Security and Legal

PMs - Private or Not?

invalid@example.com (Zook) — Wed, 28 Aug 2019 17:45:36 +0000

This may or may not have been discussed in the past, but Id like to have some discussion regarding the reading of PMs as it relates to security purposes. I know any forum owner can easily access this data via the database or by utilizing any one of several hacks that are available from a variety of sources. From what information I have been able to gather, much like an employer/employee relationship, data delivered though a forum's server becomes the property of the forum owner and can...

PMs - Private or Not?

Let's talk about passwords!

invalid@example.com (Dan Hutter) — Sun, 22 Jan 2017 10:16:36 +0000

With the recent hacking and subsequent password leaks of major site likes Linked In and Yahoo secure passwords should be at the forefront of every webmaster's mind. From your cPanel and FTP account, to your database password, to your admin account everything needs it's own unique & secure password. A secure password is at least 12 characters and contains random UPPERCASE and lower case letters,...

Let's talk about passwords!

One of Australia's Largest Forums Being Sued

invalid@example.com (BamaStangGuy) — Tue, 02 Jun 2015 13:32:13 +0000

Interesting news going on in Australia - one of the forums I am a member on is being sued

One of Australia's Largest Forums Being Sued

Trojans and Keyloggers

invalid@example.com (Big al) — Thu, 22 Jan 2015 00:22:54 +0000

http://www.computerworld.com/s/arti...d_getting_infected_and_what_to_do_if_you_are_

There is a new nasty ransomware going around called "Cryptolocker"

Trojans and Keyloggers

Some IIS Rewrite and htaccess Additions to Block Bad Bots

invalid@example.com (AWS) — Sun, 16 Nov 2014 03:24:47 +0000

I found this somewhere online a few years ago and through the years I've updated it to catch new spam bots as I see them. It catches about 90% of the baddies.

Just add the following to your .htaccess file.

Code:

# IF THE USER AGENT STARTS WITH THESE
RewriteCond %{HTTP_USER_AGENT} ^(aesop_com_spiderman|alexibot|backweb|bandit|batchftp|bigfoot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(black.?hole|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye) [NC,OR]
RewriteCond...

Some IIS Rewrite and htaccess Additions to Block Bad Bots

Disable any "send to a friend" type pages

invalid@example.com (Lee G) — Thu, 06 Nov 2014 16:55:23 +0000

Long story short, Im presently trying to get my main domain I use for my email out the gmail black list after an email marketer found a hole in my forum

In my case it was in a photo gallery add on I use which had a page to let people share the image links
But, you can change all the text in the box's to what ever you want

I had been hit nine times, when I finally found out what and how they were doing it. Each time they had done lists of about 1000 email addresses at a guess. I would say...

Disable any "send to a friend" type pages

What ive come up with

invalid@example.com (DriveHosting) — Mon, 14 Jul 2014 05:33:02 +0000

So over the past few weeks before getting maxmind ive came across a load of lost cash due to paypal charge-backs and credit card frauding from buyers. Ive become smart lemme know what you think of this, basically what im doing now is after my maxmind verification im taking the initiative to personally verify every client who goes through my site with the following.

View attachment 27670 View attachment 27671

Forums attacked by spamers???

invalid@example.com (Sylvain) — Thu, 12 Jun 2014 18:57:17 +0000

My Xenforo forum has been attacked by massive spamming today.

All the threads were started by MartyAge, FredHolnes or DamienGangl

I googled few of the thread titles and many forums have been attacked...

Anyone heard about this?

Is there a stronger copyleft license than the GPL?

invalid@example.com (CM30) — Mon, 26 May 2014 15:37:12 +0000

One which basically says the following:

1. This work is free (to use and distribute), will always be free and can never be used as part of a proprietary system.

2. Everything extended from it is free (like the GPL)

3. It cannot be used with commercial software

4. This software cannot be linked to or interface with commercial or proprietary software.

So basically, if you made a script like WordPress or phpBB, any software made to extend it (or made to run alongside it) would have to be...

Is there a stronger copyleft license than the GPL?

New Breed of Spammers

invalid@example.com (AWS) — Tue, 06 May 2014 21:32:36 +0000

I've noticed that spammers are adapting to the measures we take to stop them. One thing they do is use a clean IP, one that isn't in any spam database, and use it to register. Once they get past the registration they change IP to confirm registration and more times thnn not that IP will be listed hundreds of time in SFS or other spam databases.

While this makes it easier for them and harder for us not many of these spammers actually post so if we don't check each registration we would never...

