Security Questions

Post Reply
User avatar
wokste
Member
Posts: 78
Joined: Sat Feb 11, 2012 09:06

Security Questions

by wokste » Post

I just registered on the forums, and I must say that the security question of the forums are hard. (especially the version, I had to go to: http://c55.me/blog/?paged=4 to find it out)

Ideas:
* If you put sand in the furnace, what do you get?
* How much cobblestone do you need to make a furnace?

EDIT: The security question also removed a lot of information of this post
Last edited by wokste on Sat Feb 11, 2012 09:41, edited 1 time in total.
We must be careful not to clone Notches mistakes.

kahrl
Member
Posts: 236
Joined: Fri Sep 02, 2011 07:51
Location: Rös̓̇chenhof

by kahrl » Post

Whenever I get truncated posts (see the other thread), I can click the back button in my browser -- I use firefox, but that shouldn't matter -- and the original text is still there, so I can copy it somewhere safe and then edit my post.

User avatar
Calinou
Moderator
Posts: 3164
Joined: Mon Aug 01, 2011 14:26
GitHub: Calinou
IRC: Calinou
In-game: Calinou
Location: Troyes, France
Contact:

by Calinou » Post

Security question needs to be hard enough - we have like at least 4-6 spambots registering and posting every day.

User avatar
dannydark
Member
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Post

It might also be useful to use a honey pot technique where you add a couple of hidden input fields on the reply code that a normal user would never see or never fill in and then check server side if these fields have any data in them, if so block as it is a spam bot.

Bots will normally fill in all fields in a form although you will still get the odd one that will get through this technique usually stops a lot of them, also the hidden fields should be labelled like a generic field like email, comment, message, name etc in my experience in web development email and name fields seem to be the best at trapping bots as they are usually programmed to always fill in such fields.

EDIT: Forgot to mention this should also be done on all forms especially the registration form, in theory if registration is required to post on the forum then adding some honey pot fields on that form should mean that the ones on the reply forms should never have to be checked although its always nice to have a double trap.
Last edited by dannydark on Sat Feb 11, 2012 15:38, edited 1 time in total.

User avatar
Calinou
Moderator
Posts: 3164
Joined: Mon Aug 01, 2011 14:26
GitHub: Calinou
IRC: Calinou
In-game: Calinou
Location: Troyes, France
Contact:

by Calinou » Post

If not done already, email+admin/mod confirmation should be added.

Jordach
Member
Posts: 4523
Joined: Mon Oct 03, 2011 17:58
GitHub: Jordach
IRC: Jordach
In-game: Jordach
Location: Blender Scene

by Jordach » Post

kahrl wrote:Whenever I get truncated posts (see the other thread), I can click the back button in my browser -- I use firefox, but that shouldn't matter -- and the original text is still there, so I can copy it somewhere safe and then edit my post.
Also, you forget chrome does too.
viewtopic.php?f=10&t=19056 Solar Plains Dev Server

User avatar
dannydark
Member
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Post

Jordach wrote:
kahrl wrote:Whenever I get truncated posts (see the other thread), I can click the back button in my browser -- I use firefox, but that shouldn't matter -- and the original text is still there, so I can copy it somewhere safe and then edit my post.
Also, you forget chrome does too.
All modern browsers do lol ^_^ (including IE9 ¬_¬)

Jordach
Member
Posts: 4523
Joined: Mon Oct 03, 2011 17:58
GitHub: Jordach
IRC: Jordach
In-game: Jordach
Location: Blender Scene

by Jordach » Post

*Coughs up lung* Told you IE9 is horrible.
viewtopic.php?f=10&t=19056 Solar Plains Dev Server

User avatar
dannydark
Member
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Post

Ha yeah...unfortunately in my line of work we have to deal with smeg browsers all the time while building clients websites to make sure they render correctly in them, but I can tell you now IE9/IE10 are dreams to design for when compared to IE6-8 ¬_¬.

Can't wait until March when MS push silent updates to people still using IE6-7 so that they get updated to IE8 (on xp, on vista & 7 they get IE9)...then we can stop supporting them, only wish they would make IE9 work with XP and force the update on all platforms to at least IE9 because IE8 is worse than IE7 in a lot of areas >_<

Jordach
Member
Posts: 4523
Joined: Mon Oct 03, 2011 17:58
GitHub: Jordach
IRC: Jordach
In-game: Jordach
Location: Blender Scene

by Jordach » Post

...Must....Install....FireFox......Can't.....Let....IE10......Rule.....The....World.
viewtopic.php?f=10&t=19056 Solar Plains Dev Server

User avatar
dannydark
Member
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Post

Jordach wrote:...Must....Install....FireFox......Can't.....Let....IE10......Rule.....The....World.
Haha you know about 2 years ago I would have agreed with you but Firefox is now in my opinion also a smeg browser its memory footprint is massively over the top 1.4GB with just 4 tabs open? really? not only that when you try and print pages over a certain size it crashes FF and what the smeg is going on with the versioning? I swear by this time next year it will be FF v189, I went to Chrome but didn't like the lack of features so I ended up using Opera (the developer version).

But even then some of the newest Opera updates have made it as much of a memory hog as FF, So I've started working on my own browser based on FF so far its basically the same but without the massive memory use. But then again saying all that IE10 is actually quite decent...I refuse to use it just because It makes me feel dirty haha but yeah its the highest scoring browser for CSS3 & HTML5 support and runs like a beast using next to nothing ram.

But anyway I think we are probably going quite far off-topic talking about browsers so yeah erm, better forum protection from bots I agree, it would save the poor moderators & admin from having to kill off spam accounts every time they login just to see what everyone's doing.

User avatar
sdzen
Member
Posts: 1170
Joined: Fri Aug 05, 2011 22:33
Location: Paradise (your not allowed)

by sdzen » Post

if the security question is made to stop spammers if assume that they have to sign up in concordance with there post we can put the security question in the sign up making it so they cant sign up tell me if this isnt a better idea than the measures we take now

Zen S.D.

The next generation of tranquility!
malheureusement mon français n'est pas bon :<
Owner of the Zelo's
In game name: MuadTralk, spdtainted, sdzen, sd zen, sdzeno

User avatar
wokste
Member
Posts: 78
Joined: Sat Feb 11, 2012 09:06

by wokste » Post

A few other ways to stop spambots are:
* Public blacklists, I know there are a few on the web, I can search for these if you like
* Better capcha, (like re-Capcha)
* Mail comfirmation
We must be careful not to clone Notches mistakes.

Jordach
Member
Posts: 4523
Joined: Mon Oct 03, 2011 17:58
GitHub: Jordach
IRC: Jordach
In-game: Jordach
Location: Blender Scene

by Jordach » Post

Why dont we have a signp in Adobe AIR and Flash, bots can't cue flash! ^_^
viewtopic.php?f=10&t=19056 Solar Plains Dev Server

User avatar
Roflo
Member
Posts: 51
Joined: Sun Nov 06, 2011 16:31

by Roflo » Post

I'd make the first post of every new user to be queued for moderation.
Unless otherwise specified: I use linux and run (and compile) the latest dev.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest