PrincessPeach wrote:Shouldn't what just happened be your answer to as why?
Not really... it was one spammer. As far as I can tell, a human being (a gold farmer), not a bot, who solved it, and then made (or turned it over to a bot to make) a couple posts that were promptly deleted. I don't think it has been cracked by bots, or we'd have a flood of them.
Unless something is very transparent and easy to bot, most of this question solving is done by humans, not by brute force.
http://www.nytimes.com/2010/04/26/techn ... .html?_r=0
The answers aren't "vegan" or "atheist" (not so on the nose as that).
As the forum is getting bigger, we will have more human beings with eyes on these questions to let bots in the door to post, no matter how hard they are to brute force.
It's the difficulty to humans that I'm worried about.
PrincessPeach wrote:The security questions need to be completely random and unrelated to anything that has anything to do with this forum!
This issue isn't that simple. It's a matter of difficulty to spammers vs. difficulty for potential users.
By making the questions vegan and religion related, they become easier for potential users, without making them too easy to Google.
They become easier to brute-force, yes, but it's hard to brute force these anyway due to the attempt limits.
I think what has to be kept an eye out for is Google search replies being valid (which would make botting viable).
They could be questions about mathematics, but that would make them even easier for spammers from China who have no problem doing basic math... and unfortunately probably quite hard for dumb Americans.
Seriously, I've seen threads with people complaining about how hard it is to add 7 + 3 to register an account.
It is possible to write questions that are only easy for fluent English speakers, like linguistic riddles... but then that makes it difficult for our non-fluent vegan atheist friends from abroad (South America, Asia, the Middle East, and others) to join.
A question should be:
1. Hard to answer with a Google search
2. Not easy to guess, or based on basic math which any spammer could solve with a half a second of human attention
3. Easy for prospective members to answer.
And this is challenging.
I think the bottom line is that the questions may be too easy for one reason or another.
PrincessPeach wrote:That's why it was so easy to hack..
I don't think it was hacked. I think a human being with basic English skills saw it and answered it. Unless one of the questions turns up a result as a google search. That's something I need to check.
PrincessPeach wrote:If you get some basic encryption on this site it should better protect TVA from hackers & maybe just maybe if you could also get an encryption level high enough to protect us users too but; TVA is more important & it's cheaper to protect yourself on this site than everyone else.
At this point, as the forum grows, it might be a good idea. We will start to become subject to hackers as the link real estate here becomes more valuable. And also just malicious hacking, from theists or carnists who hate us.
