| Author |
Post |
|
|
#1 Sun Mar 19, 2006 9:42 pm
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
As a result of recent attacks on the registration system, it has come to my mind that the security on this part could be much better. Therefore, I introduce rProtect, a system/project that should make UseBB more secure, similar to YaBB's Guardian. Especially on the registration and anonymous posting part, this implicits: - save the IP address upon registering (using a central logging functionality); - reject more than one registration attempt from the same IP in x minutes/hours; - blacklisted open proxies should be banned by default; - captcha (visual confirmation) enabled for registering and anonymous posting. All these should at least be available in the first public version of UseBB 2. Additionally, some of these features could become available for UseBB 1.0 or a later 1.x version (thus we might make an exception on the roadmap). As security is important, these features have a higher priority than others. Note: we are not saying UseBB is insecure in general, but it is, just as other forum softwares, vulnerable to abuse (without any hacking or cracking involved). That's what we want to prevent with this project. Any comments, suggestions, additions, etc are welcome. « Last edit by Dietrich on Sat Apr 15, 2006 5:03 pm. » |
|
|
#2 Sat Apr 15, 2006 5:09 pm
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
The following security features have been implemented into 1.0 RC1: - DNSBL powered banning (*nix only); - Registration logging (logs username, email address, IP address, hostname, browser, session start and number of pages); - Never activated members can be hidden from the member list and statistics; - Email address validation by looking for DNS MX records on the domain name (*nix only); All these features can be disabled seperately. |
|
|
#3 Sun Sep 17, 2006 8:57 pm
|
|
Member
Registered: Jun 2005
Posts: 6
Location: Uetersen (near Hamburg)
|
Have you checked your weblog? I have linked my idea there. Please feel free to implement my mod_rewrite-based protection system. If you haven't read it yet, you can also check-out my: My Weblog. Search for the "Comments Post Rewriter Plugin". :-) |
|
|
#4 Sun Oct 22, 2006 11:11 am
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
Sorry for the late update, an answer was given on my blog. I suppose you have noticed it already. |
|
|
#5 Sun Oct 22, 2006 11:25 am
|
|
Member
Registered: Jul 2006
Posts: 16
Location: China
|
I cannot open ur blog . Its so slowly .  _______________ Excuse my English, Improving...  |
|
|
#6 Fri Apr 06, 2007 11:55 pm
|
|
Member
Registered: Apr 2005
Posts: 16
|
Since Askimet has an API available what do you think about that being integrated to usebb Dietrich? |
|
|
#7 Sat Apr 07, 2007 10:53 am
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
Akismet is on the TODO list for 2.0.0. |
|
|
#8 Sat Apr 07, 2007 5:37 pm
|
|
Member
Registered: Apr 2005
Posts: 16
|
Cool, I guess i should have looked, sorry  |
|
|
#9 Sat Apr 07, 2007 7:33 pm
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
More updated information on rProtect can be found in the introduction PDF document on the development mailing list. |
