401 on the public site...i see what people are looking for in my stats, and it isnt a signup link thats for sure.

Yes, part of why I have it is that I have non-recurring memberships. When peoples' memberships expire, and they try to get in, the best thing in the world is to make sure they have a link back to the join page.

i thought nina was getting ready to travel down ol highway 401.

Isn't that a euphemism for what probably happened to all of her members last week? (Sorry, couldn't resist.)

The thing is, the 401 page is where all the failed brute-force attempts go. Keep it simple, no heavy graphics. A link back to the main page or join page is all that should be necessary.

We had ours set as a 0-sec meta refresh back to a blank page outside the members' area. We did this because if you look carefully, once someone attempts a failed login, they are on your 401 page....but your members' area URL is in the address bar. Makes it too easy for the brute forcers to just load up that URL and hack away.

Most brute force attack programs don't load graphics. They're just after the server response code.

As for the 401 page I won't post exactly what we use, but here is a close approximation:

---

Oops, we were not able to verify your username and password. Please try again.

Please remember that your username and password are case-sensitive. That means that "PASSWORD" is not the same as "password" or "PaSsWoRd". You must enter them exactly as you did when you signed up.

If this problem persists and you have a valid membership, please email our support staff.

Need Access? Get an Instant 3 Day Trial!

great. thanks so much.

That's good to know about the brutte force programs not loading graphics. I wanted to put a pic on that page too.