Security Suggestion

[Sea Mac]

You did it 3 minutes ago ... it took 3 minutes too!

Cool! I'm spoiled to this software now. It's easy and secure.

The Domain holder over at The Truth About Hemp did his, too!

I've learned enough to mod, and even make new, themes! I did the custom paint job over there!

[Sea Mac]

Paradoxic: there is a forum security update to 1.1.9 available!

Click here:  http://www.salviasource.org/forum/index.php?action=admin and click on the link, in the update notification box, that says update your forum. If all "Tests OK" click "Install Now".

You've done this before ....

I've done my 2 forums and so has the owner of "The Truth About Hemp".

Frequent security updates - I like this forum software!

[Sea Mac]

Paradoxic: there is a forum security update to 1.1.9 available!

Click here:  http://www.salviasource.org/forum/index.php?action=admin and click on the link, in the update notification box, that says update your forum. If all "Tests OK" click "Install Now".

You've done this before ....

I've done my 2 forums and so has the owner of "The Truth About Hemp".

Frequent security updates - I like this forum software!

You still need to update this Forum to SMF 1.1.9 ... don't put it off!

[Sea Mac]

Hey, Paradoxic!

Spambots are currently registering again:

http://www.salviasource.org/forum/index.php?action=profile;u=4436

This fellow couldn't deliver a payload but him and 4000 of his ilk are cluttering up your database.

You are using an obsolete version of SMF with security holes in it.
I HIGHLY Recommend you update the forum to version 1.1.9 AT Once! http://www.salviasource.org/forum/index.php?action=admin


You should set the registration CAPTCHA complexity to High also.  http://www.salviasource.org/forum/index.php?action=regcenter;sa=settings
"Complexity of visual verification image:
The more complex the image the harder it is for bots to bypass " - set this to High.

I've been here 2 years and one day now: and I helped you out of a spambot filled pit once already, remember?
Unlike phpBB2: you can EASILY delete old / inactive / or bogus members from the user database with SMF.

I'm an Internet "White Hat" and I ride a fiery steed made of blazingly fast IP Packets! 

My recommendation is you set the "Method of registration employed for new members" to "Member Activation" instead of "Immediate Registration".
http://www.salviasource.org/forum/index.php?action=helpadmin;help=registration_method
Most spambots don't use a REAL email address so they will never complete registration.

The extra step of Checking email/clicking activation link is easy for a HUMAN to do: but I don't expect spambots to be able to automate this until sometime in 2010.

The second and third links in this post will only permit Paradoxic to click on them. Don't even try.

See? I warned you!

[Sea Mac]

SMF 1.1.10 has been released 4 days ago (On July 14th 2009)

My 2 main forums took about 3 minutes to update! I did them both 10 minutes ago.

[Sea Mac]

I've had 3 or 4 spambots register in my Santa's Helper's Forum lately and then they come over here and register for YOUR Forum milliseconds later.

So, today Software Santa posted a present we both needed: BotScout "BotBuster" for SMF 1.x and 2.0 Beta 4

It's installed already on MY SMF forums.

Description:

Prevent spambots from registering on your forum. The SMF BotBuster uses the http://BotScout.com API to check each attempted registration against the BotScout.com database of known bots. Both the email and IP address are tested against over 100,000 bot signatures (with more being added every day).

Failed registration attempts are halted with a false "Registration Disabled" error message. Additional "failure" actions are easy to add (such as forwarding the bot to Disney.com, displaying mysterious, random error messages, or returning a frustrating "CAPTCHA Failed" error).

    * Works with SMF versions 1.1.x and 2.x
    * Minimal code changes, no extensive modifications required
    * Checks both email and IP to ensure a high detection rate
    * Provides results in simple string format or XML format

For more information please visit http://BotScout.com

I looked at the PHP code and I *THINK* it will email you when a bot gets a "Registration Disabled" message telling you what bot it was that tried. It's a standard MOD that installs in seconds from the packages section of your Admin panel!

