independent security audit

Coastie · November 15, 2006

As mentioned elsewhere, IPB 2.2.0 'final' is currently undergoing the final part of the independent security audit. This is a stage that we must have patience with. It would be folly to rush this final stage just to have an earlier release.

Is this a first for forum software?
Seems like a great idea.

Canadian Hotdogman · November 15, 2006

I also agree this is a good idea.

WoLeRiNe` · November 15, 2006

Excuse-me but
what does it mean

independent security audit :( ?

Mr. PornSharK · November 15, 2006

its like making an evaluation to make sure that IPB 2.2 is stable and secure, enough to keep customers happy for a while.

Boozer · November 15, 2006

Excuse-me but

what does it mean

independent security audit :( ?

means they are trying to hack the board to see if there are security holes and flaws.

I thought they did this with RC1 and 2 also?

Will L. · November 15, 2006

As mentioned elsewhere,
IPB 2.2.0 'final'
is currently undergoing the
final part of the independent security audit
. This is a stage that we must have patience with. It would be folly to rush this final stage just to have an earlier release.

Terry - AKA Dumbledore · November 15, 2006

means they are trying to hack the board to see if there are security holes and flaws.

I thought they did this with RC1 and 2 also?

I think they did the beta, but not the RC's. Those would have to be reevaluated to see if any new exploits were make with the bug fixes.

hmmm · November 15, 2006

It's great to hear that something like this is being done. I'd rather trade a week or two now to reduce the risk of having to recover a hacked board.

TestingSomething · November 16, 2006

Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).

RawkBob · November 16, 2006

I've only had one spammer sign up so far, hopefully it won't be as regular as 2.1 spam sign ups were... I guess adding new (custom) bg images to the captcha folder and fonts will further aid in the war against spam bots. If only there was an equivalent to akismet (IMO the best spam comment stopping system ever) for forum sign ups.

Boozer · November 16, 2006

Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).

that sucks

They should make it so that guest have to enter a code upon each post or something.

TestingSomething · November 16, 2006

that sucks

They should make it so that guest have to enter a code upon each post or something.

They do have that, if I am not mistaken. I know they do for blog, but isnt it for the board too? I am almost positive they ahve that. But this personw asnt a guest. He validated his account. I hate having it ona dmin validate because then people get annoyed and never come back when their account wasnt activated immediately.

Cool Surfer · November 16, 2006

Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).

I have made one special forum for ads and spam, and I am surprised 2 spammers are
using that forum to spam. lol

Matt · November 16, 2006

I think they did the beta, but not the RC's. Those would have to be reevaluated to see if any new exploits were make with the bug fixes.

Exactly that. :)

They do have that, if I am not mistaken. I know they do for blog, but isnt it for the board too? I am almost positive they ahve that. But this personw asnt a guest. He validated his account. I hate having it ona dmin validate because then people get annoyed and never come back when their account wasnt activated immediately.

There is an option to force guests to complete a "captcha" test before allowing the post to go through.

However, in your case, it sounds like it's a 'human' spammer who is being paid to register and post on different boards.

Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.

WoLeRiNe` · November 16, 2006

Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.

I will try this. Thanks for this tip :rolleyes:

dflorin · November 16, 2006

i read a lot about spam bots on ipb 2.1, but i did not have such a problem since converting to ipb. i had tons of them on the phpbb board so i know how they "look". every once in a while one does manage to register an account, but never validates it and in 3 days time it is automatically deleted - only members allowed to post.

TestingSomething · November 17, 2006

Exactly that. :)

There is an option to force guests to complete a "captcha" test before allowing the post to go through.

However, in your case, it sounds like it's a 'human' spammer who is being paid to register and post on different boards.

Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.

Yes that is what I keep not understanding is how security fixes were going to stop anything because I felt like all of the spamming was from people signing up. They even had to validate their accounts and did, so I am not sure why they stopped now. I think maybe they search for version numbers and I dont have a version number showing now.

Dark Phantom · November 17, 2006

Yes that is what I keep not understanding is how security fixes were going to stop anything because I felt like all of the spamming was from people signing up. They even had to validate their accounts and did, so I am not sure why they stopped now. I think maybe they search for version numbers and I dont have a version number showing now.

The security audit is not for spammers, its for people who find and try to abuse short commings in IPS's software to gain control of your forum.

Amy T · November 17, 2006

With how many times I have been hacked and lost data, members and time I am glad they are doing this.
I do not want to be hacked again.
Although I was hacked though a mod not the IPS software but sitll I am greatful.
One time I was hacked though the army system and I lost every thing was only able to get the members back from a back up.
Another time I was hacked though Dean's shout box and it took him 3 months to fix the exploit that allowed my site to get hacked.
I hope it does not take 3 months to run this audit but O well if it does.

Better to be safe then sorry.

Dark Phantom · November 17, 2006

With how many times I have been hacked and lost data, members and time I am glad they are doing this.

I do not want to be hacked again.

Although I was hacked though a mod not the IPS software but sitll I am greatful.

One time I was hacked though the army system and I lost every thing was only able to get the members back from a back up.

Another time I was hacked though Dean's shout box and it took him 3 months to fix the exploit that allowed my site to get hacked.

I hope it does not take 3 months to run this audit but O well if it does.

Better to be safe then sorry.

I hope at this point, your not using those modifications still, and in your case no amount of security audits would have helped ( if they put in additional ways for them to get in ).

Amy T · November 17, 2006

That is true how ever I am still using those mods just the updated version with patches.

=Charles · November 17, 2006

RawkBob · November 17, 2006

One of my friend's,
Someotherguy
, has modified our IPB 2.1 installation to check all new posts against Akismet. I'm sure he wouldn't mind if you wanted to contact him about it.

Interesting, I've integrated it with my custom cms for my site, might have a look at enabling it for my forum.

Problem is, it wouldn't prevent spam bots registering, that's more of an issue for me since i don't enable guest posting... Something like akismet but for forum registrations would be a great tool. IPS take note, there is a potential market to offer such a service as another innovative feature!

Robert Wylde · November 17, 2006

Well security audit is excellent

This means that there will be less upgrades

If there are less upgrades.. then you spend less time re-installing all the mods..

All in all very good. I personnally prefer to wait and have less work later.

Cheers

Amy T · November 17, 2006

O yes I would agree there. Normally what I would do because of time issues is I upgraded every other upgrade.

Five Invision Community 5 features your team will love

Five Invision Community 5 features your members will love

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

independent security audit

Recommended Posts

Coastie

Canadian Hotdogman

WoLeRiNe`

Mr. PornSharK

Boozer

Will L.

Terry - AKA Dumbledore

hmmm

TestingSomething

RawkBob

Boozer

TestingSomething

Cool Surfer

Matt

WoLeRiNe`

dflorin

TestingSomething

Dark Phantom

Amy T

Dark Phantom

Amy T

=Charles

RawkBob

Robert Wylde

Amy T

Archived

Recently Browsing 0 members

More