Security Questions

wokste
Member
 
Posts: 78
Joined: Sat Feb 11, 2012 09:06

Security Questions

by wokste » Sat Feb 11, 2012 09:38

I just registered on the forums, and I must say that the security question of the forums are hard. (especially the version, I had to go to: http://c55.me/blog/?paged=4 to find it out)

Ideas:
* If you put sand in the furnace, what do you get?
* How much cobblestone do you need to make a furnace?

EDIT: The security question also removed a lot of information of this post
Last edited by wokste on Sat Feb 11, 2012 09:41, edited 1 time in total.
We must be careful not to clone Notches mistakes.
 

kahrl
Member
 
Posts: 236
Joined: Fri Sep 02, 2011 07:51
Location: Rös̓̇chenhof

by kahrl » Sat Feb 11, 2012 11:22

Whenever I get truncated posts (see the other thread), I can click the back button in my browser -- I use firefox, but that shouldn't matter -- and the original text is still there, so I can copy it somewhere safe and then edit my post.
 

User avatar
Calinou
Moderator
 
Posts: 3157
Joined: Mon Aug 01, 2011 14:26
Location: Troyes, France
GitHub: Calinou
IRC: Calinou
In-game: Calinou

by Calinou » Sat Feb 11, 2012 12:37

Security question needs to be hard enough - we have like at least 4-6 spambots registering and posting every day.
 

User avatar
dannydark
Member
 
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Sat Feb 11, 2012 15:35

It might also be useful to use a honey pot technique where you add a couple of hidden input fields on the reply code that a normal user would never see or never fill in and then check server side if these fields have any data in them, if so block as it is a spam bot.

Bots will normally fill in all fields in a form although you will still get the odd one that will get through this technique usually stops a lot of them, also the hidden fields should be labelled like a generic field like email, comment, message, name etc in my experience in web development email and name fields seem to be the best at trapping bots as they are usually programmed to always fill in such fields.

EDIT: Forgot to mention this should also be done on all forms especially the registration form, in theory if registration is required to post on the forum then adding some honey pot fields on that form should mean that the ones on the reply forms should never have to be checked although its always nice to have a double trap.
Last edited by dannydark on Sat Feb 11, 2012 15:38, edited 1 time in total.
 

User avatar
Calinou
Moderator
 
Posts: 3157
Joined: Mon Aug 01, 2011 14:26
Location: Troyes, France
GitHub: Calinou
IRC: Calinou
In-game: Calinou

by Calinou » Sat Feb 11, 2012 15:47

If not done already, email+admin/mod confirmation should be added.
 

User avatar
Jordach
Member
 
Posts: 4523
Joined: Mon Oct 03, 2011 17:58
Location: Blender Scene
GitHub: Jordach
IRC: Jordach
In-game: Jordach

by Jordach » Sat Feb 11, 2012 16:09

kahrl wrote:Whenever I get truncated posts (see the other thread), I can click the back button in my browser -- I use firefox, but that shouldn't matter -- and the original text is still there, so I can copy it somewhere safe and then edit my post.


Also, you forget chrome does too.
viewtopic.php?f=10&t=19056 Solar Plains Dev Server
 

User avatar
dannydark
Member
 
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Sat Feb 11, 2012 16:11

Jordach wrote:
kahrl wrote:Whenever I get truncated posts (see the other thread), I can click the back button in my browser -- I use firefox, but that shouldn't matter -- and the original text is still there, so I can copy it somewhere safe and then edit my post.


Also, you forget chrome does too.


All modern browsers do lol ^_^ (including IE9 ¬_¬)
 

User avatar
Jordach
Member
 
Posts: 4523
Joined: Mon Oct 03, 2011 17:58
Location: Blender Scene
GitHub: Jordach
IRC: Jordach
In-game: Jordach

by Jordach » Sat Feb 11, 2012 21:06

*Coughs up lung* Told you IE9 is horrible.
viewtopic.php?f=10&t=19056 Solar Plains Dev Server
 

User avatar
dannydark
Member
 
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Sat Feb 11, 2012 21:37

Ha yeah...unfortunately in my line of work we have to deal with smeg browsers all the time while building clients websites to make sure they render correctly in them, but I can tell you now IE9/IE10 are dreams to design for when compared to IE6-8 ¬_¬.