I'd recommend it!

[Sea Mac]

I've noticed that it seems easy for Spambots to get in to SMF 1.1.11 - they've gotten into my forums recently.

I've installed that BotScout "Botbuster 1.3" SMF Mod and it DOES Help keep bots at bay. You should install it too!

SMF Anti Bot Measures:
BotScout "BotBuster" for SMF 1.x and 2.0 Beta 4 http://custom.simplemachines.org/mods/index.php?mod=1599
Cavecost Captcha (Text and shape verification) http://custom.simplemachines.org/mods/index.php?mod=1558
Anti Bot: Captcha Clock http://custom.simplemachines.org/mods/index.php?mod=1134

Or the first 6 ones here: http://custom.simplemachines.org/mods/index.php?action=search;type=13

[Sea Mac]

I've noticed that it seems easy for Spambots to get in to SMF 1.1.11 - they've gotten into my forums recently.

I've installed that BotScout "Botbuster 1.3" SMF Mod and it DOES Help keep bots at bay. You should install it too!

SMF Anti Bot Measures:
BotScout "BotBuster" for SMF 1.x and 2.0 Beta 4 http://custom.simplemachines.org/mods/index.php?mod=1599
Cavecost Captcha (Text and shape verification) http://custom.simplemachines.org/mods/index.php?mod=1558
Anti Bot: Captcha Clock http://custom.simplemachines.org/mods/index.php?mod=1134

Or the first 6 ones here: http://custom.simplemachines.org/mods/index.php?action=search;type=13

Man, I swear most of those "Anti-Bot" SMF MODS aren't worth the powder it'd take to blow their code to PHP Bad Code hellllllllllllll .......  

I own 5 domains (6 this month) and I administer almost 6 of these SMF Forums. And I Swear the Scripts have never been so aggressive before! All these forums get SpamBots the way dogs get fleas - SMF less than most!

I pity those people still trying with phpBB3 ... I bet they're getting eaten alive! This is a biblical sized infestation of SpamBots: They Cloud the Net like Locusts Cloud Skies!

So, I've resorted to checking IP addresses of ALL new registering users Here http://www.stopforumspam.com/ and banning any from my forums that appear on that list (or from Russia or China). They can still read I just don't let them post.

[Sea Mac]

So far I've tried out  the “Stop Forum Spam 0.5” and “Bot Buster 1.1” MODS for SMF and those 2 don’t seem to be worth the virtual powder to blow their code to PHP Hell!

But Stop Spammer 2.3.7 is really helping! http://custom.simplemachines.org/mods/index.php?mod=1547 I found it yesterday and already submitted a lucky 13 bots to their database (The ones the other 2 programs let through somehow.)! It took a minute to install, literally!

I’ve got this sweet mod Plugged in to 3 of my SMF forums right now, with my OWN database API Key, and The Stop Spammer Mod already caught one!

Use this one! You can only search 5,000 members per day so it'll take you a week to flush them all out from our members database - just do the OLDEST 2,000 each day and delete the triple red flagged members - who never posted anyways - with no second thoughts.

And it will PREVENT Spambots from registering! They get trapped in your Admin Approval Queue in your Members section of your control panel with red flags next to them!

Please try it?

[Sea Mac]

I have found a way to Stop the Bad Guys from getting into my SMF Forums!

A Combination of 3 Standard MODS made for SMF Forums have given me a much needed rest from chasing out comment spamming robots.

The 3 MODS that have tested OK and ACTUALLY WORKED For me - on 4 functioning SMF 1.1.11 forums So Far - are MOD http:BL to Armor Plate the Forum, and then MOD Stop Spammer to let you find/sort/and Deal with Spammers that already registered, and then add MOD ReCAPTCHA to Armor Plate Registration!  

I was recently banned from a SMF forum (dealing with plants trades) AS a Spammer merely for posting a link to my Software Santa website (It is NON-COMMERCIAL and has no Advertising: so tell me how links to that site are in any way SPAM?)! RETARDS! I hope the REAL SPAMBOTS Kill their SMF Forum!

