Security Measures for a 2.1 Forum ?

Started by LandyVlad, Oct 06, 2021, 10:29 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

LandyVlad

So far the main security mods I use on 2.0 aren't available for 2.1 (related thread)

The obvious first security measure is proper use of the security questions.

I have that covered - what other options would people suggest?


How in SMF 2.1 could I achieve the following:


  • New member has to post to a welcome forum before anywhere else, and it has to be approved to then allow them ongoing access without moderator approval of posts.
  • ReCaptcha required for say first 5 posts.
  • Adding a Honeypot
  • Server / host side measures which prevent spammers before they even arrive at the forum / registration.

Thanks
I reject your reality, and substitute my own.

Hatshepsut

I use only: user registration with one question, Admin approval for new members, and ReCaptcha for first 5 posts.

LandyVlad

And that's working well for you?

Can you run through how you set up the admin approval for new members please?
I reject your reality, and substitute my own.

Hatshepsut

Quote from: LandyVlad on Oct 07, 2021, 02:36 AMAnd that's working well for you?

Yes, I have two forum  - old and new, with the same name. The last registered spam-bots were in 2011  :vcool
Since 2011, we have several human spammers only.

Quote from: LandyVlad on Oct 07, 2021, 02:36 AMCan you run through how you set up the admin approval for new members please?

Admin panel => Members => Registration => Settings

The first option is:

'Method of registration employed for new members'

Select "Admin Approval" from the drop-down menu

When new member is registered, you will receive a notification.
In admin panel, you will see new member with their e-mail and IP- addresses.
When I see users' IP from China, India or Pakistan, I reject them.

Skhilled

For many years, I've set the new user membergroup so that their permissions can't pm anyone except admins, they can't post links or sigs, etc. They must make 5 posts then they will automatically be put into the "regular user" (my version of it) group. If I see they are a real person asking for help, etc. then I'll manually put them into the "regular user" group.

Neša

I have a few block lists enabled on the server in csf, one of them is the stopforumspam.com 24 hour list. It is updated daily and will get a big chunk of spammers.
I only have test forums setup at the moment but in the past we didn't have any big issues with spammers using that method.

Skhilled

Here's a few other things I've added to my site that's I've forgot to mention:

How to Avoid Spambots, etc:

https://www.projecthoneypot.org/how_to_avoid_spambots.php

Disposable Email Addresses. Added these to your ban email addresses in one ban setting. ;)

https://www.docskillz.com/docs/index.php?topic=710.0

Bigguy

Nice list. I might have to add it here. :rgton

LandyVlad

Yeah I think the most common of all of thoses these days is *@yandex.com
I know banking that particular one on my forum killed 9/10 of ones that got through and almost all teh rest were captured by 'stop spammer mod'


Quote from: Skhilled on Oct 15, 2021, 10:05 AMDisposable Email Addresses. Added these to your ban email addresses in one ban setting. ;)
https://www.docskillz.com/docs/index.php?topic=710.0

So adding bulk separated by commas - for 2.1 are file code changes still required or does 2.1 natively support lists with commas?
If not native in 2.1 I think a mod to do this would be awesome !
I reject your reality, and substitute my own.

LandyVlad

Quote from: Neša on Oct 15, 2021, 07:14 AMI have a few block lists enabled on the server in csf, one of them is the stopforumspam.com 24 hour list.

How do you mean set up on the server? You mean outside/independent of SMF?

I googled csf - ConfigServer Security & Firewall   https://configserver.com/cp/csf.html
seems to be for linux servers. No idea whether the hosting I have is windows or linux, possibly the former.
 
I reject your reality, and substitute my own.

lesmond

Yesterday at 04:14 AM #10 Last Edit: Yesterday at 04:19 AM by lesmond
Quote from: LandyVlad on Oct 15, 2021, 08:27 PMNo idea whether the hosting I have is windows or linux, possibly the former.

To find out what server your on, go to your cpanel and click 'server information' on the right.

You cannot see attachments on this board.

Having said that, you will not be able to access CSF unless you run your own server/VPS, I doubt that your hosting will add any of those email blocks  :dontknow

The only person who got all his work done by Friday was Robinson Crusoe

Skhilled

Yesterday at 07:21 AM #11 Last Edit: Yesterday at 07:22 AM by Skhilled
Quote from: LandyVlad on Oct 15, 2021, 08:21 PMSo adding bulk separated by commas - for 2.1 are file code changes still required or does 2.1 natively support lists with commas?
If not native in 2.1 I think a mod to do this would be awesome !

I just tested this in RC4 and it will not let you separate them by commas. :( I think you have to enter them one by one...not surprised.

However, you should be able to enter them in cPanel to block them from sending you email.

LandyVlad

Quote from: lesmond on Yesterday at 04:14 AMHaving said that, you will not be able to access CSF unless you run your own server/VPS, I doubt that your hosting will add any of those email blocks  :dontknow

I don't run own server or VPS. Its a hosted thing. I had a look through control panel and there doesn't seem to be any options for it... :(
I reject your reality, and substitute my own.