Coastie Posted November 15, 2006 Posted November 15, 2006 As mentioned elsewhere, IPB 2.2.0 'final' is currently undergoing the final part of the independent security audit. This is a stage that we must have patience with. It would be folly to rush this final stage just to have an earlier release.Is this a first for forum software?Seems like a great idea.
Canadian Hotdogman Posted November 15, 2006 Posted November 15, 2006 I also agree this is a good idea.
WoLeRiNe` Posted November 15, 2006 Posted November 15, 2006 Excuse-me butwhat does it meanindependent security audit :( ?
Mr. PornSharK Posted November 15, 2006 Posted November 15, 2006 its like making an evaluation to make sure that IPB 2.2 is stable and secure, enough to keep customers happy for a while.
Boozer Posted November 15, 2006 Posted November 15, 2006 Excuse-me butwhat does it meanindependent security audit :( ?means they are trying to hack the board to see if there are security holes and flaws.I thought they did this with RC1 and 2 also?
Will L. Posted November 15, 2006 Posted November 15, 2006 As mentioned elsewhere, IPB 2.2.0 'final' is currently undergoing the final part of the independent security audit. This is a stage that we must have patience with. It would be folly to rush this final stage just to have an earlier release.
Terry - AKA Dumbledore Posted November 15, 2006 Posted November 15, 2006 means they are trying to hack the board to see if there are security holes and flaws.I thought they did this with RC1 and 2 also?I think they did the beta, but not the RC's. Those would have to be reevaluated to see if any new exploits were make with the bug fixes.
hmmm Posted November 15, 2006 Posted November 15, 2006 It's great to hear that something like this is being done. I'd rather trade a week or two now to reduce the risk of having to recover a hacked board.
TestingSomething Posted November 16, 2006 Posted November 16, 2006 Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).
RawkBob Posted November 16, 2006 Posted November 16, 2006 I've only had one spammer sign up so far, hopefully it won't be as regular as 2.1 spam sign ups were... I guess adding new (custom) bg images to the captcha folder and fonts will further aid in the war against spam bots. If only there was an equivalent to akismet (IMO the best spam comment stopping system ever) for forum sign ups.
Boozer Posted November 16, 2006 Posted November 16, 2006 Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).that sucksThey should make it so that guest have to enter a code upon each post or something.
TestingSomething Posted November 16, 2006 Posted November 16, 2006 that sucksThey should make it so that guest have to enter a code upon each post or something.They do have that, if I am not mistaken. I know they do for blog, but isnt it for the board too? I am almost positive they ahve that. But this personw asnt a guest. He validated his account. I hate having it ona dmin validate because then people get annoyed and never come back when their account wasnt activated immediately.
Cool Surfer Posted November 16, 2006 Posted November 16, 2006 Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).I have made one special forum for ads and spam, and I am surprised 2 spammers are using that forum to spam. lol
Management Matt Posted November 16, 2006 Management Posted November 16, 2006 I think they did the beta, but not the RC's. Those would have to be reevaluated to see if any new exploits were make with the bug fixes.Exactly that. :)They do have that, if I am not mistaken. I know they do for blog, but isnt it for the board too? I am almost positive they ahve that. But this personw asnt a guest. He validated his account. I hate having it ona dmin validate because then people get annoyed and never come back when their account wasnt activated immediately.There is an option to force guests to complete a "captcha" test before allowing the post to go through.However, in your case, it sounds like it's a 'human' spammer who is being paid to register and post on different boards.Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.
WoLeRiNe` Posted November 16, 2006 Posted November 16, 2006 Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.I will try this. Thanks for this tip :rolleyes:
dflorin Posted November 16, 2006 Posted November 16, 2006 i read a lot about spam bots on ipb 2.1, but i did not have such a problem since converting to ipb. i had tons of them on the phpbb board so i know how they "look". every once in a while one does manage to register an account, but never validates it and in 3 days time it is automatically deleted - only members allowed to post.
TestingSomething Posted November 17, 2006 Posted November 17, 2006 Exactly that. :) There is an option to force guests to complete a "captcha" test before allowing the post to go through.However, in your case, it sounds like it's a 'human' spammer who is being paid to register and post on different boards.Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.Yes that is what I keep not understanding is how security fixes were going to stop anything because I felt like all of the spamming was from people signing up. They even had to validate their accounts and did, so I am not sure why they stopped now. I think maybe they search for version numbers and I dont have a version number showing now.
Dark Phantom Posted November 17, 2006 Posted November 17, 2006 Yes that is what I keep not understanding is how security fixes were going to stop anything because I felt like all of the spamming was from people signing up. They even had to validate their accounts and did, so I am not sure why they stopped now. I think maybe they search for version numbers and I dont have a version number showing now.The security audit is not for spammers, its for people who find and try to abuse short commings in IPS's software to gain control of your forum.
Amy T Posted November 17, 2006 Posted November 17, 2006 With how many times I have been hacked and lost data, members and time I am glad they are doing this. I do not want to be hacked again.Although I was hacked though a mod not the IPS software but sitll I am greatful.One time I was hacked though the army system and I lost every thing was only able to get the members back from a back up. Another time I was hacked though Dean's shout box and it took him 3 months to fix the exploit that allowed my site to get hacked. I hope it does not take 3 months to run this audit but O well if it does. Better to be safe then sorry.
Dark Phantom Posted November 17, 2006 Posted November 17, 2006 With how many times I have been hacked and lost data, members and time I am glad they are doing this. I do not want to be hacked again.Although I was hacked though a mod not the IPS software but sitll I am greatful.One time I was hacked though the army system and I lost every thing was only able to get the members back from a back up. Another time I was hacked though Dean's shout box and it took him 3 months to fix the exploit that allowed my site to get hacked. I hope it does not take 3 months to run this audit but O well if it does. Better to be safe then sorry.I hope at this point, your not using those modifications still, and in your case no amount of security audits would have helped ( if they put in additional ways for them to get in ).
Amy T Posted November 17, 2006 Posted November 17, 2006 That is true how ever I am still using those mods just the updated version with patches.
RawkBob Posted November 17, 2006 Posted November 17, 2006 One of my friend's, Someotherguy, has modified our IPB 2.1 installation to check all new posts against Akismet. I'm sure he wouldn't mind if you wanted to contact him about it.Interesting, I've integrated it with my custom cms for my site, might have a look at enabling it for my forum.Problem is, it wouldn't prevent spam bots registering, that's more of an issue for me since i don't enable guest posting... Something like akismet but for forum registrations would be a great tool. IPS take note, there is a potential market to offer such a service as another innovative feature!
Robert Wylde Posted November 17, 2006 Posted November 17, 2006 Well security audit is excellentThis means that there will be less upgradesIf there are less upgrades.. then you spend less time re-installing all the mods..All in all very good. I personnally prefer to wait and have less work later.Cheers
Amy T Posted November 17, 2006 Posted November 17, 2006 O yes I would agree there. Normally what I would do because of time issues is I upgraded every other upgrade.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.