Can't wait until March when MS push silent updates to people still using IE6-7 so that they get updated to IE8 (on xp, on vista & 7 they get IE9)...then we can stop supporting them, only wish they would make IE9 work with XP and force the update on all platforms to at least IE9 because IE8 is worse than IE7 in a lot of areas >_<
 

User avatar
Jordach
Member
 
Posts: 4523
Joined: Mon Oct 03, 2011 17:58
Location: Blender Scene
GitHub: Jordach
IRC: Jordach
In-game: Jordach

by Jordach » Sun Feb 12, 2012 10:53

...Must....Install....FireFox......Can't.....Let....IE10......Rule.....The....World.
viewtopic.php?f=10&t=19056 Solar Plains Dev Server
 

User avatar
dannydark
Member
 
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Sun Feb 12, 2012 13:38

Jordach wrote:...Must....Install....FireFox......Can't.....Let....IE10......Rule.....The....World.


Haha you know about 2 years ago I would have agreed with you but Firefox is now in my opinion also a smeg browser its memory footprint is massively over the top 1.4GB with just 4 tabs open? really? not only that when you try and print pages over a certain size it crashes FF and what the smeg is going on with the versioning? I swear by this time next year it will be FF v189, I went to Chrome but didn't like the lack of features so I ended up using Opera (the developer version).

But even then some of the newest Opera updates have made it as much of a memory hog as FF, So I've started working on my own browser based on FF so far its basically the same but without the massive memory use. But then again saying all that IE10 is actually quite decent...I refuse to use it just because It makes me feel dirty haha but yeah its the highest scoring browser for CSS3 & HTML5 support and runs like a beast using next to nothing ram.

But anyway I think we are probably going quite far off-topic talking about browsers so yeah erm, better forum protection from bots I agree, it would save the poor moderators & admin from having to kill off spam accounts every time they login just to see what everyone's doing.
 

User avatar
sdzen
Member
 
Posts: 1170
Joined: Fri Aug 05, 2011 22:33
Location: Paradise (your not allowed)

by sdzen » Sun Feb 12, 2012 17:32

if the security question is made to stop spammers if assume that they have to sign up in concordance with there post we can put the security question in the sign up making it so they cant sign up tell me if this isnt a better idea than the measures we take now
[h]Zen S.D.[/h] The next generation of tranquility!
malheureusement mon français n'est pas bon :<
Owner of the Zelo's
In game name: MuadTralk, spdtainted, sdzen, sd zen, sdzeno
 

wokste
Member
 
Posts: 78
Joined: Sat Feb 11, 2012 09:06

by wokste » Sun Feb 12, 2012 20:46

A few other ways to stop spambots are:
* Public blacklists, I know there are a few on the web, I can search for these if you like
* Better capcha, (like re-Capcha)
* Mail comfirmation
We must be careful not to clone Notches mistakes.
 

User avatar
Jordach
Member
 
Posts: 4523
Joined: Mon Oct 03, 2011 17:58
Location: Blender Scene
GitHub: Jordach
IRC: Jordach
In-game: Jordach

by Jordach » Sun Feb 12, 2012 20:51

Why dont we have a signp in Adobe AIR and Flash, bots can't cue flash! ^_^
viewtopic.php?f=10&t=19056 Solar Plains Dev Server
 

Roflo
Member
 
Posts: 51
Joined: Sun Nov 06, 2011 16:31

by Roflo » Sun Feb 12, 2012 21:17

I'd make the first post of every new user to be queued for moderation.
Unless otherwise specified: I use linux and run (and compile) the latest dev.
 


Return to Problems



Who is online

Users browsing this forum: No registered users and 0 guests