New Breed of Spammers

Please don't do this with your forum captcha...

invalid@example.com (CM30) — Fri, 18 Apr 2014 02:27:23 +0000

View attachment 27591

Yeah. Try not to edit the background of the input field, because otherwise it's very, very difficult to read. It's a good site (that unfortunately does this), but due to their design, the captcha text has pretty much no contrast and is almost impossible to read (especially from a distance or with poor eyesight).

Is this colour change something to avoid in captchas?

New SSL Heartbleed Bug A Serious Threat To Server Security!

invalid@example.com (s.molinari) — Fri, 11 Apr 2014 07:15:45 +0000

Hi,

Have a look at this.

http://heartbleed.com/

Looks like everyone needs to patch or update their OpenSSL software, if you are on versions 1.0.1 to 1.0.1f and then make sure to hard restart your server(s).

Debian: Sec Advisory
Ubuntu: Sec Advisory
CentOS: Sec Advisory
Red Hat:...

New SSL Heartbleed Bug A Serious Threat To Server Security!

650 visitor Bots

invalid@example.com (Rasty) — Sat, 01 Mar 2014 20:51:05 +0000

Is 650 visitor bots preventable? What can or should be done as it's slowing the site down.

Massive DDOS Attack Today

invalid@example.com (BamaStangGuy) — Wed, 26 Feb 2014 01:02:36 +0000

Namecheap experienced a massive DDOS attack today against their DNS system which brought down my sites and many many thousands others. More info here: https://news.ycombinator.com/item?id=7271834

Attack visual during:

View attachment 27517

Massive DDOS Attack Today

List of Temporary Emails You Should Ban

invalid@example.com (fattony69) — Thu, 20 Feb 2014 18:35:29 +0000

I recently had a small issue where I had to deal with a human troll. Now, he decided to take the route of temporary emails to harass my forum. I thought I'd help everyone out to list them all (that I've found with the help of others) so you can ban them all on your forum.

Code:

*@7tags.com
*@*.mailexpire.com
*@0clickemail.com
*@99experts.com
*@ak.mintemail.com
*@anonymbox.com
*@beefmilk.com
*@bloatbox.com
*@bofthew.com
*@broadbandninja.com
*@bspamfree.org
*@cellurl.com
*@consumerriot.com...

List of Temporary Emails You Should Ban

Model Claims Internet Brands Hushed Up Rapes

invalid@example.com (Alfa1) — Mon, 10 Feb 2014 10:50:43 +0000

Does anyone know what became of this courtcase?

Monday, April 30, 2012
View attachment 27428
LOS ANGELES (CN) - A model claims in Federal Court that she was drugged and raped by two men who filmed the crime and sold it as pornography, and that defendant Internet Brands Inc. dba ModelMayhem.com did nothing to stop it.
Jane Doe No. 14 claims that Internet Brands Inc. owns and operates more than 100 websites, including ModelMayhem.com, where she had an account to market herself as a...

Model Claims Internet Brands Hushed Up Rapes

Man jailed over blog... In America

invalid@example.com (Alfa1) — Thu, 16 Jan 2014 00:41:19 +0000

Blogger’s Incarceration Raises First Amendment Questions

http://mobile.nytimes.com/2014/01/1...ises-first-amendment-questions.html?referrer=

Man jailed over blog... In America

Which Anti-Spam Hacks do you use to protect your forum from spam?

invalid@example.com (Kaiser) — Tue, 17 Dec 2013 22:59:32 +0000

Each forum software has mods and plugins for Anti-Spam measures, what do you use to prevent spam on your forum?

For XenForo I use the "XenUtilities" add-on which integrates StopForumSpam.com, BotScout.com (Key Needed), and FSpamlist.com (Key Needed).

It does a great job at preventing spam, and those 3 sites are some of the biggest. If you use XenForo, I recommend XenUtilities, its great and its an awesome way to fight spam.

Ban Quick Email Providers From Your Forum. (Prevent Spam)

invalid@example.com (Kaiser) — Wed, 04 Dec 2013 16:16:12 +0000

Spammers love to use email providers that are 100% registration free, and don't require any personal information to use. It gives them a very quick and easy way to register on your forum, and if you have email activation turned on, they can quickly activate their accounts using the quick email providers.

What they do is, they go to the website and choose a quick name they want to use for their email and enter it, and then they can get the emails from the forums on which they register on,...

Ban Quick Email Providers From Your Forum. (Prevent Spam)

DDOS Attacks

invalid@example.com (JoshSmith100) — Tue, 03 Dec 2013 02:09:07 +0000

Have any of you guys ever been targeted by a DDOS attack?Alot of sites that ive been on, have got attacked recently and I was wondering what techniques you guys have used to avoid the affects of a DDOS attack. Please let me know, id appreciate it.