Security Measures for a 2.1 Forum ?

LandyVlad · Oct 06, 2021, 10:29 PM

So far the main security mods I use on 2.0 aren't available for 2.1 (related thread)

The obvious first security measure is proper use of the security questions.

I have that covered - what other options would people suggest?

How in SMF 2.1 could I achieve the following:

New member has to post to a welcome forum before anywhere else, and it has to be approved to then allow them ongoing access without moderator approval of posts.
ReCaptcha required for say first 5 posts.
Adding a Honeypot
Server / host side measures which prevent spammers before they even arrive at the forum / registration.

Thanks

Hatshepsut · Oct 06, 2021, 11:18 PM

I use only: user registration with one question, Admin approval for new members, and ReCaptcha for first 5 posts.

LandyVlad · Oct 07, 2021, 02:36 AM

And that's working well for you?

Can you run through how you set up the admin approval for new members please?

Hatshepsut · Oct 07, 2021, 05:06 AM

Quote from: LandyVlad on Oct 07, 2021, 02:36 AMAnd that's working well for you?

Yes, I have two forums - old and new, with the same name. The last registered spam-bots were in 2011

Since 2011, we have several human spammers only.

Quote from: LandyVlad on Oct 07, 2021, 02:36 AMCan you run through how you set up the admin approval for new members please?

Admin panel => Members => Registration => Settings

The first option is:

'Method of registration employed for new members'

Select "Admin Approval" from the drop-down menu

When new member is registered, you will receive a notification.
In admin panel, you will see new member with their e-mail and IP- addresses.
When I see users' IP from China, India or Pakistan, I reject them.

Skhilled · Oct 13, 2021, 11:59 PM

For many years, I've set the new user membergroup so that their permissions can't pm anyone except admins, they can't post links or sigs, etc. They must make 5 posts then they will automatically be put into the "regular user" (my version of it) group. If I see they are a real person asking for help, etc. then I'll manually put them into the "regular user" group.

Neša · Oct 15, 2021, 07:14 AM

I have a few block lists enabled on the server in csf, one of them is the stopforumspam.com 24 hour list. It is updated daily and will get a big chunk of spammers.
I only have test forums setup at the moment but in the past we didn't have any big issues with spammers using that method.

Skhilled · Oct 15, 2021, 10:05 AM

Here's a few other things I've added to my site that's I've forgot to mention:

How to Avoid Spambots, etc:

https://www.projecthoneypot.org/how_to_avoid_spambots.php

Disposable Email Addresses. Added these to your ban email addresses in one ban setting.

https://www.docskillz.com/docs/index.php?topic=710.0

Bigguy · Oct 15, 2021, 03:51 PM

Nice list. I might have to add it here.

LandyVlad · Oct 15, 2021, 08:21 PM

Yeah I think the most common of all of thoses these days is *@yandex.com
I know banking that particular one on my forum killed 9/10 of ones that got through and almost all teh rest were captured by 'stop spammer mod'

Quote from: Skhilled on Oct 15, 2021, 10:05 AMDisposable Email Addresses. Added these to your ban email addresses in one ban setting.
https://www.docskillz.com/docs/index.php?topic=710.0

So adding bulk separated by commas - for 2.1 are file code changes still required or does 2.1 natively support lists with commas?
If not native in 2.1 I think a mod to do this would be awesome !

LandyVlad · Oct 15, 2021, 08:27 PM

Quote from: Neša on Oct 15, 2021, 07:14 AMI have a few block lists enabled on the server in csf, one of them is the stopforumspam.com 24 hour list.

How do you mean set up on the server? You mean outside/independent of SMF?

I googled csf - ConfigServer Security & Firewall https://configserver.com/cp/csf.html
seems to be for linux servers. No idea whether the hosting I have is windows or linux, possibly the former.

lesmond · Oct 16, 2021, 04:14 AM

Quote from: LandyVlad on Oct 15, 2021, 08:27 PMNo idea whether the hosting I have is windows or linux, possibly the former.

To find out what server your on, go to your cpanel and click 'server information' on the right.

You cannot view this attachment.

Having said that, you will not be able to access CSF unless you run your own server/VPS, I doubt that your hosting will add any of those email blocks

Skhilled · Oct 16, 2021, 07:21 AM

Quote from: LandyVlad on Oct 15, 2021, 08:21 PMSo adding bulk separated by commas - for 2.1 are file code changes still required or does 2.1 natively support lists with commas?
If not native in 2.1 I think a mod to do this would be awesome !

I just tested this in RC4 and it will not let you separate them by commas.

I think you have to enter them one by one...not surprised.

However, you should be able to enter them in cPanel to block them from sending you email.

LandyVlad · Oct 17, 2021, 08:30 PM

Quote from: lesmond on Oct 16, 2021, 04:14 AMHaving said that, you will not be able to access CSF unless you run your own server/VPS, I doubt that your hosting will add any of those email blocks

I don't run own server or VPS. Its a hosted thing. I had a look through control panel and there doesn't seem to be any options for it...

Skhilled · Oct 18, 2021, 09:37 AM

You can add them in Global Email Filters for all of your sites under that account or Email filters for just that account.

