FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » security and users, hacker script, forum user list
Show: Today's Messages :: Unread Messages :: Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
security and users, hacker script, forum user list [message #167630] Sat, 11 August 2012 07:03 Go to next message
Atomicrun is currently offline  Atomicrun   Sweden
Messages: 54
Registered: November 2010
Location: Lund
Karma: 0
Member
add to buddy list
ignore all messages by this user
I have some set of bots, who constantly is working the user list, and also try to register new users on the list. I have set admin-approval for new users.

A) If the bot fail to pass the e-mail approval, or if the e-mail is bad, so no approval is reached, I don't like to have these bogus accounts listed on Accounts Pending Approval (3). they should list only after the account has passed the e-mail verification.

B) I don't like the /adm directory. There will be special bots that will try to access files in such directory constantly. I would like to rename this drectory "greenie_458263", include a new fresh /adm directory, that is empty, and load a php script "admadministratorlogin.php", that simply put the IP on the block-list for a few days.
On my server the Apache restrict IP access to internal local network, and there is also an Apache password on this directory.
So I don't really have a problem, and I don't even think that there could be any security issue, but if some intermediate version, a short while, once have a problem, it can not be exploited unless the hacker can figure our the name of the adm directory on the target server.
Re: security and users, hacker script, forum user list [message #167633 is a reply to message #167630] Sat, 11 August 2012 07:49 Go to previous messageGo to next message
Atomicrun is currently offline  Atomicrun   Sweden
Messages: 54
Registered: November 2010
Location: Lund
Karma: 0
Member
add to buddy list
ignore all messages by this user
Another thing about the users-list, list of forum members:

I would prefer, that a "Logged in" user is defined as a user that:
1) performed registration
2) OK on the e-mail verification
3) Passed the admin approval of the account. (if any)

If the user is not "Logged-in", according to above, he should count as "anonymous" when the forum decide on forums.

I would also like the list of forum members, to be inaccessible as long as the user is not "Logged-in".
It is not so that I have any problem with this, but my Apache log gets filled up with many user-list searches, log in attempts and similar.





Re: security and users, hacker script, forum user list [message #167638 is a reply to message #167633] Thu, 16 August 2012 04:50 Go to previous messageGo to next message
Atomicrun is currently offline  Atomicrun   Sweden
Messages: 54
Registered: November 2010
Location: Lund
Karma: 0
Member
add to buddy list
ignore all messages by this user
The disable of the forum-member list is in the binary options. Now, is there options that is not implemented in the "Global options" selection, or why have I not found it ?
Message by NeXuS is ignored  [reveal message]  [reveal all messages by NeXuS]  [stop ignoring this user] Go to previous messageGo to next message
Message by NeXuS is ignored  [reveal message]  [reveal all messages by NeXuS]  [stop ignoring this user] Go to previous messageGo to next message
2 small suggestsions [message #167724 is a reply to message #167630] Fri, 07 September 2012 12:15 Go to previous messageGo to next message
bbnewbie is currently offline  bbnewbie   United States
Messages: 27
Registered: December 2011
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
1. A highlight poster feature that would put a yellow highlight around the name. In long posts it allows you to quickly locate your favorite posters.

2. A login in as you post feature. It would let you login on the post page.

Great forum.
Re: security and users, hacker script, forum user list [message #167837 is a reply to message #167633] Fri, 19 October 2012 01:39 Go to previous message
Geraldinehenry is currently offline  Geraldinehenry   United States
Messages: 2
Registered: October 2012
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Atomicrun wrote on Sat, 11 August 2012 07:49
Another thing about the users-list, list of forum members:

I would prefer, that a "Logged in" user is defined as a user that:
1) performed registration
2) OK on the e-mail verification
3) Passed the admin approval of the account. (if any)

If the user is not "Logged-in", according to above, he should count as "anonymous" when the forum decide on forums.

I would also like the list of forum members, to be inaccessible as long as the user is not "Logged-in".
It is not so that I have any problem with this, but my Apache log gets filled up with many user-list searches, log in attempts and similar.

Surprised




Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Suggestions #224231423424
Next Topic: NNTP Integration - Cancel deleted Messages
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Jul 10 04:51:59 EDT 2020

Total time taken to generate the page: 0.00663 seconds