Jump to content

independent security audit

Guest Coastie

By Guest Coastie
in Feedback

Recommended Posts

Coastie Enthusiast

Coastie

Posted
Posted

As mentioned elsewhere, IPB 2.2.0 'final' is currently undergoing the final part of the independent security audit. This is a stage that we must have patience with. It would be folly to rush this final stage just to have an earlier release.



Is this a first for forum software?
Seems like a great idea.
Link to comment
Share on other sites
  • Replies 59
  • Created
  • Last Reply
RawkBob Rookie

RawkBob

Posted
Posted

I've only had one spammer sign up so far, hopefully it won't be as regular as 2.1 spam sign ups were... I guess adding new (custom) bg images to the captcha folder and fonts will further aid in the war against spam bots. If only there was an equivalent to akismet (IMO the best spam comment stopping system ever) for forum sign ups.

Link to comment
Share on other sites
Boozer Rookie

Boozer

Posted
Posted

Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).



that sucks

They should make it so that guest have to enter a code upon each post or something.
Link to comment
Share on other sites
TestingSomething Rising Star

TestingSomething

Posted
Posted

that sucks



They should make it so that guest have to enter a code upon each post or something.


They do have that, if I am not mistaken. I know they do for blog, but isnt it for the board too? I am almost positive they ahve that. But this personw asnt a guest. He validated his account. I hate having it ona dmin validate because then people get annoyed and never come back when their account wasnt activated immediately.
Link to comment
Share on other sites
Cool Surfer Enthusiast

Cool Surfer

Posted
Posted

Well 2.2 seemed to keep the spammers from my sites for like 10 days now, but now today someone else joined 1 of my sites with a .info email address and another guy joined and made several topics advertising a PS3 (although the site is video game related, so it is probably someone who saw a link to it and did it).



I have made one special forum for ads and spam, and I am surprised 2 spammers are
using that forum to spam. lol
Link to comment
Share on other sites
  • Management
Matt Grand Master

Matt

Posted
  • Management
Posted

I think they did the beta, but not the RC's. Those would have to be reevaluated to see if any new exploits were make with the bug fixes.

Exactly that. :)

They do have that, if I am not mistaken. I know they do for blog, but isnt it for the board too? I am almost positive they ahve that. But this personw asnt a guest. He validated his account. I hate having it ona dmin validate because then people get annoyed and never come back when their account wasnt activated immediately.



There is an option to force guests to complete a "captcha" test before allowing the post to go through.

However, in your case, it sounds like it's a 'human' spammer who is being paid to register and post on different boards.

Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.
Link to comment
Share on other sites
dflorin Apprentice

dflorin

Posted
Posted

i read a lot about spam bots on ipb 2.1, but i did not have such a problem since converting to ipb. i had tons of them on the phpbb board so i know how they "look". every once in a while one does manage to register an account, but never validates it and in 3 days time it is automatically deleted - only members allowed to post.

Link to comment
Share on other sites
TestingSomething Rising Star

TestingSomething

Posted
Posted

Exactly that. :)





There is an option to force guests to complete a "captcha" test before allowing the post to go through.



However, in your case, it sounds like it's a 'human' spammer who is being paid to register and post on different boards.



Here's a little tip - if you want to further randomize your captchas, just drop some more background images into the "style_captcha/captcha_backgrounds" folder and they'll be used in random rotation.


Yes that is what I keep not understanding is how security fixes were going to stop anything because I felt like all of the spamming was from people signing up. They even had to validate their accounts and did, so I am not sure why they stopped now. I think maybe they search for version numbers and I dont have a version number showing now.
Link to comment
Share on other sites
Dark Phantom Newbie

Dark Phantom

Posted
Posted

Yes that is what I keep not understanding is how security fixes were going to stop anything because I felt like all of the spamming was from people signing up. They even had to validate their accounts and did, so I am not sure why they stopped now. I think maybe they search for version numbers and I dont have a version number showing now.



The security audit is not for spammers, its for people who find and try to abuse short commings in IPS's software to gain control of your forum.
Link to comment
Share on other sites
Amy T Collaborator

Amy T

Posted
Posted

With how many times I have been hacked and lost data, members and time I am glad they are doing this.
I do not want to be hacked again.
Although I was hacked though a mod not the IPS software but sitll I am greatful.
One time I was hacked though the army system and I lost every thing was only able to get the members back from a back up.
Another time I was hacked though Dean's shout box and it took him 3 months to fix the exploit that allowed my site to get hacked.
I hope it does not take 3 months to run this audit but O well if it does.

Better to be safe then sorry.

Link to comment
Share on other sites
Dark Phantom Newbie

Dark Phantom

Posted
Posted

With how many times I have been hacked and lost data, members and time I am glad they are doing this.


I do not want to be hacked again.


Although I was hacked though a mod not the IPS software but sitll I am greatful.


One time I was hacked though the army system and I lost every thing was only able to get the members back from a back up.


Another time I was hacked though Dean's shout box and it took him 3 months to fix the exploit that allowed my site to get hacked.


I hope it does not take 3 months to run this audit but O well if it does.



Better to be safe then sorry.



I hope at this point, your not using those modifications still, and in your case no amount of security audits would have helped ( if they put in additional ways for them to get in ).
Link to comment
Share on other sites
RawkBob Rookie

RawkBob

Posted
Posted

One of my friend's,

Someotherguy

, has modified our IPB 2.1 installation to check all new posts against Akismet. I'm sure he wouldn't mind if you wanted to contact him about it.



Interesting, I've integrated it with my custom cms for my site, might have a look at enabling it for my forum.

Problem is, it wouldn't prevent spam bots registering, that's more of an issue for me since i don't enable guest posting... Something like akismet but for forum registrations would be a great tool. IPS take note, there is a potential market to offer such a service as another innovative feature!
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...