Welcome, Guest. Please login or register.

Author Topic: Security Upgraded / Forum Upgraded  (Read 269 times)

0 Members and 1 Guest are viewing this topic.

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8414
  • Gender: Male
    • Tech Forum
Security Upgraded / Forum Upgraded
« on: 16 May 2017, 18:30:35 »
Advertisement
Due to a few spammers slipping through the net this last few months (as I eased up a little on registration methods in hope it would encourage more to sign up) I have now heightened & tightened security

1. There are now 20 questions and the site will now choose 4 (instead of 2) and they are mostly questions such as these which confuse bots even more "Enter the last three numbers seen in dg7564gh" - these will be changed every month or so as bots record them and humans answer all the questions allowing a database for bots to answer the questions if it comes across them again.

2. Passwords now are on high which means they need to have more characters and uppercase/numbers etc by default

3. We are now on Cloudflare which does the following:

Quote
Challenging known threats: Cloudflare uses a wide variety of data sources, including community reporting, to challenge potentially malicious behavior

Comment Spam Reduction: Cloudflare's data sources will challenge known spammers and reduce attacks from spambots

Basic DDoS protection and Mitigation: Cloudflare's I'm Under Attack mode will help mitigate common DDoS attacks

Block or Challenge by IP address and ASN, challenge by Country Code: instead of writing complicated server rules to place blocks, Threat Control can be used to place a block or challenge traffic in a matter of seconds

ScrapeShield: protect your site from hotlinking, email address theft and track who is stealing your content

4. I've made the captcha a little harder

5. Ive returned registration from activation email...to Administrator decision

6. (EDIT) We have upgraded the forum to 2.0.14 which has bug fixes and improvements including HTTPS

any SPAMMERS now are truly human spammers...the lycatel mobile one i deleted today registered 2 weeks ago

see how we go

(this is with Stop Forum Spam and Project HoneyPot running - PHpot has stopped almost 90,000 spammers to date)
PlusNet VDSL Fibre 40/2
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

Offline KRW

  • Hero Member
  • *****
  • Posts: 941
  • Gender: Male
Re: Security Upgraded
« Reply #1 on: 16 May 2017, 19:05:02 »
great work 1bit, I like the measures you've in place to be spammer free
Windows 10 Home 64bit    Netgear D7000
Down/Up Connect Speed  80/20 Mbp (max speed 70Mb/19Mb) updated
http://www.thinkbroadband.com/speedtest/results.html?id=1483655240613837255

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8414
  • Gender: Male
    • Tech Forum
Re: Security Upgraded
« Reply #2 on: 16 May 2017, 20:48:29 »
great work 1bit, I like the measures you've in place to be spammer free

thanks... we have solid protection here with regards to spam... only humans can do it..

as i say Project HoneyPot has stopped 90,000 since i installed it, I dunno how many Stop Forum Spam has stopped as it doesnt record a number...

Im even looking into making the site HTTPS (secure encrypted connection) just for kicks... keep those using Tapatalk or www on a mobile device safe over a free wifi hot-spot (open and unencrypted)

I like to make sure my members (and the site) are safe
PlusNet VDSL Fibre 40/2
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8414
  • Gender: Male
    • Tech Forum
Re: Security Upgraded
« Reply #3 on: 18 May 2017, 21:51:38 »
we have upgraded the forum to 2.0.14 which has support for SSL (HTTPS) so we may be going secure :)

! Updating session handlers
 ! Adding HTTPS
 ! fetch_web_data now uses cURL, falling back to sockets
 ! Ported image proxy support from SMF 2.1
 ! Also added HTTPS for avatars
 ! Added a simple exception handler
 ! Check session while logging in
 ! Sanitize some fields to help guard against XSS
 ! Validate email addresses with PHPís filter method
 ! Fix search highlighting to not mangle/expose some HTML
 ! Fix password acceptance when special characters were used in UTF-8;
 ! Correct some random logic errors in the profile area
 ! Use ampersands instead of semi-colons for PayPalís return link
 ! Fix sending multiple MIME-Version headers in notification mail
 ! Fix sending multiple Content-Type headers in all requests
PlusNet VDSL Fibre 40/2
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8414
  • Gender: Male
    • Tech Forum
Re: Security Upgraded / Forum Upgraded
« Reply #4 on: 19 May 2017, 21:18:15 »
unfortunately we wont be going HTTPS secure... as this requires a lot of difficult work on my end and i dont feel comfortable with doing it..it means changing every URL on the forum to HTTPS

Quote
Change your forum URLs to https...   base forum URL, avatars, attachments, smilies, mods, etc

Then look up in google how to force https using htaccess..

and the guides pages I made the mistake of including full URL link redirects in the pages instead of using just /pagenamehere.html which would do the same job but regardless of what the address is before it (e.g. ive used http://www.thetechforum.co.uk/name_of_page_goes_here)

oh well.. ive got more security on this site than necessary.. just thought it would be a nice touch
PlusNet VDSL Fibre 40/2
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

 

Powered by EzPortal
anything