Author Topic: Forum Security  (Read 1574 times)

keithsnell

  • Administrator
  • Hero Member
  • *****
  • Posts: 1407
Forum Security
« on: November 15, 2008, 11:08:46 PM »
I'm not sure how many of you have insight into what has been happening on the internet in the last couple of days, but I thought it might be a good idea to share some information with you and ask for your help.

There has been a tremendous surge of spamming and hacking activity across the internet since approximately 11 November.  It appears that somebody released new code that allowed spambots and automated hacking code to read the "visual verification" that was used to prevent bots from registering for accounts.  This enabled spammers and hackers to let loose a firestorm of automated bots that have proceeded to wreck havoc on many forums across the internet.   (And you have probably received more spam lately, or at least noticed that your email service is a bit "bogged down" at times.)  Many forums across the internet have been inundated with spam, clogged with porn, and some have been "hacked" so badly they had to be rebuilt from scratch. 

This forum was lucky.  I happened to be online when the first spammer posted an advertisement for Cialis (with a link to a site that would have probably loaded a trojan on your computer and stolen your identity.)   I immediately deleted the post, only to have it reappear.  I blocked the IP from accessing the site, deactivated several other suspicious new accounts that had been established and blocked those IPs.  I also made the registration process more robust by requiring admin approval on all new accounts.  Since that time, the site has been under fairly constant attack, but no other spammers/hackers have been able to post. 

Why am I telling you this?  First, to ask for your help in keeping this a pleasant community.  If you see any bad behavior, especially by new members, please let me know as soon as possible.  Rebecca and I travel a lot, and we might not be in a position to monitor the site at that time.  You can send us an email (we try to check as often as possible) or give us a call.  (You can find our phone number at the Contact Us link on the home page.) 

Second, I'd really like to find someone that would be willing to become a moderator on the site and could fill in for us while we are away.  As moderator, you would be responsible for approving new accounts (assuming that I keep the requirement for admin approval turned on) and would have the ability to delete offending posts and ban users/IPs.  (You could also contribute positively to the community by posting new articles, critiquing images, responding to other member's posts, answering questions, etc.)  If any of you are interested in becoming a moderator, please let me know.

Third, I'm hoping that potential new members will empathize with some of the security measures I have had to put in place to thwart spammers and hackers from gaining access to this site.  Registration will require a "real" email address, confirmation that I can contact you at that address, and information from you that will allow me to determine that you are a photographer and not a hacker.  I deleted a seemingly innocuous account on the site that used a fake email address, and that account turned out to be a spammer/hacker that has continued to attempt to regain access.   

I appreciate that all of our current members have helped to make this a pleasant little community, and I hope to keep it that way for many years to come.

Keith
« Last Edit: November 15, 2008, 11:13:27 PM by keithsnell »