| Author |
 Topic  |
|
|
boborg
Starting Member
21 Posts |
 Posted - 26 July 2007 : 02:47:24
|
I've seen I guess spambots before setting up a new account and starting spamming. But last night a spammer posted using an existing valid account. Only reason I can think of is that the spammer somehow hacked that users password or could there be any other reason?
Are there any recommended mods or something that can help protect my forum (3.4.06) better? |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
boborg
Starting Member
21 Posts |
Posted - 26 July 2007 : 04:03:04
|
| Thanks for your reply. Is there any mod to enforce some kind of strong password required when users register? |
 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 26 July 2007 : 04:14:39
|
quote:
Originally posted by boborg
Thanks for your reply. Is there any mod to enforce some kind of strong password required when users register?
I'm don't know any such mod, but if you stop spammers registering altogether, that may not be an issue.
We approve every user manually here and we've had no problems at all. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
boborg
Starting Member
21 Posts |
Posted - 26 July 2007 : 05:21:13
|
Yes but in this case it's not a question of spammers registering but spammers hacking an existing user password.
Is there any mod for some kind of flood control for login so potentiel hackers cannot set up some kind of hacking tool and just keep trying until they find the password? |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 26 July 2007 : 05:48:22
|
Without registration, access to the member list is no longer possible, so that may reduce the likelihood of attempted hacks.
I don't know of any mod to stop password guessing attacks. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 26 July 2007 : 08:19:08
|
| Maybe its worth looking at figuring out a way to temporarily lock/ban/whatever the PC (via cookie) and/or IP if there are more than x number of bad password attempts? Obviously something like that wouldn't stop a determined hacker, but it will help deflect the inherently lazy. |
|
|
|
Zaphod616
Starting Member
USA
30 Posts |
Posted - 26 July 2007 : 11:00:51
|
In the main forum configuration of your Admin Options you can also set the forum to 'Registration Required' so any potential spammer would be unable to see any member names at all because the entire forum would be prevented from being displayed. They would only see a login screen. That would be a simple and easy solution to prevent anyone from seeing usernames and trying to guess passwords associated with them.
This is providing that you dont already have your forum set up for 'registration required'. |
The Froody Froums
|
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 26 July 2007 : 12:31:13
|
| Or maybe the first attempt passes straight through, the second takes 5 seconds, the third ten seconds, the fourth twenty seconds, the fifth fourty seconds etc, although it's tough to enforce. |
|
|
|
dj_shawn
Starting Member
22 Posts |
Posted - 24 August 2007 : 09:28:45
|
One word to search: "CAPTCHA" I found it on here somewhere and since adding it to my registration page ALL spam and spam bots have been gone totaly since then!
"CAPTCHA" is that newly used random visual letters and numbers that users must enter correctly by sight only! Adding this feature totaly Kills ALL SPAM BOTS, because they can't register since they can't see!
I don't know where in here I found it about 6 months back so you will have to search for it, but it does exist for Snitz and is a basic plug-in mod. |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 24 August 2007 : 09:33:51
|
Did you even bother reading this topic? 
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
Edited by - Shaggy on 24 August 2007 09:34:23 |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 24 August 2007 : 09:59:23
|
| Or any of the others you've posted this answer to? I hate to say it, but CAPTCHA's aren't the end-all be-all solution to every problem - and they create a few of their own. They have their place, but its not everyplace... |
|
|
| |
Topic |
|
Topic Locked
