| Author |
 Topic  |
|
|
loftwork
Starting Member
10 Posts |
 Posted - 13 November 2008 : 09:35:33
|
Hi,
I get spurious registrations. Using the gatekeeper mod w. update for 3.4.06 makes no difference and the bogus registrations do not pile up waiting for activation so I assume it's a direct manipulation of the mdb file? They don't seem to post or hack.
The forum code is all in an accessible directory under the website root (http://www.raes-hfg.com/forum/). I remember seeing a note about encrypting the forum directory but can't find it anywhere. Is that possible?
When several dozen of these members accumulate is there any reason why they should not be removed from the mdb file members list just by deleting the lines with MSAccess (since there isn't a bulk delete in Snitz)?
Thanks very much for any enlightenment!
< |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 13 November 2008 : 10:04:59
|
First, have you checked to make sure that the Gatekeeper MOD is really working and has good questions? If its not working right or you're using the same questions as a million other sites than it won't help much.
Also, how do you know they are "spurious registrations"? (not being sarcastic, but some people don't like to fill in personal information, etc.)
There are a few other spam fighting tips mentioned here: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=65057 (stickied at the top of this forum for your convenience  )
I'd also run through the Bug Reports and Security updates and see if you're missing any patches, etc. Then I'd go through and see if all the Admin settings are as they should be. If they aren't, check your Admin list to see if anyone is there that shouldn't be. If you find someone, demote them and lock the account.
That's enough to start with. If you're still having problems, or have any questions, post 'em in this topic and we'll do what we can to help.  < |
 |
|
|
loftwork
Starting Member
10 Posts |
Posted - 13 November 2008 : 11:00:47
|
Thanks Anon. I'll check for patches (thought .06 was totally bulletproof!) but assume from your reply that moving the forum directory or encrypting it should not normally be necessary.
Cheers,
Rick< |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 13 November 2008 : 11:08:29
|
The only way they can get at the code or upload a modified MDB file is to have access to your server. At that point you have bigger issues. 
Now I am assuming that you didn't modify the code to allow for file uploads...< |
|
|
|
Podge
Support Moderator
Ireland
3776 Posts |
|
|
loftwork
Starting Member
10 Posts |
Posted - 13 November 2008 : 12:38:02
|
Thank you both very much. Would it be prudent to make the mdb writeable only by the machine user account (the name of which escapes me)? Would that be an NTFS Write or eXecute permission?
Cheers,
Rick< |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 13 November 2008 : 13:24:15
|
| The account is IUSER_(machine name) - unless they have access to your server, everything done via the web is going to be done by that account anyway.< |
|
|
|
Carefree
Advanced Member
Philippines
4217 Posts |
Posted - 13 November 2008 : 17:12:48
|
quote:
Originally posted by AnonJr
The account is IUSER_(machine name) - unless they have access to your server, everything done via the web is going to be done by that account anyway.
Not quite, Anon. It's IUSR_< |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 13 November 2008 : 17:40:25
|
| Mental spell check was a little overactive. I've been editing online presentations for the better part of the day.< |
|
|
|
loftwork
Starting Member
10 Posts |
Posted - 14 November 2008 : 03:34:10
|
Thanks for the clarification, much appreciated!
Rick
< |
|
|
| |
Topic |
|
Topic Locked