I'm one of the Internet's "White Hats" because my sites actually help CATCH and Mark Spammers! I've got THREE Different "Honey Pots" set up on 3 different Domains already and I'm TELLING you Right now how to get these annoying scripts OFF of Your SMF Site! A Spammer wouldn't want you to know this:

How to rid this Site (Any Current SMF 1.1.11 Site, Actually) of 99.5% of Attack/Harvesting/Spam Scripts.

(You will Need 'domain file manager' or 'FTP' access to your Domain in order to upload the honeypot script to your root folder (sometimes called public_http) so make sure you have access before we start.)

First Step. Sign up for a FREE "Honey Pot" script, custom built JUST For YOUR Domain, from Project Honeypot. Here is an Overview of the Honeypot install process that walked me through it ... http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2 (it comes up in Spanish and you must select English from the Language menu to see it.)

When Signing up: Enter the Domain that your SMF Forum is hosted on. The Scripting Language to choose for your honeypot script is PHP 4+ - let them choose the name of the script for you, too. Go ahead and Share your honeypot, too, if you want: I shared all 3 of MY Domains honeypots. Only an Internet "White Hat" would sign up - let alone share freely!

Second Step:  Download the zipped honeypot script to your computer. Unzip it. Use FTP to place the script in the root folder of your Domain: do NOT Rename it! Carefully note its URL: after you activate it you cannot move it without starting all over again with a new honeypot script. After you follow the instructions to activate your honeypot you may request an API Key for access to the http:BL Database Access.

Third Step: Download the http:BL MOD from http://custom.simplemachines.org/mods/index.php?mod=2155 - then use your Package Manager to upload the MOD and Install it. (Back Up the Whole Site - and databases - first!) You'll need the URL of your Site's activated honeypot AND your http:BL API Key to first switch on this MOD. (Leave the Search word/keyword blank) Plug in those 2 facts in the MODS Control Panel (In the Members section - Down at the bottom - you'll see MOD httpBL has been added) and enable it.

That takes care of 98% of bad guys right away! Any known very bad IP address won't even be allowed to see your forum: they see a challenge page instead!

Next, you'll want to sign up over at Stop Forum Spam and Get an API Key from THEM. When you have an API Key go get the MOD Stop Spammer.

Again, Upload the MOD - back up the site and database - Install it. Activate the
MOD from the Members/Registration/Settings. All 5 of the checkboxes should be checked (on). You can CHECK your existing members against the database of Spammers known IP addresses - 5,000 a day -  and quickly eliminate bad ones, with this MOD!
 Finally, Put in ReCAPTCHA for Registration!
You know the drill by now. Sign up for a Public Key/Private Key set here: http://recaptcha.net/whyrecaptcha.html  Then get and install this MOD MOD ReCAPTCHA. Plug in your Account Details in the spaces provided (also located at Members/Registration/Settings ) and activate it.

I tell you: It's Working for ME!

[Sea Mac]

Hey, Paradoxic! 

I advised you to put these MODs (Quoted Below) in YOUR Salvia Source Forum - and you eventually emailed me and let me know you had done it.

How are those 3 MODs working out for you? Don't you wish you had put them in months ago? (Don't forget to Add a honeypot link hidden in your site - I find adding a commented out link in the current themes index.template - down where the Copyrights go - puts an invisible Honeypot trap on EVERY Page your forum generates.

I've recently caught/marked/flagged 4 NEW Bad Guys IP Addresses with the Honeypot on Software Santa's domain.  Since I installed those MODs, on 4 of the SMF Forums I'm running, they've Stopped over SIX THOUSAND bad guys from getting in.

Software Santa has stopped 3793 spammers so far.
The Truth about Hemp has stopped 1416 spammers so far.
Clairemont High Reunion '61 has stopped 819 spammers so far.
And Santa's Helper's has stopped 318 spammers so far.

