Page 2 of 4
Re: Are the security questions hard enough?
Posted: Fri Apr 24, 2015 4:29 pm
by PrincessPeach
brimstoneSalad wrote:
I do, but those kinds of tricky questions make it more difficult for legitimate users to register. Many users complain about having to search for the right answer to a non-obvious security question.
Yes, it could be written in the site banner, or something (since I don't think the spammers usually load the whole site), but if they did load the page, that would make it very easy for them all the same AND still harder for users, because they don't always notice that, or the users could have accessibility issues (blind) and be unable to read the answer there.
It's a balancing act of difficulty for the bot, vs. difficulty for prospective users. I'd rather have to clean up spam now and then than make it hard for a real person to join. I think TVA would probably agree on that point.
Now, making them trickier for spammers but still easy for prospective users: that's the golden ticket.
We could ask questions that require the users to be particularly smart. It would stop stupid people from joining though. Maybe that's a good thing? I'm not sure.
What I definitely still want to do is make posting links impossible for new users, but we've had trouble adding phpBB extensions.
I doubt TVA wants to migrate anywhere, but I'll ask him to look into some site security. It may be needed soon if we keep growing.
It doesn't cost anything to make the switch & if you do make the switch then you could take advantage of what we have to offer, like internet security and my department, that you hear my blab about, INBOUND MARKETING! When you make the switch you get my help for free.
I know PHP !
&& If you want to draw more traffic on to the site you
have to add in the facebook integration application!
https://developers.facebook.com/products/social-plugins
https://developers.facebook.com/product ... hare-send/
https://developers.facebook.com/docs/re ... /php/4.0.0
Re: Are the security questions hard enough?
Posted: Sun Apr 26, 2015 7:03 pm
by Red
If you ask me, the questions are kinda arbitrary.
Re: Are the security questions hard enough?
Posted: Sun Apr 26, 2015 7:26 pm
by brimstoneSalad
RedAppleGP wrote:If you ask me, the questions are kinda arbitrary.
How do you mean?
Re: Are the security questions hard enough?
Posted: Sun Apr 26, 2015 10:57 pm
by Red
brimstoneSalad wrote:RedAppleGP wrote:If you ask me, the questions are kinda arbitrary.
How do you mean?
Take the "A form of animal cruelty where trained animals are used for entertainment" question as an example. There isn't just one form of animal cruelty that falls under this category, and I can name a few (Bullfighting, cock fighting, etc.). and it apples to a few others as well. And I'm not applying it to all the questions, only the ones that are in a simaler manner. And when I tried some some secruity questions like these, it tells me I'm wrong, when the answer I put is entirely plausible (if that makes any sense). Even if I used the word "arbitrary" incorrectly, I think you know what I mean.
Re: Are the security questions hard enough?
Posted: Sun Apr 26, 2015 11:07 pm
by TheVeganAtheist
im not looking to migrate to a new host. Thanks for the offer. Could explain what SSL has to offer? How will it protect the forum? how will it stop spammers?
Re: Are the security questions hard enough?
Posted: Sun Apr 26, 2015 11:44 pm
by PrincessPeach
TheVeganAtheist wrote:im not looking to migrate to a new host. Thanks for the offer. Could explain what SSL has to offer? How will it protect the forum? how will it stop spammers?
Well first off I should say with the security questions you should send an email verification with a "captcha code" to verify new users are human... That would be safer and less confusing.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
It's an encryption & there are different 'levels' of the encryption..
It's like having a third party ninja always watching-out after you..
SSL isn't my expertise & it's hard to understand...
Re: Are the security questions hard enough?
Posted: Mon Apr 27, 2015 12:04 am
by TheVeganAtheist
PrincessPeach wrote:TheVeganAtheist wrote:im not looking to migrate to a new host. Thanks for the offer. Could explain what SSL has to offer? How will it protect the forum? how will it stop spammers?
Well first off I should say with the security questions you should send an email verification with a "captcha code" to verify new users are human... That would be safer and less confusing.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
It's an encryption & there are different 'levels' of the encryption..
It's like having a third party ninja always watching-out after you..
SSL isn't my expertise & it's hard to understand...
how will this help with spammers? how is this useful for a forum?
Re: Are the security questions hard enough?
Posted: Tue Apr 28, 2015 10:47 pm
by knot
TheVeganAtheist, enabling HTTPS will allow people to use the forum more safely.
As is, passwords and login names are just sent as plain text in the POST request, meaning anyone on the network can see them very easily. If you log into this forum on any kind of public network there's a high risk someone will get a hold of your login/password. The hacker could then log in and find that person's email, and things can potentially go south from there.
Most sites store their users' passwords as cryptographic hashes, not plain text. This way it's a lot harder for the hackers (but not impossible) to log in even if the users' passwords have been compromised.
Re: Are the security questions hard enough?
Posted: Tue Apr 28, 2015 10:58 pm
by brimstoneSalad
RedAppleGP
Please PM me the answers you tried that didn't work. I'll make sure to add them.
Many of the questions have more than 30 acceptable answers. Maybe you made a spelling mistake?
Re: Are the security questions hard enough?
Posted: Tue May 12, 2015 5:07 pm
by TheVeganAtheist
In case everyone didnt get the email, I have purchased the SSL for the forum and website.