Page 1 of 1

Security Questions

PostPosted: Sat Feb 11, 2012 09:38
by wokste
I just registered on the forums, and I must say that the security question of the forums are hard. (especially the version, I had to go to: http://c55.me/blog/?paged=4 to find it out)

Ideas:
* If you put sand in the furnace, what do you get?
* How much cobblestone do you need to make a furnace?

EDIT: The security question also removed a lot of information of this post

PostPosted: Sat Feb 11, 2012 11:22
by kahrl
Whenever I get truncated posts (see the other thread), I can click the back button in my browser -- I use firefox, but that shouldn't matter -- and the original text is still there, so I can copy it somewhere safe and then edit my post.

PostPosted: Sat Feb 11, 2012 12:37
by Calinou
Security question needs to be hard enough - we have like at least 4-6 spambots registering and posting every day.

PostPosted: Sat Feb 11, 2012 15:35
by dannydark
It might also be useful to use a honey pot technique where you add a couple of hidden input fields on the reply code that a normal user would never see or never fill in and then check server side if these fields have any data in them, if so block as it is a spam bot.

Bots will normally fill in all fields in a form although you will still get the odd one that will get through this technique usually stops a lot of them, also the hidden fields should be labelled like a generic field like email, comment, message, name etc in my experience in web development email and name fields seem to be the best at trapping bots as they are usually programmed to always fill in such fields.

EDIT: Forgot to mention this should also be done on all forms especially the registration form, in theory if registration is required to post on the forum then adding some honey pot fields on that form should mean that the ones on the reply forms should never have to be checked although its always nice to have a double trap.

PostPosted: Sat Feb 11, 2012 15:47
by Calinou
If not done already, email+admin/mod confirmation should be added.

PostPosted: Sat Feb 11, 2012 16:09
by Jordach
kahrl wrote:Whenever I get truncated posts (see the other thread), I can click the back button in my browser -- I use firefox, but that shouldn't matter -- and the original text is still there, so I can copy it somewhere safe and then edit my post.


Also, you forget chrome does too.

PostPosted: Sat Feb 11, 2012 16:11
by dannydark
Jordach wrote:
kahrl wrote:Whenever I get truncated posts (see the other thread), I can click the back button in my browser -- I use firefox, but that shouldn't matter -- and the original text is still there, so I can copy it somewhere safe and then edit my post.


Also, you forget chrome does too.


All modern browsers do lol ^_^ (including IE9 ¬_¬)

PostPosted: Sat Feb 11, 2012 21:06
by Jordach
*Coughs up lung* Told you IE9 is horrible.

PostPosted: Sat Feb 11, 2012 21:37
by dannydark
Ha yeah...unfortunately in my line of work we have to deal with smeg browsers all the time while building clients websites to make sure they render correctly in them, but I can tell you now IE9/IE10 are dreams to design for when compared to IE6-8 ¬_¬.

Can't wait until March when MS push silent updates to people still using IE6-7 so that they get updated to IE8 (on xp, on vista & 7 they get IE9)...then we can stop supporting them, only wish they would make IE9 work with XP and force the update on all platforms to at least IE9 because IE8 is worse than IE7 in a lot of areas >_<

PostPosted: Sun Feb 12, 2012 10:53
by Jordach
...Must....Install....FireFox......Can't.....Let....IE10......Rule.....The....World.

PostPosted: Sun Feb 12, 2012 13:38
by dannydark
Jordach wrote:...Must....Install....FireFox......Can't.....Let....IE10......Rule.....The....World.


Haha you know about 2 years ago I would have agreed with you but Firefox is now in my opinion also a smeg browser its memory footprint is massively over the top 1.4GB with just 4 tabs open? really? not only that when you try and print pages over a certain size it crashes FF and what the smeg is going on with the versioning? I swear by this time next year it will be FF v189, I went to Chrome but didn't like the lack of features so I ended up using Opera (the developer version).

But even then some of the newest Opera updates have made it as much of a memory hog as FF, So I've started working on my own browser based on FF so far its basically the same but without the massive memory use. But then again saying all that IE10 is actually quite decent...I refuse to use it just because It makes me feel dirty haha but yeah its the highest scoring browser for CSS3 & HTML5 support and runs like a beast using next to nothing ram.

But anyway I think we are probably going quite far off-topic talking about browsers so yeah erm, better forum protection from bots I agree, it would save the poor moderators & admin from having to kill off spam accounts every time they login just to see what everyone's doing.

PostPosted: Sun Feb 12, 2012 17:32
by sdzen
if the security question is made to stop spammers if assume that they have to sign up in concordance with there post we can put the security question in the sign up making it so they cant sign up tell me if this isnt a better idea than the measures we take now

PostPosted: Sun Feb 12, 2012 20:46
by wokste
A few other ways to stop spambots are:
* Public blacklists, I know there are a few on the web, I can search for these if you like
* Better capcha, (like re-Capcha)
* Mail comfirmation

PostPosted: Sun Feb 12, 2012 20:51
by Jordach
Why dont we have a signp in Adobe AIR and Flash, bots can't cue flash! ^_^

PostPosted: Sun Feb 12, 2012 21:17
by Roflo
I'd make the first post of every new user to be queued for moderation.