As mentioned elsewhere, IPB 2.2.0 'final' is currently undergoing the final part of the independent security audit. This is a stage that we must have patience with. It would be folly to rush this final stage just to have an earlier release.

Is this a first for forum software?
Seems like a great idea.

I also agree this is a good idea.

Excuse-me but
what does it mean

independent security audit :( ?

its like making an evaluation to make sure that IPB 2.2 is stable and secure, enough to keep customers happy for a while.

Excuse-me but

what does it mean

independent security audit :( ?

means they are trying to hack the board to see if there are security holes and flaws.

I thought they did this with RC1 and 2 also?

As mentioned elsewhere,

IPB 2.2.0 'final'

is currently undergoing the

final part of the independent security audit

. This is a stage that we must have patience with. It would be folly to rush this final stage just to have an earlier release.

means they are trying to hack the board to see if there are security holes and flaws.

I thought they did this with RC1 and 2 also?

I think they did the beta, but not the RC's. Those would have to be reevaluated to see if any new exploits were make with the bug fixes.

It's great to hear that something like this is being done. I'd rather trade a week or two now to reduce the risk of having to recover a hacked board.

Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).

I've only had one spammer sign up so far, hopefully it won't be as regular as 2.1 spam sign ups were... I guess adding new (custom) bg images to the captcha folder and fonts will further aid in the war against spam bots. If only there was an equivalent to akismet (IMO the best spam comment stopping system ever) for forum sign ups.

Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).

that sucks

They should make it so that guest have to enter a code upon each post or something.

that sucks

They should make it so that guest have to enter a code upon each post or something.

They do have that, if I am not mistaken. I know they do for blog, but isnt it for the board too? I am almost positive they ahve that. But this personw asnt a guest. He validated his account. I hate having it ona dmin validate because then people get annoyed and never come back when their account wasnt activated immediately.

Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).

I have made one special forum for ads and spam, and I am surprised 2 spammers are
using that forum to spam. lol

I think they did the beta, but not the RC's. Those would have to be reevaluated to see if any new exploits were make with the bug fixes.

Exactly that. :)

They do have that, if I am not mistaken. I know they do for blog, but isnt it for the board too? I am almost positive they ahve that. But this personw asnt a guest. He validated his account. I hate having it ona dmin validate because then people get annoyed and never come back when their account wasnt activated immediately.

There is an option to force guests to complete a "captcha" test before allowing the post to go through.

However, in your case, it sounds like it's a 'human' spammer who is being paid to register and post on different boards.

Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.

Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.

I will try this. Thanks for this tip :rolleyes:

i read a lot about spam bots on ipb 2.1, but i did not have such a problem since converting to ipb. i had tons of them on the phpbb board so i know how they "look". every once in a while one does manage to register an account, but never validates it and in 3 days time it is automatically deleted - only members allowed to post.

Exactly that. :)

There is an option to force guests to complete a "captcha" test before allowing the post to go through.

However, in your case, it sounds like it's a 'human' spammer who is being paid to register and post on different boards.

Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.

Yes that is what I keep not understanding is how security fixes were going to stop anything because I felt like all of the spamming was from people signing up. They even had to validate their accounts and did, so I am not sure why they stopped now. I think maybe they search for version numbers and I dont have a version number showing now.

Yes that is what I keep not understanding is how security fixes were going to stop anything because I felt like all of the spamming was from people signing up. They even had to validate their accounts and did, so I am not sure why they stopped now. I think maybe they search for version numbers and I dont have a version number showing now.

The security audit is not for spammers, its for people who find and try to abuse short commings in IPS's software to gain control of your forum.

With how many times I have been hacked and lost data, members and time I am glad they are doing this.
I do not want to be hacked again.
Although I was hacked though a mod not the IPS software but sitll I am greatful.
One time I was hacked though the army system and I lost every thing was only able to get the members back from a back up.
Another time I was hacked though Dean's shout box and it took him 3 months to fix the exploit that allowed my site to get hacked.
I hope it does not take 3 months to run this audit but O well if it does.

Better to be safe then sorry.

With how many times I have been hacked and lost data, members and time I am glad they are doing this.

I do not want to be hacked again.

Although I was hacked though a mod not the IPS software but sitll I am greatful.

One time I was hacked though the army system and I lost every thing was only able to get the members back from a back up.

Another time I was hacked though Dean's shout box and it took him 3 months to fix the exploit that allowed my site to get hacked.

I hope it does not take 3 months to run this audit but O well if it does.

Better to be safe then sorry.

I hope at this point, your not using those modifications still, and in your case no amount of security audits would have helped ( if they put in additional ways for them to get in ).

That is true how ever I am still using those mods just the updated version with patches.

One of my friend's,

Someotherguy

, has modified our IPB 2.1 installation to check all new posts against Akismet. I'm sure he wouldn't mind if you wanted to contact him about it.

Interesting, I've integrated it with my custom cms for my site, might have a look at enabling it for my forum.

Problem is, it wouldn't prevent spam bots registering, that's more of an issue for me since i don't enable guest posting... Something like akismet but for forum registrations would be a great tool. IPS take note, there is a potential market to offer such a service as another innovative feature!

Well security audit is excellent

This means that there will be less upgrades

If there are less upgrades.. then you spend less time re-installing all the mods..

All in all very good. I personnally prefer to wait and have less work later.

Cheers

O yes I would agree there. Normally what I would do because of time issues is I upgraded every other upgrade.