So, how many Spammers have YOUR New Shield MODs stopped (so far)? You getting a couple hundred spambots shut out each day?

Just tell us how well, or how poorly, these are doing the job. WOULD You recommend those 3 MODS to any other SMF Forum Owners?
I know I still would.

I have found a way to Stop the Bad Guys from getting into my SMF Forums!

A Combination of 3 Standard MODS made for SMF Forums have given me a much needed rest from chasing out comment spamming robots.

The 3 MODS that have tested OK and ACTUALLY WORKED For me - on 4 functioning SMF 1.1.11 forums So Far - are MOD http:BL to Armor Plate the Forum, and then MOD Stop Spammer to let you find/sort/and Deal with Spammers that already registered, and then add MOD ReCAPTCHA to Armor Plate Registration!  

I was recently banned from a SMF forum (dealing with plants trades) AS a Spammer merely for posting a link to my Software Santa website (It is NON-COMMERCIAL and has no Advertising: so tell me how links to that site are in any way SPAM?)! RETARDS! I hope the REAL SPAMBOTS Kill their SMF Forum!

I'm one of the Internet's "White Hats" because my sites actually help CATCH and Mark Spammers! I've got THREE Different "Honey Pots" set up on 3 different Domains already and I'm TELLING you Right now how to get these annoying scripts OFF of Your SMF Site! A Spammer wouldn't want you to know this:

How to rid this Site (Any Current SMF 1.1.11 Site, Actually) of 99.5% of Attack/Harvesting/Spam Scripts.

(You will Need 'domain file manager' or 'FTP' access to your Domain in order to upload the honeypot script to your root folder (sometimes called public_http) so make sure you have access before we start.)

First Step. Sign up for a FREE "Honey Pot" script, custom built JUST For YOUR Domain, from Project Honeypot. Here is an Overview of the Honeypot install process that walked me through it ... http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2 (it comes up in Spanish and you must select English from the Language menu to see it.)

When Signing up: Enter the Domain that your SMF Forum is hosted on. The Scripting Language to choose for your honeypot script is PHP 4+ - let them choose the name of the script for you, too. Go ahead and Share your honeypot, too, if you want: I shared all 3 of MY Domains honeypots. Only an Internet "White Hat" would sign up - let alone share freely!

Second Step:  Download the zipped honeypot script to your computer. Unzip it. Use FTP to place the script in the root folder of your Domain: do NOT Rename it! Carefully note its URL: after you activate it you cannot move it without starting all over again with a new honeypot script. After you follow the instructions to activate your honeypot you may request an API Key for access to the http:BL Database Access.

Third Step: Download the http:BL MOD from http://custom.simplemachines.org/mods/index.php?mod=2155 - then use your Package Manager to upload the MOD and Install it. (Back Up the Whole Site - and databases - first!) You'll need the URL of your Site's activated honeypot AND your http:BL API Key to first switch on this MOD. (Leave the Search word/keyword blank) Plug in those 2 facts in the MODS Control Panel (In the Members section - Down at the bottom - you'll see MOD httpBL has been added) and enable it.

That takes care of 98% of bad guys right away! Any known very bad IP address won't even be allowed to see your forum: they see a challenge page instead!

Next, you'll want to sign up over at Stop Forum Spam and Get an API Key from THEM. When you have an API Key go get the MOD Stop Spammer.

Again, Upload the MOD - back up the site and database - Install it. Activate the
MOD from the Members/Registration/Settings. All 5 of the checkboxes should be checked (on). You can CHECK your existing members against the database of Spammers known IP addresses - 5,000 a day -  and quickly eliminate bad ones, with this MOD!
 Finally, Put in ReCAPTCHA for Registration!
You know the drill by now. Sign up for a Public Key/Private Key set here: http://recaptcha.net/whyrecaptcha.html  Then get and install this MOD MOD ReCAPTCHA. Plug in your Account Details in the spaces provided (also located at Members/Registration/Settings ) and activate it.

I tell you: It's Working for ME!