QUICK NEWS

{NEW} - A new css video is up.

{OLD} - New video courtesy of Skhilled, Thanks for posting it up.

Video of the moment:


Internal Links

SMF Sites

Quick Info

Security Measures for a 2.1 Forum ?

Started by LandyVlad, Oct 06, 2021, 10:29 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

LandyVlad

So far the main security mods I use on 2.0 aren't available for 2.1 (related thread)

The obvious first security measure is proper use of the security questions.

I have that covered - what other options would people suggest?


How in SMF 2.1 could I achieve the following:


  • New member has to post to a welcome forum before anywhere else, and it has to be approved to then allow them ongoing access without moderator approval of posts.
  • ReCaptcha required for say first 5 posts.
  • Adding a Honeypot
  • Server / host side measures which prevent spammers before they even arrive at the forum / registration.

Thanks
Please do not PM me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Hatshepsut

I use only: user registration with one question, Admin approval for new members, and ReCaptcha for first 5 posts.

LandyVlad

And that's working well for you?

Can you run through how you set up the admin approval for new members please?
Please do not PM me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Hatshepsut

#3
Quote from: LandyVlad on Oct 07, 2021, 02:36 AMAnd that's working well for you?

Yes, I have two forums  - old and new, with the same name. The last registered spam-bots were in 2011  :vcool
Since 2011, we have several human spammers only.

Quote from: LandyVlad on Oct 07, 2021, 02:36 AMCan you run through how you set up the admin approval for new members please?

Admin panel => Members => Registration => Settings

The first option is:

'Method of registration employed for new members'

Select "Admin Approval" from the drop-down menu

When new member is registered, you will receive a notification.
In admin panel, you will see new member with their e-mail and IP- addresses.
When I see users' IP from China, India or Pakistan, I reject them.

Skhilled

For many years, I've set the new user membergroup so that their permissions can't pm anyone except admins, they can't post links or sigs, etc. They must make 5 posts then they will automatically be put into the "regular user" (my version of it) group. If I see they are a real person asking for help, etc. then I'll manually put them into the "regular user" group.

Neša

I have a few block lists enabled on the server in csf, one of them is the stopforumspam.com 24 hour list. It is updated daily and will get a big chunk of spammers.
I only have test forums setup at the moment but in the past we didn't have any big issues with spammers using that method.


Skhilled

Here's a few other things I've added to my site that's I've forgot to mention:

How to Avoid Spambots, etc:

https://www.projecthoneypot.org/how_to_avoid_spambots.php

Disposable Email Addresses. Added these to your ban email addresses in one ban setting. ;)

https://www.docskillz.com/docs/index.php?topic=710.0

Bigguy

Nice list. I might have to add it here. :rgton
"It's the American dream....cause ya have to be asleep to believe it." - George Carlin

LandyVlad

Yeah I think the most common of all of thoses these days is *@yandex.com
I know banking that particular one on my forum killed 9/10 of ones that got through and almost all teh rest were captured by 'stop spammer mod'


Quote from: Skhilled on Oct 15, 2021, 10:05 AMDisposable Email Addresses. Added these to your ban email addresses in one ban setting. ;)
https://www.docskillz.com/docs/index.php?topic=710.0

So adding bulk separated by commas - for 2.1 are file code changes still required or does 2.1 natively support lists with commas?
If not native in 2.1 I think a mod to do this would be awesome !
Please do not PM me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

LandyVlad

Quote from: Neša on Oct 15, 2021, 07:14 AMI have a few block lists enabled on the server in csf, one of them is the stopforumspam.com 24 hour list.

How do you mean set up on the server? You mean outside/independent of SMF?

I googled csf - ConfigServer Security & Firewall   https://configserver.com/cp/csf.html
seems to be for linux servers. No idea whether the hosting I have is windows or linux, possibly the former.
 
Please do not PM me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

lesmond

#10
Quote from: LandyVlad on Oct 15, 2021, 08:27 PMNo idea whether the hosting I have is windows or linux, possibly the former.

To find out what server your on, go to your cpanel and click 'server information' on the right.

You cannot view this attachment.

Having said that, you will not be able to access CSF unless you run your own server/VPS, I doubt that your hosting will add any of those email blocks  :dontknow

The only person who got all his work done by Friday was Robinson Crusoe

Skhilled

#11
Quote from: LandyVlad on Oct 15, 2021, 08:21 PMSo adding bulk separated by commas - for 2.1 are file code changes still required or does 2.1 natively support lists with commas?
If not native in 2.1 I think a mod to do this would be awesome !

I just tested this in RC4 and it will not let you separate them by commas. :( I think you have to enter them one by one...not surprised.

However, you should be able to enter them in cPanel to block them from sending you email.

LandyVlad

Quote from: lesmond on Oct 16, 2021, 04:14 AMHaving said that, you will not be able to access CSF unless you run your own server/VPS, I doubt that your hosting will add any of those email blocks  :dontknow

I don't run own server or VPS. Its a hosted thing. I had a look through control panel and there doesn't seem to be any options for it... :(
Please do not PM me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Skhilled

#13
You can add them in Global Email Filters for all of your sites under that account or Email filters for just that account.

Neša

Yes sorry CSF is a firewall for servers, you could deny the IP addresses in .htaccess I think the IP Deny function of cpanel just puts deny [ip address] in that file. You can test it by copying an IP address then viewing the file in file manager.

It wont be as efficient as an iptables/csf block but it is better than nothing. Stopforum has a mod for the older SMF forum.
http://custom.simplemachines.org/mods/index.php?mod=1547 someone might be able to pick up the code and modify it to work with the new forum.