Security Suggestion

[Sea Mac]

You did it 3 minutes ago ... it took 3 minutes too!

Cool! I'm spoiled to this software now. It's easy and secure.

The Domain holder over at The Truth About Hemp did his, too!

I've learned enough to mod, and even make new, themes! I did the custom paint job over there!

[Sea Mac]

Paradoxic: there is a forum security update to 1.1.9 available!

Click here:  http://www.salviasource.org/forum/index.php?action=admin and click on the link, in the update notification box, that says update your forum. If all "Tests OK" click "Install Now".

You've done this before ....

I've done my 2 forums and so has the owner of "The Truth About Hemp".

Frequent security updates - I like this forum software!

[Sea Mac]

Paradoxic: there is a forum security update to 1.1.9 available!

Click here:  http://www.salviasource.org/forum/index.php?action=admin and click on the link, in the update notification box, that says update your forum. If all "Tests OK" click "Install Now".

You've done this before ....

I've done my 2 forums and so has the owner of "The Truth About Hemp".

Frequent security updates - I like this forum software!

You still need to update this Forum to SMF 1.1.9 ... don't put it off!

[Sea Mac]

Hey, Paradoxic!

Spambots are currently registering again:

http://www.salviasource.org/forum/index.php?action=profile;u=4436

This fellow couldn't deliver a payload but him and 4000 of his ilk are cluttering up your database.

You are using an obsolete version of SMF with security holes in it.
I HIGHLY Recommend you update the forum to version 1.1.9 AT Once! http://www.salviasource.org/forum/index.php?action=admin


You should set the registration CAPTCHA complexity to High also.  http://www.salviasource.org/forum/index.php?action=regcenter;sa=settings
"Complexity of visual verification image:
The more complex the image the harder it is for bots to bypass " - set this to High.

I've been here 2 years and one day now: and I helped you out of a spambot filled pit once already, remember?
Unlike phpBB2: you can EASILY delete old / inactive / or bogus members from the user database with SMF.

I'm an Internet "White Hat" and I ride a fiery steed made of blazingly fast IP Packets! 

My recommendation is you set the "Method of registration employed for new members" to "Member Activation" instead of "Immediate Registration".
http://www.salviasource.org/forum/index.php?action=helpadmin;help=registration_method
Most spambots don't use a REAL email address so they will never complete registration.

The extra step of Checking email/clicking activation link is easy for a HUMAN to do: but I don't expect spambots to be able to automate this until sometime in 2010.

The second and third links in this post will only permit Paradoxic to click on them. Don't even try.

See? I warned you!

[Sea Mac]

SMF 1.1.10 has been released 4 days ago (On July 14th 2009)

My 2 main forums took about 3 minutes to update! I did them both 10 minutes ago.

[Sea Mac]

I've had 3 or 4 spambots register in my Santa's Helper's Forum lately and then they come over here and register for YOUR Forum milliseconds later.

So, today Software Santa posted a present we both needed: BotScout "BotBuster" for SMF 1.x and 2.0 Beta 4

It's installed already on MY SMF forums.

Description:

Prevent spambots from registering on your forum. The SMF BotBuster uses the http://BotScout.com API to check each attempted registration against the BotScout.com database of known bots. Both the email and IP address are tested against over 100,000 bot signatures (with more being added every day).

Failed registration attempts are halted with a false "Registration Disabled" error message. Additional "failure" actions are easy to add (such as forwarding the bot to Disney.com, displaying mysterious, random error messages, or returning a frustrating "CAPTCHA Failed" error).

    * Works with SMF versions 1.1.x and 2.x
    * Minimal code changes, no extensive modifications required
    * Checks both email and IP to ensure a high detection rate
    * Provides results in simple string format or XML format

For more information please visit http://BotScout.com

I looked at the PHP code and I *THINK* it will email you when a bot gets a "Registration Disabled" message telling you what bot it was that tried. It's a standard MOD that installs in seconds from the packages section of your Admin panel!

I'd recommend it!

[Sea Mac]

I've noticed that it seems easy for Spambots to get in to SMF 1.1.11 - they've gotten into my forums recently.

I've installed that BotScout "Botbuster 1.3" SMF Mod and it DOES Help keep bots at bay. You should install it too!

SMF Anti Bot Measures:
BotScout "BotBuster" for SMF 1.x and 2.0 Beta 4 http://custom.simplemachines.org/mods/index.php?mod=1599
Cavecost Captcha (Text and shape verification) http://custom.simplemachines.org/mods/index.php?mod=1558
Anti Bot: Captcha Clock http://custom.simplemachines.org/mods/index.php?mod=1134

Or the first 6 ones here: http://custom.simplemachines.org/mods/index.php?action=search;type=13