Neša · Oct 18, 2021, 06:53 PM

Yes sorry CSF is a firewall for servers, you could deny the IP addresses in .htaccess I think the IP Deny function of cpanel just puts deny [ip address] in that file. You can test it by copying an IP address then viewing the file in file manager.

It wont be as efficient as an iptables/csf block but it is better than nothing. Stopforum has a mod for the older SMF forum.
http://custom.simplemachines.org/mods/index.php?mod=1547 someone might be able to pick up the code and modify it to work with the new forum.

pulgoki · Jan 14, 2022, 03:58 PM

Quote from: Skhilled on Oct 16, 2021, 07:21 AMI just tested this in RC4 and it will not let you separate them by commas. I think you have to enter them one by one...not surprised.

If this kind of post isn't allowed, sorry - remove it please.

I joined today because I read this thread. I've been looking for a way to add these myself. I wrote a sql query that will add all of them at once. It can be edited to add more. The formatting is there.

You have to change it to fit your database prefix and ban group. The table smf***_ban_items edit the *** to match your database. the '1' just happens to be my ban group as I only have a single group. The first spammer joined my server today using a yandex email address.

Code Select

INSERT INTO `smf***_ban_items`(`id_ban_group`, `email_address`)
VALUES
('1', '%@sogetthis.com'),
('1', '%@10minutemail.com'),
('1', '%@110mail.net'),
('1', '%@123people.com'),
('1', '%@126.com'),
('1', '%@163.com'),
('1', '%@1dl.us'),
('1', '%@2prong.com'),
('1', '%@anonymbox.com'),
('1', '%@bk.ru'),
('1', '%@bugmenot.com'),
('1', '%@deadaddress.com'),
('1', '%@discard.email'),
('1', '%@discardmail.com'),
('1', '%@dispostable.com'),
('1', '%@dodgit.com'),
('1', '%@e4ward.com'),
('1', '%@emailias.com'),
('1', '%@emailko.in'),
('1', '%@emailthe.com'),
('1', '%@email-unlimited.com'),
('1', '%@fakeinbox.com'),
('1', '%@filzmail.com'),
('1', '%@getairmail.com'),
('1', '%@gishpuppy.com'),
('1', '%@goemailgo.com'),
('1', '%@guerrillamail.*'),
('1', '%@hushmail.*'),
('1', '%@incognitomail.com'),
('1', '%@laposte.net'),
('1', '%@list.ru'),
('1', '%@mailcatch.com'),
('1', '%@maildrop.cc'),
('1', '%@mailex.org'),
('1', '%@mailinator.*'),
('1', '%@meltmail.com'),
('1', '%@mini.burmails.com'),
('1', '%@mintemail.com'),
('1', '%@nowmymail.com'),
('1', '%@o2.pl'),
('1', '%@ovi.com'),
('1', '%@qq.com'),
('1', '%@sneakemail.com'),
('1', '%@sogetthis.com'),
('1', '%@spamex.com'),
('1', '%@spamfree24.org'),
('1', '%@spamgourmet.com'),
('1', '%@techcrunch.com'),
('1', '%@tempemail.com'),
('1', '%@temp-mail.org'),
('1', '%@tipforus.us'),
('1', '%@trash-mail.com'),
('1', '%@trashmymail.com'),
('1', '%@urx7.com'),
('1', '%@whyspam.me'),
('1', '%@yandex.com'),
('1', '%@yopmail.com'),
('1', '%@xyzfree.net'),
('1', '%@zoemail.com')

Bigguy · Jan 14, 2022, 07:11 PM

I don't have any objection to this post. it's ok.

Skhilled · Jan 15, 2022, 09:38 AM

Nice! I'm surprised I didn't think of that! LMAO

pulgoki · Jan 15, 2022, 02:55 PM

I figured if nothing else, I found the info on your site. I took the time to format it to import in. This should save someone the trouble of having to do it.

I need to learn how to use regex

Skhilled · Jan 16, 2022, 12:23 AM

After surfing the net for for over 35 years you'd assume I'd be a guru by now...NOT! LMAO

I do know some php and css but am no pro at either. I started to get into regex awhile back but have been too busy to get back into it. I found this to help me:

https://regex101.com/

LandyVlad · Feb 09, 2022, 05:48 PM

Well with 2.1.0 now released I'm revisiting this.

I do have a live forum (but very new) running 2.1RC4 and its just using questions, and there haven't been any problems so far. But its very new.

Skhilled · Feb 09, 2022, 11:33 PM

I'm going to install it soon on a test forum and kick the tires to see how it goes. I've got a LOT of themes to update over at CZ now.

Skhilled · Feb 10, 2022, 08:25 AM

I installed it and tried to set the time but screwed it up and thought something was wrong! LOL I knew I was tired and had a bad headache and should've just laid down for a nap first. LOL

QUICK NEWS

Internal Links

SMF Sites

Security Measures for a 2.1 Forum ?

LandyVlad

Hatshepsut

LandyVlad

Hatshepsut

Skhilled

Neša

Skhilled

Bigguy

LandyVlad

LandyVlad

lesmond

Skhilled

LandyVlad

Skhilled

Neša

pulgoki

Bigguy

Skhilled

pulgoki

Skhilled

LandyVlad

Skhilled

Skhilled